Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modules/security: add hlissner-based security config

Browse source
This commit is contained in:
Infinidoge 2021-12-01 20:37:22 -05:00
parent 58836225d1
commit 182932de5f
2 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/modules/boot.nix
View file

@ -45,8 +45,10 @@ in
boot.loader = { boot.loader = {
systemd-boot = { systemd-boot = {
enable = mkDefault true; enable = mkDefault true;
editor = false;
consoleMode = "2"; consoleMode = "2";
# See desc in nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
editor = false;
}; };
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

13
modules/modules/security.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
with lib;
with lib.hlissner;
{
# Security settings based on https://github.com/hlissner/dotfiles/blob/master/modules/security.nix
security.acme.acceptTerms = true;
boot = {
# Make tmp volatile, using tmpfs is speedy on SSD systems
tmpOnTmpfs = mkDefault true;
cleanTmpDir = mkDefault (!config.boot.tmpOnTmpfs);
};
}