From e145fb21627283a17ce5a1ed40239299f3bcf024 Mon Sep 17 00:00:00 2001
From: Pascal Wittmann <mail@pascal-wittmann.de>
Date: Tue, 11 Jun 2024 23:57:18 +0200
Subject: [PATCH] [nixos/server] protect kernel image

---
 nixos/server/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix
index 924d29f..1355154 100644
--- a/nixos/server/configuration.nix
+++ b/nixos/server/configuration.nix
@@ -223,6 +223,8 @@ in  {
         SHA_CRYPT_MAX_ROUNDS = 640000;
       };
 
+      security.protectKernelImage = lib.mkDefault true;
+
       security.auditd.enable = true;
       security.audit.enable = true;
       security.audit.rules = [