From 82e45af049dac7543f0d4847bc0e701b0f93a361 Mon Sep 17 00:00:00 2001
From: Asmir A <asmir.abdulahovic@gmail.com>
Date: Sat, 30 Aug 2025 10:27:56 +0200
Subject: [PATCH] nixy/kernel: set hardened kern ver and add
 unprivileged_userns_clone needed for chromium

---
 nixy/configuration.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixy/configuration.nix b/nixy/configuration.nix
index 49698b6..8ff50da 100644
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@@ -89,10 +89,11 @@ in
       "amdgpu.sg_display=0"
       "amdgpu.gttsize=2048"
     ];
-    kernelPackages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_hardened;
     kernel.sysctl = {
       "net.core.default_qdisc" = "fq";
       "net.ipv4.tcp_congestion_control" = "bbr";
+      "kernel.unprivileged_userns_clone" = "1"; /* Needed with harderned kernel */
     };
     loader.efi.canTouchEfiVariables = true;
     loader.systemd-boot = {