From e08c0342b4899775278429deb329f93b0c82c310 Mon Sep 17 00:00:00 2001 From: Aaron Bieber Date: Thu, 25 Jan 2024 18:22:36 -0700 Subject: [PATCH] configs/hardened: set allocator to libc for everything also fmt --- configs/hardened.nix | 2 +- hosts/box/default.nix | 23 ++++++++++++----------- hosts/clunk/hardware-configuration.nix | 21 +++++++++++++-------- hosts/h/default.nix | 1 - hosts/stan/hardware-configuration.nix | 1 - 5 files changed, 26 insertions(+), 22 deletions(-) diff --git a/configs/hardened.nix b/configs/hardened.nix index b882c0a..86c49bb 100644 --- a/configs/hardened.nix +++ b/configs/hardened.nix @@ -1,7 +1,7 @@ { lib, ... }: with lib; { environment = { - memoryAllocator.provider = mkDefault "scudo"; + memoryAllocator.provider = mkDefault "libc"; variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1"; }; diff --git a/hosts/box/default.nix b/hosts/box/default.nix index f611a94..98806a4 100644 --- a/hosts/box/default.nix +++ b/hosts/box/default.nix @@ -1,7 +1,6 @@ { config , lib , pkgs -, isUnstable , xinlib , ... }: @@ -207,15 +206,17 @@ in # "services/home-automation/home-assistant.nix" #]; - environment.systemPackages = with pkgs; [ - tmux - mosh - apg - git - signify - glowing-bear - rtl_433 - ]; + environment = { + systemPackages = with pkgs; [ + tmux + mosh + apg + git + signify + glowing-bear + rtl_433 + ]; + }; security.acme = { acceptTerms = true; @@ -512,7 +513,7 @@ in fwupd.enable = true; zfs = { - autoSnapshot={ + autoSnapshot = { enable = true; daily = 3; hourly = 8; diff --git a/hosts/clunk/hardware-configuration.nix b/hosts/clunk/hardware-configuration.nix index fce6666..7bf8d10 100644 --- a/hosts/clunk/hardware-configuration.nix +++ b/hosts/clunk/hardware-configuration.nix @@ -2,22 +2,27 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ + (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; fileSystems."/" = - { device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068"; + { + device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068"; fsType = "ext4"; }; swapDevices = - [ { device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; } - ]; + [{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }]; networking.useDHCP = lib.mkDefault true; diff --git a/hosts/h/default.nix b/hosts/h/default.nix index 88c4e37..4b71e66 100644 --- a/hosts/h/default.nix +++ b/hosts/h/default.nix @@ -225,7 +225,6 @@ in }; environment = { - memoryAllocator.provider = "mimalloc"; systemPackages = with pkgs; [ inetutils diff --git a/hosts/stan/hardware-configuration.nix b/hosts/stan/hardware-configuration.nix index d74e53f..173efed 100644 --- a/hosts/stan/hardware-configuration.nix +++ b/hosts/stan/hardware-configuration.nix @@ -1,5 +1,4 @@ { pkgs -, config , lib , modulesPath , ...