aviallon/nixos-lib

mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-05 17:27:50 +00:00

Author	SHA1	Message	Date
Antoine VIALLON	bf219a30c2	fix(lint): nixfmt the whole tree	2026-03-22 21:56:13 +01:00
Antoine Viallon	2bc54d0c0e	[Security/Hardening] fix mkQuasiForce	2024-04-04 15:33:06 +02:00
Antoine Viallon	4881f5f486	[Security/Encryption] enable jitterentropy_rng kernel module Does the same thing as haveged did in the past, but in the kernel. I simply wonder why no one mentionned it is not enabled by default...	2024-03-12 23:38:36 +01:00
Antoine Viallon	98e06464eb	[Hardening] ignore execve where auid is unset (services, typically)	2024-03-11 00:18:34 +01:00
Antoine Viallon	0729404d27	[Hardening] add many more sane audit rules	2024-03-08 23:28:04 +01:00
Antoine Viallon	06398f02a6	[Hardening] prohibit root ssh login entirely in hardcore mode	2024-03-08 23:27:30 +01:00
Antoine Viallon	3080d90d2c	[Hardening] use hardened kernel by default, but do not force it	2024-03-08 23:27:09 +01:00
Antoine Viallon	07893642d7	[Hardening] use systemd-journald for audit logs	2024-03-08 23:26:32 +01:00
Antoine Viallon	87ab357291	[Hardening] remove broken and obsolete dbus hardening	2024-03-08 23:15:46 +01:00
Antoine Viallon	f3ccaff561	[Hardening] refactor overrides and make them more coherent Especially, the priority was very wrong	2024-03-08 23:15:05 +01:00
Antoine Viallon	390e3fb0ba	[Security/Encryption] almos-force systemd stage-1 init if encryption is enabled Also copy /etc/crypttab from initrd to regular /etc	2023-11-07 21:30:04 +01:00
Antoine Viallon	ec9cfceda6	[Boot+Treewide] rename aviallon.boot.kernel to aviallon.boot.kernel.package Rename aviallon.boot.extraKCflags to aviallon.boot.kernel.addOptimizationAttributes Also add an option to add non-optimization attributes to kernel derivation.	2023-11-07 21:27:57 +01:00
Antoine Viallon	bab47dd25b	[Security/TPM] add tpm_tis + tpm_crb to initrd	2023-08-10 16:41:18 +02:00
Antoine Viallon	427c2dd8ef	[Security/Encryption] add cryptd to initrd	2023-08-10 16:41:02 +02:00
Antoine Viallon	883e4585b2	[Security/TPM] init TPM config	2023-08-10 16:22:28 +02:00
Antoine Viallon	ecca71149a	[Security/Encryption] init encryption security module	2023-08-10 16:21:25 +02:00
Antoine Viallon	398343a1b3	[Security] move hardening config to a dedicated security subfolder	2023-07-31 21:44:22 +02:00

17 commits