lynatic/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix hardened kernel config, enable for runner

Browse source
This commit is contained in:
Lyn 2024-09-17 03:06:09 +02:00
parent 51b7e7887d
commit 3b465c7eb1
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/forgejo-ci/default.nix
View file

@ -6,6 +6,7 @@
]; ];
lyn.sops.secrets."hosts/forgejo-ci/forgejo_ci_token" = {}; lyn.sops.secrets."hosts/forgejo-ci/forgejo_ci_token" = {};
lyn.kernel.latest.enable = true; lyn.kernel.latest.enable = true;
lyn.kernel.hardened.enable = true;
lyn.profiles.base.enable = true; lyn.profiles.base.enable = true;
lyn.profiles.vm.enable = true; lyn.profiles.vm.enable = true;
lyn.services.forgejo-ci.enable = true; lyn.services.forgejo-ci.enable = true;

7
modules/kernel/hardened.nix
View file

@ -1,6 +1,7 @@
{lib, pkgs, config, ...}: let {lib, pkgs, config, cfg, ...}: let
ifApparmor = config.lyn.kernel.hardened.apparmor.enable; ifApparmor = cfg.apparmor.enable;
in{ in {
opt.apparmor.enable = lib.mkEnableOption "apparmor";
boot.kernelPackages = let boot.kernelPackages = let
kernel = pkgs.linux-libre; kernel = pkgs.linux-libre;
llvm = pkgs.llvmPackages_latest; llvm = pkgs.llvmPackages_latest;