From 8d8173b6bc865fce288aa2d7f4d25ac85adacb4f Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Mon, 29 Nov 2021 23:20:33 -0800
Subject: [PATCH] Add 'hardened' option to hosts, default false.

---
 lib/types/host.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/types/host.nix b/lib/types/host.nix
index c01d0a4..7677c33 100644
--- a/lib/types/host.nix
+++ b/lib/types/host.nix
@@ -258,6 +258,12 @@ in rec {
         default = { };
       };
 
+      hardened = mkOption {
+        type = bool;
+        description = "Harden the host, applying additional security.";
+        default = false;
+      };
+
       initrd-network = let
         keypair-type = { ... }: {
           options = {