nix: Load common security settings

2021-07-17 18:24:47 +02:00 · 2021-07-17 18:24:47 +02:00 · 28955680c2
commit 28955680c2
parent ad925391c9
2 changed files with 2 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -15,6 +15,7 @@
      system = "x86_64-linux";
      modules = [
        inputs.snm.nixosModule
+	./modules/security.nix
 	./hosts/thrall
      ];
    };
--- a/modules/security.nix
+++ b/modules/security.nix
@ -9,7 +9,7 @@

  # tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
  # on ssd systems, and volatile! Because it's wiped on reboot.
-  boot.tmpOnTmpfs = lib.mkDefault true;
+#  boot.tmpOnTmpfs = lib.mkDefault true;
  # If not using tmpfs, which is naturally purged on reboot, we must clean it
  # /tmp ourselves. /tmp should be volatile storage!
  boot.cleanTmpDir = lib.mkDefault (!config.boot.tmpOnTmpfs);