46 lines
1.6 KiB
Nix
46 lines
1.6 KiB
Nix
{ pkgs,... }:
|
|
{
|
|
# copied from https://github.com/NixOS/nixpkgs/issues/11790#issuecomment-2409053332
|
|
|
|
# Create a symlink from /bin/true to the Nix-managed true binary.
|
|
environment.etc."bin/true".source = "${pkgs.coreutils}/bin/true";
|
|
# CIS 1.1.1.1.a Ensure mounting of cramfs filesystems is disabled
|
|
environment.etc."modprobe.d/cramfs.conf".text = ''
|
|
install cramfs /bin/true
|
|
'';
|
|
# CIS 1.1.1.2.a Ensure mounting of freevxfs filesystems is disabled
|
|
environment.etc."modprobe.d/freevxfs.conf".text = ''
|
|
install freevxfs /bin/true
|
|
'';
|
|
# CIS 1.1.1.3.a Ensure mounting of jffs2 filesystems is disabled
|
|
environment.etc."modprobe.d/jffs2.conf".text = ''
|
|
install jffs2 /bin/true
|
|
'';
|
|
# CIS 1.1.1.4.a Ensure mounting of hfs filesystems is disabled
|
|
environment.etc."modprobe.d/hfs.conf".text = ''
|
|
install hfs /bin/true
|
|
'';
|
|
# CIS 1.1.1.5.a Ensure mounting of hfsplus filesystems is disabled
|
|
environment.etc."modprobe.d/hfsplus.conf".text = ''
|
|
install hfsplus /bin/true
|
|
'';
|
|
# CIS 1.1.1.6.a Ensure mounting of squashfs filesystems is disabled
|
|
environment.etc."modprobe.d/squashfs.conf".text = ''
|
|
install squashfs /bin/true
|
|
'';
|
|
# CIS 1.1.1.7.a Ensure mounting of udf filesystems is disabled
|
|
environment.etc."modprobe.d/udf.conf".text = ''
|
|
install udf /bin/true
|
|
'';
|
|
|
|
# CIS 1.1.1.8.a Ensure mounting of FAT filesystems is disabled
|
|
# environment.etc."modprobe.d/fat.conf".text = ''
|
|
# install fat /bin/true
|
|
# '';
|
|
environment.etc."modprobe.d/CIS.conf".text = ''
|
|
install dccp /bin/true
|
|
install sctp /bin/true
|
|
install rds /bin/true
|
|
install tipc /bin/true
|
|
'';
|
|
}
|