s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

kyra(hardening): security defaults init

Browse source 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s 2026-05-03 19:05:21 +03:00
parent ff98be13a3
commit d5d41960f4
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
kyra/security/defaults.nix Normal file
View file

@ -0,0 +1,13 @@
_: {
security = {
unprivilegedUsernsClone = false;
forcePageTableIsolation = true;
allowSimultaneousMultithreading = false;
protectKernelImage = true;
lockKernelModules = true;
virtualisation = {
flushL1DataCache = "always";
};
};
}