From 2d20c1ae0288baedb05f64793911457ec2485a27 Mon Sep 17 00:00:00 2001
From: Jonas Nick <jonasd.nick@gmail.com>
Date: Sat, 27 Apr 2019 12:19:56 +0000
Subject: [PATCH] Use hardened kernel profile

---
 configuration.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/configuration.nix b/configuration.nix
index b38b941..b67013a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -5,6 +5,12 @@
 { config, pkgs, ... }: {
   imports = [
     ./modules/nix-bitcoin.nix
+
+    # Use hardened kernel profile. See
+    # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
+    # for the enabled options.
+     <nixpkgs/nixos/modules/profiles/hardened.nix>
+
     # FIXME: Uncomment next line to import your hardware configuration. If so,
     # add the hardware configuration file to the same directory as this file.
     # This is not needed when deploying to a virtual box.
@@ -97,6 +103,10 @@
   # nixos-generate-config, etc.):
 
 
+  # If the hardened profile is imported above, we need to explicitly allow
+  # user namespaces to enable sanboxed builds and services.
+  security.allowUserNamespaces = true;
+
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you