aylac.top / nixcfg-own-knot
forked from aylac.top/nixcfg
this repo has no description
fork atom
nixcfg-own-knot / modules / nixos / security / default.nix
at fad399ede440369272311853e773f585757e0a04 964 B view raw
1{...}: { 2 imports = [ 3 ./apparmor.nix 4 ./pam.nix 5 ./polkit.nix 6 ./sudo.nix 7 ]; 8 9 boot.blacklistedKernelModules = [ 10 # Obscure network protocols 11 "ax25" 12 "netrom" 13 "rose" 14 "dccp" 15 "sctp" 16 "rds" 17 "tipc" 18 "n-hdlc" 19 "x25" 20 "decnet" 21 "econet" 22 "af_802154" 23 "ipx" 24 "appletalk" 25 "psnap" 26 "p8023" 27 "p8022" 28 "can" 29 "atm" 30 31 # Old or rare or insufficiently audited filesystems 32 "adfs" 33 "affs" 34 "bfs" 35 "befs" 36 "cramfs" 37 "efs" 38 "erofs" 39 "exofs" 40 "freevxfs" 41 "f2fs" 42 "hfs" 43 "hpfs" 44 "jfs" 45 "minix" 46 "nilfs2" 47 #"ntfs" 48 "omfs" 49 "qnx4" 50 "qnx6" 51 "sysv" 52 "ufs" 53 # Various rare filesystems 54 "jffs2" 55 "hfsplus" 56 #"squashfs" 57 "udf" 58 "cifs" 59 "nfs" 60 "nfsv3" 61 "nfsv4" 62 "gfs2" 63 # vivid driver is only useful for testing purposes and has been the cause 64 # of privilege escalation vulnerabilities 65 "vivid" 66 ]; 67}