base: mitigate dirtyfrag

base/default.nix

@@ -10,6 +10,8 @@
     (fp /users)
     (fp /modules/snakeoil-certs.nix)
 
+    ./mitigations.nix
+
     ./flake-input-exporter.nix
     ./networking.nix
     ./nix.nix

base/mitigations.nix

@@ -0,0 +1,17 @@
+{ ... }:
+
+{
+  boot.blacklistedKernelModules = [
+  "rxrpc" # dirtyfrag
+  "esp6" # dirtyfrag
+  "esp4" # dirtyfrag
+];
+boot.extraModprobeConfig = ''
+  # dirtyfrag
+  install esp4 /bin/false
+  # dirtyfrag
+  install esp6 /bin/false
+  # dirtyfrag
+  install rxrpc /bin/false
+'';
+}

flake.lock

@@ -232,11 +232,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774824790,
-        "narHash": "sha256-3R2aoykbutdJ7YQaZiU7uO8w4O8b6RjztTPNo8isLTI=",
+        "lastModified": 1777808420,
+        "narHash": "sha256-hh9XBz0K1ypZ+neezgIPCSsnWFKEq8VfV/1aUSPu3OA=",
         "owner": "oddlama",
         "repo": "nix-topology",
-        "rev": "5765ce41be8a4fb5471a57671c2b740a350c5da0",
+        "rev": "28e9dc901ff38a8fa2d24bccd5f89511d6d8324e",
         "type": "github"
       },
       "original": {
@@ -248,11 +248,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1775064210,
-        "narHash": "sha256-bEqbUNAnoyNZzd8rrhS8QETdDWr+vYzZeaggBLmFLIA=",
-        "rev": "9d1c3efdc713c1ed9679796c08a1a8a193e4704e",
+        "lastModified": 1778125667,
+        "narHash": "sha256-swcxqlW+XrZFBqjcV3AV8AR64/eI234AZRFKs6q4DFo=",
+        "rev": "75636a69ad3115ff64d4cb3090e66c8275dda9c2",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.8497.9d1c3efdc713/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.10534.75636a69ad31/nixexprs.tar.xz"
       },
       "original": {
         "type": "tarball",
@@ -276,11 +276,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1777014002,
-        "narHash": "sha256-urhq48kYlNYbkGXQ/f3NjzJTGfMdG8GmJQbgFLcrcV0=",
-        "rev": "15ebe06759175c2e98dba23c0b125913589094e7",
+        "lastModified": 1778157832,
+        "narHash": "sha256-lSl05j1UzI5MioSJWUa7oUp5a88zzv3sXMwWC4d1N70=",
+        "rev": "ec299c6a33eee9baf5b4d72881ca2f15c06b4f01",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre986338.15ebe0675917/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre993859.ec299c6a33ee/nixexprs.tar.xz"
       },
       "original": {
         "type": "tarball",
@@ -390,6 +390,7 @@
       },
       "original": {
         "ref": "main",
+        "rev": "16b2bc5c2759e20ecb952374509f1e1f9d6c06e7",
         "type": "git",
         "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
       }
@@ -464,11 +465,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774910634,
-        "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=",
+        "lastModified": 1777944972,
+        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301",
+        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -32,7 +32,7 @@
     minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git?ref=main";
     minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
 
-    roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main";
+    roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main&rev=16b2bc5c2759e20ecb952374509f1e1f9d6c06e7";
     roowho2.inputs.nixpkgs.follows = "nixpkgs";
 
     greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
@@ -62,9 +62,11 @@
     importantMachines = [
       "bekkalokk"
       "bicep"
-      "brzeczyszczykiewicz"
       "georg"
       "ildkule"
+      "kommode"
+      "lupine-1"
+      "skrot"
     ];
   in {
     inputs = lib.mapAttrs (_: src: src.outPath) inputs;