Hi,
I have a configuration that builds a hardened kernel using nixos-generator, that looks like:
{ config, lib, pkgs, ... }:
{
services.sshd.enable = true;
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 ];
users.users.root.password = "nixos";
services.openssh.permitRootLogin = lib.mkDefault "yes";
services.getty.autologinUser = lib.mkDefault "root";
boot.kernelPackages = let
linux_hardened_pkg = { fetchurl, buildLinux, ... } @ args:
buildLinux (args // rec {
version = "5.10.32-hardened1";
modDirVersion = version;
src = fetchurl {
url = "https://github.com/anthraxx/linux-hardened/archive/refs/tags/5.10.32-hardened1.tar.gz";
sha256 = "6a2fa5c8c151735a2eed59b5c93c0cb57c495588b4e1406a1fe4d066f52c4d37";
};
kernelPatches = lib.singleton {
name = "prune";
patch = null;
extraStructuredConfig = with lib.kernel; {
};
};
extraMeta.branch = "5.10";
} // (args.argsOverride or {}));
linux_hardened = pkgs.callPackage linux_hardened_pkg{};
in
pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_hardened);
}
I’d like to add my own .config according to this documentation. Can anyone
give some insight how the configuration.nix should look like to do so?
Thanks!