nixos/sever: clean tmp on boot & use linux-hardened by default

author: seth <[email protected]> 2023-11-02 08:39:49 -0400
committer: seth <[email protected]> 2023-11-02 08:39:49 -0400
commit: f010ac88bcc2d178a263fa4fe12ce7e7de4549cc (patch)
tree: afd6b4db2787f903d3e34e70c18dbee908c1f33a
parent: 919051fccf80bfcdebe4bdc4990ad3049fe67f2f (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
index 8e368fc..8408c6f 100644
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@@ -12,6 +12,11 @@
 
   _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
 
+  boot = {
+    tmp.cleanOnBoot = lib.mkDefault true;
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
+  };
+
   documentation = {
     enable = false;
 
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
index 00bfab4..3048534 100644
--- a/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -20,7 +20,6 @@
   boot = {
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;
-    tmp.cleanOnBoot = true;
   };
 
   networking = {
author	seth <[email protected]>	2023-11-02 08:39:49 -0400
committer	seth <[email protected]>	2023-11-02 08:39:49 -0400
commit	f010ac88bcc2d178a263fa4fe12ce7e7de4549cc (patch)
tree	afd6b4db2787f903d3e34e70c18dbee908c1f33a
parent	919051fccf80bfcdebe4bdc4990ad3049fe67f2f (diff)