- Remove SSH service (was temporary) - Close unused firewall ports (22, 80, 53) - Require sudo password for wheel group - Disable systemd-boot editor to prevent boot tampering - Remove boot.shell_on_fail kernel parameter - Add kernel hardening parameters (slab_nomerge, init_on_alloc, etc.) - Add sysctl hardening (dmesg_restrict, kptr_restrict, etc.) - Disable Avahi firewall broadcast - Disable Bluetooth auto power-on at boot 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Clearer naming to distinguish NixOS system modules from Home Manager modules (nixos/ vs home/). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
kenji