Releases: cynicsketch/nix-mineral
Releases · cynicsketch/nix-mineral
v0.1.6-alpha
Changes
*Enable IPv6 privacy extensions in systemd-networkd and NetworkManager
*Use /etc/issue with legal disclaimer, borrowed from Kicksecure/security-misc
*Use Kicksecure gitconfig for increased git security
*Reenable systemd-coredump but disable storage of dumps
*Harden additional directories: /dev, /run, /srv, /etc, /root
Full changelog: v0.1.5-alpha...v0.1.6-alpha
v0.1.5-alpha
Changes
*Fix root login on TTY not actually being blocked by enabling securetty support in PAM login service
Full changelog: v0.1.4-alpha...v0.1.5-alpha
v0.1.4-alpha
Changes
*Disable CPU MSR by default
*Add option to disable Intel ME related kernel modules
Full changelog: v0.1.3-alpha...v0.1.4-alpha
v0.1.3-alpha
Changes
*Load jitterentropy_rng kernel module by default
Full changelog: v0.1.2-alpha...v0.1.3-alpha
v0.1.2-alpha
Changes
*Hotfix to correct some typos and other non-feature related stuff in order to complete nixos-rebuild
Full changelog: v0.1.1-alpha...v0.1.2-alpha
v0.1.1-alpha
Changes
* This list is not complete, and is just a summary
* Update chrony config
* Update bluetooth config
* Replace haveged with jitterentropy-rngd
* Update module blacklist
* Add option to disable bluetooth
* Add option to disable kernel module loading
* Add option to disable TCP window scaling
* Integrate security relevant options from K4YT3X's sysctl config
Full changelog: v0.1.0-alpha...v0.1.1-alpha
v0.1.0-alpha
First Alpha release.