main
1_: {
2 boot = {
3 initrd.systemd.enable = true;
4
5 # CVE-2026-31431 (Copy Fail): disable algif_aead until kernel is patched
6 blacklistedKernelModules = [ "algif_aead" ];
7
8 kernel.sysctl = {
9 "net.ipv4.ip_forward" = 1;
10 "net.ipv6.conf.all.forwarding" = 1;
11 };
12
13 loader = {
14 systemd-boot.enable = true;
15 efi.canTouchEfiVariables = true;
16 timeout = 1;
17 };
18 };
19}