From a7674f6c1dc4c315f58a48089c7c0ce587345428 Mon Sep 17 00:00:00 2001 From: Atridad Lahiji Date: Sat, 20 Dec 2025 23:49:56 -0700 Subject: [PATCH] Some logical re-grouping --- configuration.nix | 3 +++ modules/boot.nix | 20 +++----------------- modules/security.nix | 10 ++++++++++ 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/configuration.nix b/configuration.nix index 6ccb16a..697e1da 100644 --- a/configuration.nix +++ b/configuration.nix @@ -18,5 +18,8 @@ ./modules/aliases.nix ]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + xdg.portal.config.common.default = [ "gnome" ]; + system.stateVersion = "25.11"; } diff --git a/modules/boot.nix b/modules/boot.nix index 865ec16..01d6652 100644 --- a/modules/boot.nix +++ b/modules/boot.nix @@ -6,27 +6,13 @@ editor = false; configurationLimit = 10; }; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.initrd.kernelModules = [ "amdgpu" ]; - - boot.kernelParams = [ - "preempt=full" - "slab_nomerge" - "init_on_alloc=1" - "init_on_free=1" - "page_alloc.shuffle=1" - "randomize_kstack_offset=on" - "vsyscall=none" - "mitigations=auto" - ]; + boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelModules = [ "tcp_bbr" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelParams = [ "preempt=full" ]; boot.tmp.useTmpfs = true; boot.tmp.tmpfsSize = "4G"; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - xdg.portal.config.common.default = [ "gnome" ]; } diff --git a/modules/security.nix b/modules/security.nix index e7a58ae..0693fa4 100644 --- a/modules/security.nix +++ b/modules/security.nix @@ -35,6 +35,16 @@ { domain = "*"; type = "hard"; item = "core"; value = "0"; } ]; + boot.kernelParams = [ + "slab_nomerge" + "init_on_alloc=1" + "init_on_free=1" + "page_alloc.shuffle=1" + "randomize_kstack_offset=on" + "vsyscall=none" + "mitigations=auto" + ]; + boot.kernel.sysctl = { "kernel.dmesg_restrict" = 1; "kernel.kptr_restrict" = 2;