Hardened.nix profile long boot time

I played around using the hardened.nix profile. When I boot without using it it takes systemd-modules-load.service 3s to complete and when I boot with it included systemd-modules-load.service takes ~1.5 minutes to complete which is a huge difference.

Is this expected behaviour? How can I decrease this?

Should I even use it or would you consider using the hardened.nix profile overkill for a normal client and only use it for servers?

Unless your machine is on a DMZ, in a managed organization, public domain internet (like a cafe) or you are a high value target, like a corp executive or wealthy af. Also dev environments you expect to be working with untrusted code.
any of the hardened variations will be overkill unless these or similar are your use cases.
Otherwise, 1.5 minutes sounds suspiciously close to what the systemd startup would wait before skipping past a service that’s taking too long to load or close.
Check your journal and dmesg logs, and examine the rolls checklist on boot for hangs.

1 Like