kenji
6eef6108c4
- Remove SSH service (was temporary) - Close unused firewall ports (22, 80, 53) - Require sudo password for wheel group - Disable systemd-boot editor to prevent boot tampering - Remove boot.shell_on_fail kernel parameter - Add kernel hardening parameters (slab_nomerge, init_on_alloc, etc.) - Add sysctl hardening (dmesg_restrict, kptr_restrict, etc.) - Disable Avahi firewall broadcast - Disable Bluetooth auto power-on at boot 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
24 lines
398 B
Nix
24 lines
398 B
Nix
{
|
|
pkgs,
|
|
myConfig,
|
|
...
|
|
}: {
|
|
hardware = {
|
|
bluetooth = {
|
|
enable = true;
|
|
powerOnBoot = false;
|
|
};
|
|
};
|
|
networking = {
|
|
hostName = myConfig.nixos.hostname;
|
|
networkmanager.enable = true;
|
|
networkmanager.wifi.backend = "iwd";
|
|
wireless.iwd.enable = true;
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [];
|
|
allowedUDPPorts = [];
|
|
};
|
|
};
|
|
}
|