nixcfg

History

Harald Hoyer b9cfdc99a7 feat(base): blacklist unused network kernel modules Disable rxrpc, kafs, af_key, esp4, esp6 across all systems that enable metacfg.base. None of them are used on these hosts, and they have a history of CVEs — blacklisting reduces kernel attack surface.	2026-05-13 09:16:21 +02:00
..
default.nix	feat(base): blacklist unused network kernel modules	2026-05-13 09:16:21 +02:00

Harald Hoyer b9cfdc99a7 feat(base): blacklist unused network kernel modules

Disable rxrpc, kafs, af_key, esp4, esp6 across all systems that enable
metacfg.base. None of them are used on these hosts, and they have a
history of CVEs — blacklisting reduces kernel attack surface.

2026-05-13 09:16:21 +02:00

default.nix

feat(base): blacklist unused network kernel modules

2026-05-13 09:16:21 +02:00