nixos/sever: clean tmp on boot & use linux-hardened by default

author: seth <[email protected]> 2023-11-02 08:39:49 -0400
committer: seth <[email protected]> 2023-11-02 08:39:49 -0400
commit: f010ac88bcc2d178a263fa4fe12ce7e7de4549cc (patch)
tree: afd6b4db2787f903d3e34e70c18dbee908c1f33a /modules
parent: 919051fccf80bfcdebe4bdc4990ad3049fe67f2f (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
index 8e368fc..8408c6f 100644
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@@ -12,6 +12,11 @@
 
   _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
 
+  boot = {
+    tmp.cleanOnBoot = lib.mkDefault true;
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
+  };
+
   documentation = {
     enable = false;
author	seth <[email protected]>	2023-11-02 08:39:49 -0400
committer	seth <[email protected]>	2023-11-02 08:39:49 -0400
commit	f010ac88bcc2d178a263fa4fe12ce7e7de4549cc (patch)
tree	afd6b4db2787f903d3e34e70c18dbee908c1f33a /modules
parent	919051fccf80bfcdebe4bdc4990ad3049fe67f2f (diff)