movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 13:15:30 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/profiles/hardened: replace 'with' using inherit and add disable option

Browse source
This commit is contained in:
Nico Felbinger 2025-01-19 17:45:14 +01:00
parent 81f97de458
commit 958d1fb821
No known key found for this signature in database
GPG key ID: 6E4C8C7087EFEEAE
1 changed files with 97 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

18
nixos/modules/profiles/hardened.nix
View file

@ -12,10 +12,21 @@
pkgs, pkgs,
... ...
}: }:
let
with lib; inherit (lib)
mkDefault
mkOverride
mkEnableOption
mkIf
maintainers
;
in
{ {
options.profiles.hardened = mkEnableOption "hardened" // {
default = true;
example = false;
};
config = mkIf config.profiles.hardened {
meta = { meta = {
maintainers = [ maintainers = [
maintainers.joachifm maintainers.joachifm
@ -122,4 +133,5 @@ with lib;
# Ignore outgoing ICMP redirects (this is ipv4 only) # Ignore outgoing ICMP redirects (this is ipv4 only)
boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false; boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false; boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
};
} }