diff options
author | tzlil <tzlils@protonmail.com> | 2023-05-21 19:20:18 +0300 |
---|---|---|
committer | tzlil <tzlils@protonmail.com> | 2023-05-21 19:20:18 +0300 |
commit | be9cadd49f079f3e4a6cdd8bdee463436a21723b (patch) | |
tree | 8f9e8912bcd37253e4da9b573d8a9e03ef8bac22 /profiles | |
parent | 2e361cef77f8696870d0b204b1ce95868133c29a (diff) |
fix nixinate, add mullvad firejail
Diffstat (limited to 'profiles')
-rw-r--r-- | profiles/network.nix | 4 | ||||
-rw-r--r-- | profiles/security.nix | 4 |
2 files changed, 5 insertions, 3 deletions
diff --git a/profiles/network.nix b/profiles/network.nix index c959824..461106f 100644 --- a/profiles/network.nix +++ b/profiles/network.nix @@ -17,7 +17,7 @@ networkmanager.enable = true; useDHCP = false; nameservers = ["127.0.0.1" "::1"]; - # networkmanager.dns = "none"; + networkmanager.dns = "none"; extraHosts = '' 100.99.246.128 pc 100.105.242.70 phone @@ -49,7 +49,7 @@ }; # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md - server_names = []; # tailscale magicdns + # server_names = [ ... ]; }; }; diff --git a/profiles/security.nix b/profiles/security.nix index 9ae5cef..63c5fe4 100644 --- a/profiles/security.nix +++ b/profiles/security.nix @@ -7,16 +7,18 @@ }: { imports = []; config = { + programs.firejail.enable = true; security.auditd.enable = true; security.audit.enable = true; security.audit.rules = [ "-a exit,always -F arch=b64 -S execve" ]; + # https://source.android.com/docs/security/test/scudo environment.memoryAllocator.provider = "scudo"; environment.variables.SCUDO_OPTIONS = "ZeroContents=1"; - # security.lockKernelModules = true; + security.lockKernelModules = true; security.protectKernelImage = true; security.allowSimultaneousMultithreading = false; security.forcePageTableIsolation = true; |