Unverified Commit 1ee2f0b0 authored Mar 10, 2026 by Mikael Voss

nixos/systemd: move default sysctls from coredump module

The default systemd sysctl snippet contains various security‐relevant
settings, it is however only installed if systemd.coredump.enable is
enabled, despite these settings not being strictly related to
systemd-coredump.

parent a39f00c0

nixos/modules/system/boot/systemd.nix

+2 −0

Original line number	Diff line number	Diff line
		@@ -667,6 +667,8 @@ in

		"systemd/system-environment-generators/env-generator".source =
		"${config.system.nixos-init.package}/bin/env-generator";

		"sysctl.d/50-default.conf".source = "${cfg.package}/example/sysctl.d/50-default.conf";
		};

		services.dbus.enable = true;

nixos/modules/system/boot/systemd/coredump.nix

+0 −2

Original line number	Diff line number	Diff line
		@@ -67,8 +67,6 @@ in
		}}"
		];
		};

		"sysctl.d/50-default.conf".source = "${systemd}/example/sysctl.d/50-default.conf";
		};

		users.users.systemd-coredump = {