nixy/kernel: set hardened kern ver and add unprivileged_userns_clone needed for chromium

2025-08-30 10:27:56 +02:00 · 2025-08-30 10:27:56 +02:00 · 82e45af049
commit 82e45af049
parent 9b58967454
1 changed files with 2 additions and 1 deletions
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@ -89,10 +89,11 @@ in
      "amdgpu.sg_display=0"
      "amdgpu.gttsize=2048"
    ];
-    kernelPackages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_hardened;
    kernel.sysctl = {
      "net.core.default_qdisc" = "fq";
      "net.ipv4.tcp_congestion_control" = "bbr";
+      "kernel.unprivileged_userns_clone" = "1"; /* Needed with harderned kernel */
    };
    loader.efi.canTouchEfiVariables = true;
    loader.systemd-boot = {