amadaluzia/alqueva
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Boot parameters for hardening

Browse source
This commit is contained in:
xmm16 2024-12-12 19:19:16 -03:00
commit 8ac41e20cf
No known key found for this signature in database
1 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

21
hosts/micronix/system.nix
View file

@ -7,11 +7,30 @@
./config/sysctl.d/hardening.nix ./config/sysctl.d/hardening.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_cachyos; boot.loader = {
generationsDir.copyKernels = true;
};
boot.kernelPackages = pkgs.linuxPackages_cachyos-lto;
boot.kernelParams = [ boot.kernelParams = [
"default_hugepagesz=1G" "default_hugepagesz=1G"
"hugepagesz=1G" "hugepagesz=1G"
"slab_nomerge"
"init_on_alloc=1"
"randomize_kstack_offset=on"
"init_on_free=1"
"page_alloc.shuffle=1"
"pti=on"
"vsyscall=none"
"debugfs=off"
"oops=panic"
"module.sig_enforce=1"
"lockdown=confidentiality"
"mce=0"
"quiet"
"splash"
"loglevel=0"
]; ];
services.scx = { services.scx = {