fix 'hardened' profile for NixOS 20.09

The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052)
is ineffective on 20.09.

As a workaround, add a custom 'hardened' preset that uses the default allocator.

examples/configuration.nix

@@ -9,8 +9,7 @@
     # FIXME: The hardened kernel profile improves security but
     # decreases performance by ~50%.
     # Turn it off when not needed.
-    # Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
+    <nix-bitcoin/modules/presets/hardened.nix>
-    <nixpkgs/nixos/modules/profiles/hardened.nix>
 
     # FIXME: Uncomment next line to import your hardware configuration. If so,
     # add the hardware configuration file to the same directory as this file.
@@ -208,10 +207,6 @@
   # FIXME: Add custom options (like boot options, output of
   # nixos-generate-config, etc.):
 
-  # If the hardened profile is imported above, we need to explicitly allow
-  # user namespaces to enable sanboxed builds and services.
-  security.allowUserNamespaces = true;
-
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you

modules/presets/hardened.nix

@@ -0,0 +1,14 @@
+{
+  imports = [
+    # Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
+    <nixpkgs/nixos/modules/profiles/hardened.nix>
+  ];
+
+  ## Reset some options set by the hardened profile
+
+  # Needed for sandboxed builds and services
+  security.allowUserNamespaces = true;
+
+  # The "scudo" allocator is broken on NixOS 20.09
+  environment.memoryAllocator.provider = "libc";
+}