qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

configs/hardened: set allocator to libc for everything

Browse Source 
also fmt
This commit is contained in:
Aaron Bieber 2024-01-25 18:22:36 -07:00
parent eeeb404c56
commit e08c0342b4
No known key found for this signature in database
5 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configs/hardened.nix
View File

@ -1,7 +1,7 @@
{ lib, ... }: { lib, ... }:
with lib; { with lib; {
environment = { environment = {
memoryAllocator.provider = mkDefault "scudo"; memoryAllocator.provider = mkDefault "libc";
variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1"; variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
}; };

23
hosts/box/default.nix
View File

@ -1,7 +1,6 @@
{ config { config
, lib , lib
, pkgs , pkgs
, isUnstable
, xinlib , xinlib
, ... , ...
}: }:
@ -207,15 +206,17 @@ in
# "services/home-automation/home-assistant.nix" # "services/home-automation/home-assistant.nix"
#]; #];
environment.systemPackages = with pkgs; [ environment = {
tmux systemPackages = with pkgs; [
mosh tmux
apg mosh
git apg
signify git
glowing-bear signify
rtl_433 glowing-bear
]; rtl_433
];
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -512,7 +513,7 @@ in
fwupd.enable = true; fwupd.enable = true;
zfs = { zfs = {
autoSnapshot={ autoSnapshot = {
enable = true; enable = true;
daily = 3; daily = 3;
hourly = 8; hourly = 8;

21
hosts/clunk/hardware-configuration.nix
View File

@ -2,22 +2,27 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ]; boot = {
boot.initrd.kernelModules = [ ]; initrd = {
boot.kernelModules = [ ]; availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068"; {
device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; } [{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }];
];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;

1
hosts/h/default.nix
View File

@ -225,7 +225,6 @@ in
}; };
environment = { environment = {
memoryAllocator.provider = "mimalloc";
systemPackages = with pkgs; [ systemPackages = with pkgs; [
inetutils inetutils

1
hosts/stan/hardware-configuration.nix
View File

@ -1,5 +1,4 @@
{ pkgs { pkgs
, config
, lib , lib
, modulesPath , modulesPath
, ... , ...