From c24692a391f918ebcd9417e66b6fb891cfb1f702 Mon Sep 17 00:00:00 2001
From: MDLeom <2809763-curben@users.noreply.gitlab.com>
Date: Sun, 29 Mar 2020 11:33:01 +0100
Subject: [PATCH] post(caddy-nixos-2): hardened kernel

---
 source/_posts/caddy-nixos-part-2.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/source/_posts/caddy-nixos-part-2.md b/source/_posts/caddy-nixos-part-2.md
index dbda38a..f75a5c8 100644
--- a/source/_posts/caddy-nixos-part-2.md
+++ b/source/_posts/caddy-nixos-part-2.md
@@ -304,3 +304,11 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
 ```
 
 TCP Fast Open ([TFO](https://en.wikipedia.org/wiki/Tcp_fast_open)) is enabled by default (`tcp_fastopen = 1`) for outgoing connection since 3.13. As of writing, TFO has limited server support; Caddy, Tor and I2Pd don't support it yet, so enabling it for incoming and outgoing connections (`3`) has no effect.
+
+## Hardened kernel
+
+Kernel compiled with additional security-oriented patch set. [More details](https://wiki.archlinux.org/index.php/Security#Kernel_hardening).
+
+```
+  boot.kernelPackages = pkgs.linuxPackages_hardened;
+```