diff options
Diffstat (limited to 'nixos/modules/profiles')
| -rw-r--r-- | nixos/modules/profiles/all-hardware.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/profiles/graphical.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/profiles/installation-device.nix | 2 |
4 files changed, 11 insertions, 2 deletions
diff --git a/nixos/modules/profiles/all-hardware.nix b/nixos/modules/profiles/all-hardware.nix index 530b2fbffd1c..6e6ae98e19fc 100644 --- a/nixos/modules/profiles/all-hardware.nix +++ b/nixos/modules/profiles/all-hardware.nix @@ -41,6 +41,9 @@ # Virtio (QEMU, KVM etc.) support. "virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "virtio_balloon" "virtio_console" + + # VMware support. + "mptspi" "vmw_balloon" "vmwgfx" "vmw_vmci" "vmw_vsock_vmci_transport" "vmxnet3" "vsock" # Hyper-V support. "hv_storvsc" diff --git a/nixos/modules/profiles/graphical.nix b/nixos/modules/profiles/graphical.nix index e23375375188..fe9851e79a6d 100644 --- a/nixos/modules/profiles/graphical.nix +++ b/nixos/modules/profiles/graphical.nix @@ -8,7 +8,7 @@ enable = true; displayManager.sddm.enable = true; desktopManager.plasma5.enable = true; - synaptics.enable = true; # for touchpad support on many laptops + libinput.enable = true; # for touchpad support on many laptops }; environment.systemPackages = [ pkgs.glxinfo ]; diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 0a0838431da7..0ab210cc4c39 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -59,4 +59,10 @@ with lib; # the feature at runtime. Attempting to create a user namespace # with unshare will then fail with "no space left on device". boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0; + + # Raise ASLR entropy for 64bit & 32bit, respectively. + # + # Note: mmap_rnd_compat_bits may not exist on 64bit. + boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32; + boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16; } diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index a24fa75e01db..8e1482f5533f 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -28,7 +28,7 @@ with lib; services.nixosManual.showManual = true; # Let the user play Rogue on TTY 8 during the installation. - services.rogue.enable = true; + #services.rogue.enable = true; # Disable some other stuff we don't need. security.sudo.enable = false; |