From b5c30f5da73719434e75ded3b0976be9f8705aa1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20Yule=20B=C3=A4dorf?= <git@benjaminbaedorf.eu>
Date: Tue, 2 Jul 2024 09:42:57 +0200
Subject: [PATCH] boot: use hardened linux 6.6 LTS kernel

---
 hosts/frikandel/configuration.nix | 1 +
 hosts/pie/configuration.nix       | 1 -
 modules/core/boot.nix             | 2 +-
 modules/wireguard/ehex.nix        | 2 --
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/hosts/frikandel/configuration.nix b/hosts/frikandel/configuration.nix
index 2173e57..fed1bcb 100644
--- a/hosts/frikandel/configuration.nix
+++ b/hosts/frikandel/configuration.nix
@@ -19,6 +19,7 @@ in {
     # Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
     "ip=127.0.0.1:::::lo:none"
   ];
+
   boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
   boot.initrd.network = {
     enable = true;
diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix
index dc2ac48..350cf02 100644
--- a/hosts/pie/configuration.nix
+++ b/hosts/pie/configuration.nix
@@ -21,7 +21,6 @@ in {
   boot.loader.generic-extlinux-compatible.enable = false;
 
   boot.supportedFilesystems = [ "zfs" ];
-  boot.kernelPackages = pkgs.linuxPackages_6_1_hardened;
 
   boot.kernelParams = [
     "boot.shell_on_fail=1"
diff --git a/modules/core/boot.nix b/modules/core/boot.nix
index 2b95f57..d102ea6 100644
--- a/modules/core/boot.nix
+++ b/modules/core/boot.nix
@@ -12,7 +12,7 @@ in {
       loader.systemd-boot.enable = lib.mkDefault true;
 
       # Use latest LTS linux kernel by default
-      kernelPackages = lib.mkDefault pkgs.linuxPackages_6_6_hardened;
+      kernelPackages = pkgs.linuxPackages_6_6_hardened;
 
       # Support ntfs drives
       supportedFilesystems = ["ntfs"];
diff --git a/modules/wireguard/ehex.nix b/modules/wireguard/ehex.nix
index 7a8e6e7..1d57749 100644
--- a/modules/wireguard/ehex.nix
+++ b/modules/wireguard/ehex.nix
@@ -46,8 +46,6 @@ in {
             allowedIPs = [ "10.42.0.0/22" "10.0.66.0/24" ];
             persistentKeepalive = 15;
             dynamicEndpointRefreshSeconds = 30;
-# DNS = 10.0.66.10, ehex.cloud,ehex.de
-# DNS = 10.0.66.12, ehex.cloud,ehex.de
           }
         ];
       };