sourcephile / git / julm / julm-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mails: test notmuch setup
[julm/julm-nix.git] / nixos / profiles / security.nix
diff --git a/nixos/profiles/security.nix b/nixos/profiles/security.nix
index 4b11c491c39e75f0916a77cfc6ecaf4c5eb85665..8a9a9e5804da532e3cbc53c8b21f759ab764b808 100644 (file)
--- a/nixos/profiles/security.nix
+++ b/nixos/profiles/security.nix
@@ -5,7 +5,7 @@ boot.kernelPackages = pkgs.linuxPackages;
 #boot.kernelPackages = pkgs.linuxPackages_hardened;
 #boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
 #environment.memoryAllocator.provider = "libc";
-nix.allowedUsers = [ "@users" ];
+nix.settings.allowed-users = [ "@users" ];
 networking.firewall.pingLimit = "--limit 60/minute --limit-burst 5";
 security.allowSimultaneousMultithreading = false;
 security.apparmor.enable = lib.mkDefault true;
@@ -140,6 +140,14 @@ services.journald.extraConfig = ''
   Storage=persistent
   SystemMaxUse=100M
 '';
+systemd.coredump = {
+  enable = lib.mkDefault false;
+  extraConfig = ''
+    Compress=true
+    MaxUse=1024M
+    Storage=external
+  '';
+};
 services.openssh = {
   openFirewall = lib.mkDefault false;
   passwordAuthentication = false;
julm's NixOS and home-manager configs