mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-05-12 17:41:15 +02:00
base: mitigate dirtyfrag
This commit is contained in:
Daniel Olsen
@@ -10,6 +10,8 @@
|
|||||||
(fp /users)
|
(fp /users)
|
||||||
(fp /modules/snakeoil-certs.nix)
|
(fp /modules/snakeoil-certs.nix)
|
||||||
|
|
||||||
|
./mitigations.nix
|
||||||
|
|
||||||
./flake-input-exporter.nix
|
./flake-input-exporter.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./nix.nix
|
./nix.nix
|
||||||
|
|||||||
17
base/mitigations.nix
Normal file
17
base/mitigations.nix
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
boot.blacklistedKernelModules = [
|
||||||
|
"rxrpc" # dirtyfrag
|
||||||
|
"esp6" # dirtyfrag
|
||||||
|
"esp4" # dirtyfrag
|
||||||
|
];
|
||||||
|
boot.extraModprobeConfig = ''
|
||||||
|
# dirtyfrag
|
||||||
|
install esp4 /bin/false
|
||||||
|
# dirtyfrag
|
||||||
|
install esp6 /bin/false
|
||||||
|
# dirtyfrag
|
||||||
|
install rxrpc /bin/false
|
||||||
|
'';
|
||||||
|
}
|
||||||
29
flake.lock
generated
29
flake.lock
generated
@@ -232,11 +232,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1774824790,
|
"lastModified": 1777808420,
|
||||||
"narHash": "sha256-3R2aoykbutdJ7YQaZiU7uO8w4O8b6RjztTPNo8isLTI=",
|
"narHash": "sha256-hh9XBz0K1ypZ+neezgIPCSsnWFKEq8VfV/1aUSPu3OA=",
|
||||||
"owner": "oddlama",
|
"owner": "oddlama",
|
||||||
"repo": "nix-topology",
|
"repo": "nix-topology",
|
||||||
"rev": "5765ce41be8a4fb5471a57671c2b740a350c5da0",
|
"rev": "28e9dc901ff38a8fa2d24bccd5f89511d6d8324e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -248,11 +248,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1775064210,
|
"lastModified": 1778125667,
|
||||||
"narHash": "sha256-bEqbUNAnoyNZzd8rrhS8QETdDWr+vYzZeaggBLmFLIA=",
|
"narHash": "sha256-swcxqlW+XrZFBqjcV3AV8AR64/eI234AZRFKs6q4DFo=",
|
||||||
"rev": "9d1c3efdc713c1ed9679796c08a1a8a193e4704e",
|
"rev": "75636a69ad3115ff64d4cb3090e66c8275dda9c2",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.8497.9d1c3efdc713/nixexprs.tar.xz"
|
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.10534.75636a69ad31/nixexprs.tar.xz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
@@ -276,11 +276,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1777014002,
|
"lastModified": 1778157832,
|
||||||
"narHash": "sha256-urhq48kYlNYbkGXQ/f3NjzJTGfMdG8GmJQbgFLcrcV0=",
|
"narHash": "sha256-lSl05j1UzI5MioSJWUa7oUp5a88zzv3sXMwWC4d1N70=",
|
||||||
"rev": "15ebe06759175c2e98dba23c0b125913589094e7",
|
"rev": "ec299c6a33eee9baf5b4d72881ca2f15c06b4f01",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre986338.15ebe0675917/nixexprs.tar.xz"
|
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre993859.ec299c6a33ee/nixexprs.tar.xz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
@@ -390,6 +390,7 @@
|
|||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
|
"rev": "16b2bc5c2759e20ecb952374509f1e1f9d6c06e7",
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
||||||
}
|
}
|
||||||
@@ -464,11 +465,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1774910634,
|
"lastModified": 1777944972,
|
||||||
"narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=",
|
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301",
|
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|||||||
@@ -32,7 +32,7 @@
|
|||||||
minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git?ref=main";
|
minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git?ref=main";
|
||||||
minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
|
minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main";
|
roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main&rev=16b2bc5c2759e20ecb952374509f1e1f9d6c06e7";
|
||||||
roowho2.inputs.nixpkgs.follows = "nixpkgs";
|
roowho2.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
|
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
|
||||||
@@ -62,9 +62,11 @@
|
|||||||
importantMachines = [
|
importantMachines = [
|
||||||
"bekkalokk"
|
"bekkalokk"
|
||||||
"bicep"
|
"bicep"
|
||||||
"brzeczyszczykiewicz"
|
|
||||||
"georg"
|
"georg"
|
||||||
"ildkule"
|
"ildkule"
|
||||||
|
"kommode"
|
||||||
|
"lupine-1"
|
||||||
|
"skrot"
|
||||||
];
|
];
|
||||||
in {
|
in {
|
||||||
inputs = lib.mapAttrs (_: src: src.outPath) inputs;
|
inputs = lib.mapAttrs (_: src: src.outPath) inputs;
|
||||||
|
|||||||
Reference in New Issue
Block a user