nixos/profiles/hardened: replace 'with' using inherit and add disable option

2025-01-19 17:45:14 +01:00
parent 81f97de458
commit 958d1fb821
1 changed files with 97 additions and 85 deletions
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -12,10 +12,21 @@
  pkgs,
  ...
 }:
-
-with lib;
-
+let
+  inherit (lib)
+    mkDefault
+    mkOverride
+    mkEnableOption
+    mkIf
+    maintainers
+    ;
+in
 {
+  options.profiles.hardened = mkEnableOption "hardened" // {
+    default = true;
+    example = false;
+  };
+  config = mkIf config.profiles.hardened {
    meta = {
      maintainers = [
        maintainers.joachifm
@@ -122,4 +133,5 @@ with lib;
    # Ignore outgoing ICMP redirects (this is ipv4 only)
    boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
    boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
+  };
 }