poz/niksos
poz/niksos
1
3
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

add fs hardening

Browse source 
thanks raf
This commit is contained in:
jacekpoz 2024-09-12 14:52:53 +02:00
parent 17d4a3a526
commit d3f908dbd1
Signed by: poz
SSH key fingerprint: SHA256:JyLeVWE4bF3tDnFeUpUaJsPsNlJyBldDGV/dIKSLyN8
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/common/core/default.nix
View file

@ -6,6 +6,7 @@ _: {
./disable-nano.nix ./disable-nano.nix
./disk.nix ./disk.nix
./docs.nix ./docs.nix
./fs-hardening.nix
./nix.nix ./nix.nix
./oomd.nix ./oomd.nix
./permit-olm.nix ./permit-olm.nix

8
hosts/common/core/fs-hardening.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
fileSystems = let
defaults = [ "nodev" "nosuid" "noexec" ];
in {
"/boot".options = defaults;
"/var/log".options = defaults;
};
}