summary refs log tree commit diff
path: root/profiles/security.nix
diff options
context:
space:
mode:
authortzlil <tzlils@protonmail.com>2023-05-21 19:20:18 +0300
committertzlil <tzlils@protonmail.com>2023-05-21 19:20:18 +0300
commitbe9cadd49f079f3e4a6cdd8bdee463436a21723b (patch)
tree8f9e8912bcd37253e4da9b573d8a9e03ef8bac22 /profiles/security.nix
parent2e361cef77f8696870d0b204b1ce95868133c29a (diff)
fix nixinate, add mullvad firejail
Diffstat (limited to 'profiles/security.nix')
-rw-r--r--profiles/security.nix4


1 files changed, 3 insertions, 1 deletions
diff --git a/profiles/security.nix b/profiles/security.nix
index 9ae5cef..63c5fe4 100644
--- a/profiles/security.nix
+++ b/profiles/security.nix
@@ -7,16 +7,18 @@
 }: {
   imports = [];
   config = {
+    programs.firejail.enable = true;
     security.auditd.enable = true;
     security.audit.enable = true;
     security.audit.rules = [
       "-a exit,always -F arch=b64 -S execve"
     ];
 
+    # https://source.android.com/docs/security/test/scudo
     environment.memoryAllocator.provider = "scudo";
     environment.variables.SCUDO_OPTIONS = "ZeroContents=1";
 
-    # security.lockKernelModules = true;
+    security.lockKernelModules = true;
     security.protectKernelImage = true;
     security.allowSimultaneousMultithreading = false;
     security.forcePageTableIsolation = true;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 21:54:45 +0000