mirror of
https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles.git
synced 2025-09-15 09:45:58 +03:00
78d6258bfe
Changelog: - autostart: remove hypridle from autostart script - helix: add copilot LSP for Rust, JS/TS variants - hyprland: - Refactor window rules with regex patterns - Update brightness controls for intel_backlight - Adjust pyprland scratchpad configurations - bootloader: - Add i915 kernel modules - Disable initrd verbose logging - greetd: update tuigreet command to use uwsm - hyprland: enable hyprlock, hypridle services - linux-kernel: add security hardening params - ollama: add new LLM models (gemma3, deepcoder) - utils: add sqlx-cli and kitty - kitty: add config - virtualisation: - Add lima, nerdctl - vpn: - Enable mullvad VPN - Add mullvad and tor browsers - stylus-themes: update to latest
44 lines
1.2 KiB
Nix
44 lines
1.2 KiB
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
# Linux Kernel
|
|
security.forcePageTableIsolation = true;
|
|
security.lockKernelModules = true;
|
|
# security.protectKernelImage = true;
|
|
security.unprivilegedUsernsClone = true;
|
|
security.virtualisation.flushL1DataCache = "cond";
|
|
boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen;
|
|
boot.kernelParams = [
|
|
"quiet"
|
|
"splash"
|
|
"loglevel=3"
|
|
"rd.udev.log_priority=3"
|
|
"systemd.show_status=auto"
|
|
"fbcon=nodefer"
|
|
"vt.global_cursor_default=0"
|
|
"kernel.modules_disabled=1"
|
|
"lsm=landlock,lockdown,yama,integrity,apparmor,bpf,tomoyo,selinux"
|
|
"usbcore.autosuspend=-1"
|
|
"video4linux"
|
|
"acpi_rev_override=5"
|
|
"security=selinux"
|
|
];
|
|
# boot.kernelPatches = [ {
|
|
# name = "selinux-config";
|
|
# patch = null;
|
|
# extraConfig = ''
|
|
# SECURITY_SELINUX y
|
|
# SECURITY_SELINUX_BOOTPARAM n
|
|
# SECURITY_SELINUX_DEVELOP y
|
|
# SECURITY_SELINUX_AVC_STATS y
|
|
# DEFAULT_SECURITY_SELINUX n
|
|
# '';
|
|
# } ];
|
|
|
|
systemd.package = pkgs.systemd.override { withSelinux = true; };
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
policycoreutils
|
|
];
|
|
}
|