From f010ac88bcc2d178a263fa4fe12ce7e7de4549cc Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Thu, 2 Nov 2023 08:39:49 -0400
Subject: nixos/sever: clean tmp on boot & use linux-hardened by default

---
 modules/nixos/server/default.nix | 5 +++++
 systems/atlas/default.nix        | 1 -
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
index 8e368fc..8408c6f 100644
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@@ -12,6 +12,11 @@
 
   _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
 
+  boot = {
+    tmp.cleanOnBoot = lib.mkDefault true;
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
+  };
+
   documentation = {
     enable = false;
 
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
index 00bfab4..3048534 100644
--- a/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -20,7 +20,6 @@
   boot = {
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;
-    tmp.cleanOnBoot = true;
   };
 
   networking = {
-- 
cgit v1.2.3