[Hardening] use hardened kernel by default, but do not force it

2026-04-05 17:27:50 +00:00 · 2024-03-08 23:27:09 +01:00 · 2024-03-08 23:27:09 +01:00 · 3080d90d2c
commit 3080d90d2c
parent 07893642d7
1 changed files with 1 additions and 1 deletions
--- a/security/hardening.nix
+++ b/security/hardening.nix
@ -35,7 +35,7 @@ in
  ];

  config = mkIf cfg.enable {
-    aviallon.boot.kernel.package = mkIf cfg.hardcore pkgs.linuxKernel.kernels.linux_hardened;
+    aviallon.boot.kernel.package = mkIf cfg.hardcore (mkDefault pkgs.linuxKernel.kernels.linux_hardened);
    security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true);
    # security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec