refactor: rename deprecated option

This commit is contained in:
Moritz Böhme 2023-05-07 12:04:17 +02:00
parent e8fde71f2c
commit 49f7cde4cd
Signed by: moritz
GPG key ID: 970C6E89EB0547A9

View file

@ -3,9 +3,6 @@
, ...
}: {
## System security tweaks
# sets hidepid=2 on /proc (make process info visible only to owning user)
# NOTE Was removed on nixpkgs-unstable because it doesn't do anything
# security.hideProcessInformation = true;
# Prevent replacing the running kernel w/o reboot
security.protectKernelImage = lib.mkDefault true;
@ -14,7 +11,7 @@
boot.tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmpOnTmpfs);
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix