boot: use hardened linux 6.6 LTS kernel

2024-07-02 09:42:57 +02:00 · 2024-07-02 09:42:57 +02:00 · b5c30f5da7
parent 3d6c90a559
commit b5c30f5da7
4 changed files with 2 additions and 4 deletions
--- a/hosts/frikandel/configuration.nix
+++ b/hosts/frikandel/configuration.nix
@ -19,6 +19,7 @@ in {
    # Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
    "ip=127.0.0.1:::::lo:none"
  ];
+
  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
  boot.initrd.network = {
    enable = true;
--- a/hosts/pie/configuration.nix
+++ b/hosts/pie/configuration.nix
@ -21,7 +21,6 @@ in {
  boot.loader.generic-extlinux-compatible.enable = false;

  boot.supportedFilesystems = [ "zfs" ];
-  boot.kernelPackages = pkgs.linuxPackages_6_1_hardened;

  boot.kernelParams = [
    "boot.shell_on_fail=1"
--- a/modules/core/boot.nix
+++ b/modules/core/boot.nix
@ -12,7 +12,7 @@ in {
      loader.systemd-boot.enable = lib.mkDefault true;

      # Use latest LTS linux kernel by default
-      kernelPackages = lib.mkDefault pkgs.linuxPackages_6_6_hardened;
+      kernelPackages = pkgs.linuxPackages_6_6_hardened;

      # Support ntfs drives
      supportedFilesystems = ["ntfs"];
--- a/modules/wireguard/ehex.nix
+++ b/modules/wireguard/ehex.nix
@ -46,8 +46,6 @@ in {
            allowedIPs = [ "10.42.0.0/22" "10.0.66.0/24" ];
            persistentKeepalive = 15;
            dynamicEndpointRefreshSeconds = 30;
-# DNS = 10.0.66.10, ehex.cloud,ehex.de
-# DNS = 10.0.66.12, ehex.cloud,ehex.de
          }
        ];
      };