aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-05 17:27:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
722 commits 2 branches 0 tags 785 KiB
Commit graph

11 commits

Author SHA1 Message Date
Antoine VIALLON
bf219a30c2
fix(lint): nixfmt the whole tree 2026-03-22 21:56:13 +01:00
Antoine Viallon
2bc54d0c0e
[Security/Hardening] fix mkQuasiForce 2024-04-04 15:33:06 +02:00
Antoine Viallon
98e06464eb
[Hardening] ignore execve where auid is unset (services, typically) 2024-03-11 00:18:34 +01:00
Antoine Viallon
0729404d27
[Hardening] add many more sane audit rules 2024-03-08 23:28:04 +01:00
Antoine Viallon
06398f02a6
[Hardening] prohibit root ssh login entirely in hardcore mode 2024-03-08 23:27:30 +01:00
Antoine Viallon
3080d90d2c
[Hardening] use hardened kernel by default, but do not force it 2024-03-08 23:27:09 +01:00
Antoine Viallon
07893642d7
[Hardening] use systemd-journald for audit logs 2024-03-08 23:26:32 +01:00
Antoine Viallon
87ab357291
[Hardening] remove broken and obsolete dbus hardening 2024-03-08 23:15:46 +01:00
Antoine Viallon
f3ccaff561
[Hardening] refactor overrides and make them more coherent 
Especially, the priority was very wrong
 2024-03-08 23:15:05 +01:00
Antoine Viallon
ec9cfceda6
[Boot+Treewide] rename aviallon.boot.kernel to aviallon.boot.kernel.package 
Rename aviallon.boot.extraKCflags to aviallon.boot.kernel.addOptimizationAttributes

Also add an option to add non-optimization attributes to kernel derivation.
 2023-11-07 21:27:57 +01:00
Antoine Viallon
398343a1b3
[Security] move hardening config to a dedicated security subfolder 2023-07-31 21:44:22 +02:00
Renamed from hardening.nix (Browse further)