commit 485b06a37613b0a070eca9eac5573210bc3cc54a · pyrox.dev/nixpkgs

+15 -6

nixos/modules/config/sysctl.nix

···

       72
       72
        
             restartTriggers = [ config.environment.etc."sysctl.d/60-nixos.conf".source ];

     

       73
       73
        
           };

     

       74
       74
        
       

     

       75
       75
       -
           # Hide kernel pointers (e.g. in /proc/modules) for unprivileged

     

       76
       76
       -
           # users as these make it easier to exploit kernel vulnerabilities.

     

       77
       77
       -
           boot.kernel.sysctl."kernel.kptr_restrict" = lib.mkDefault 1;

     

       75
       75
       +
           # NixOS wide defaults

     

       76
       76
       +
           boot.kernel.sysctl = {

     

       77
       77
       +
             # Hide kernel pointers (e.g. in /proc/modules) for unprivileged

     

       78
       78
       +
             # users as these make it easier to exploit kernel vulnerabilities.

     

       79
       79
       +
             "kernel.kptr_restrict" = lib.mkDefault 1;

     

       80
       80
       +
       

     

       81
       81
       +
             # Improve compatibility with applications that allocate

     

       82
       82
       +
             # a lot of memory, like modern games

     

       83
       83
       +
             "vm.max_map_count" = lib.mkDefault 1048576;

     

       78
       84
        
       

     

       79
       79
       -
           # Improve compatibility with applications that allocate

     

       80
       80
       -
           # a lot of memory, like modern games

     

       81
       81
       -
           boot.kernel.sysctl."vm.max_map_count" = lib.mkDefault 1048576;

     

       85
       85
       +
             # The default max inotify watches is 8192.

     

       86
       86
       +
             # Nowadays most apps require a good number of inotify watches,

     

       87
       87
       +
             # the value below is used by default on several other distros.

     

       88
       88
       +
             "fs.inotify.max_user_instances" = lib.mkDefault 524288;

     

       89
       89
       +
             "fs.inotify.max_user_watches" = lib.mkDefault 524288;

     

       90
       90
       +
           };

     

       82
       91
        
         };

     

       83
       92
        
       }

-8

nixos/modules/services/misc/graphical-desktop.nix

···

       21
       21
        
         };

     

       22
       22
        
       

     

       23
       23
        
         config = lib.mkIf cfg.enable {

     

       24
       24
       -
           # The default max inotify watches is 8192.

     

       25
       25
       -
           # Nowadays most apps require a good number of inotify watches,

     

       26
       26
       -
           # the value below is used by default on several other distros.

     

       27
       27
       -
           boot.kernel.sysctl = {

     

       28
       28
       -
             "fs.inotify.max_user_instances" = lib.mkDefault 524288;

     

       29
       29
       -
             "fs.inotify.max_user_watches" = lib.mkDefault 524288;

     

       30
       30
       -
           };

     

       31
       31
       -
       

     

       32
       24
        
           environment = {

     

       33
       25
        
             # localectl looks into 00-keyboard.conf

     

       34
       26
        
             etc."X11/xorg.conf.d/00-keyboard.conf".text = ''