Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
naturallaw777
2026-05-23 15:33:42 -05:00
parent 24be048f98
commit 9531a2efdd
1 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
-4
View File
@@ -130,10 +130,6 @@ Facts about the defaults, straight from `configuration.nix` and the modules:
- **Firewall on, public sshd off, RDP off, auto-login off.**
- **EFI** is mounted with `umask=0077`.
- **Kernel surface trimmed.** `boot.blacklistedKernelModules = [ "rxrpc" ];`
- **Emergency mode disabled** (`systemd.enableEmergencyMode = false`).
- **GNOME Keyring** wired into PAM (`gdm-password`, `gdm-autologin`); the keyring file is declaratively created with `0600` perms via `systemd.tmpfiles`.
- **PostgreSQL** is local-only (`local trust`, `127.0.0.1/32 trust`, `::1/128 trust`). Not exposed to the network.
- **Secrets** are materialized through `modules/credentials.nix` and `nix-bitcoin-secrets` (`/etc/nix-bitcoin-secrets/`, included in backups).
- **Weekly garbage collection** with `--delete-older-than 7d`.
## Backups & Recovery