security things

update
2026-01-18 02:36:00 -05:00 · 2026-01-18 01:03:18 -05:00
3 changed files with 46 additions and 15 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -18,6 +18,7 @@
    ./modules/age-secrets.nix
    ./modules/secureboot.nix
    ./modules/no-rgb.nix
+    ./modules/security.nix

    ./services/postgresql.nix
    ./services/jellyfin.nix
--- a/flake.lock
+++ b/flake.lock
@@ -195,11 +195,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767910483,
-        "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
+        "lastModified": 1768603898,
+        "narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
+        "rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c",
        "type": "github"
      },
      "original": {
@@ -296,11 +296,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1768499669,
-        "narHash": "sha256-jJr/zDxu5evfQxlXtMrFFF68/RNj1UrctS/eIsay4k0=",
+        "lastModified": 1768584846,
+        "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "7297dfc69ae9b06e984a6f69900ce25e67c76f46",
+        "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
        "type": "github"
      },
      "original": {
@@ -328,11 +328,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1768323494,
-        "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
+        "lastModified": 1768621446,
+        "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
+        "rev": "72ac591e737060deab2b86d6952babd1f896d7c5",
        "type": "github"
      },
      "original": {
@@ -465,11 +465,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768440751,
-        "narHash": "sha256-knz1rmABSqexRmUVWSXJvvl1eDCjyjIW1uW4oxVCpn0=",
+        "lastModified": 1768523683,
+        "narHash": "sha256-UbkyPXPPAbz0gHIWvHZ+jrPTruZqkpuwTFo5JXPnIgU=",
        "owner": "nix-community",
        "repo": "srvos",
-        "rev": "01120041b929c1e4160cdcd733cac7f02fb98881",
+        "rev": "90e9331fd79d4c3bb5c1e7cd2df2e560565fe543",
        "type": "github"
      },
      "original": {
@@ -541,11 +541,11 @@
    "trackerlist": {
      "flake": false,
      "locked": {
-        "lastModified": 1768432115,
-        "narHash": "sha256-UMu8BPvtjNFnccvxPHvefgboCqov98T+R8pXlaxg4y8=",
+        "lastModified": 1768691318,
+        "narHash": "sha256-5EirwywNrdoEadu5cmjzk8VILVOZslHHesxvaGl287w=",
        "owner": "ngosang",
        "repo": "trackerslist",
-        "rev": "00a9f5521ff521c023439e36f44b2d022432f0e1",
+        "rev": "f925e0b82781958d1f53ea1e9e305e1c27cefced",
        "type": "github"
      },
      "original": {
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  # memory allocator
+  # BREAKS REDIS-IMMICH
+  # environment.memoryAllocator.provider = "graphene-hardened";
+
+  # disable coredumps
+  systemd.coredump.enable = false;
+
+  services = {
+    dbus.implementation = "broker";
+    /*
+      logrotate.enable = true;
+      journald = {
+        storage = "volatile"; # Store logs in memory
+        upload.enable = false; # Disable remote log upload (the default)
+        extraConfig = ''
+          SystemMaxUse=500M
+          SystemMaxFileSize=50M
+        '';
+      };
+    */
+  };
+}
Author	SHA1	Message	Date
Simon Gardling	eb5d0bb093	security things	2026-01-18 02:36:00 -05:00
Simon Gardling	c6b39a98cd	update	2026-01-18 01:03:18 -05:00