profiles/hardened: Add note about potential instability

Enabling the profile can lead to hard-to-debug issues, which should be warned about in addition to the cost in features and performance. See https://github.com/NixOS/nixpkgs/issues/108262 for an example.
2025-04-13 15:17:33 +00:00 · 2021-01-04 16:03:29 +01:00 · 2021-01-04 16:03:29 +01:00 · 0f0d5c0c49
commit 0f0d5c0c49
parent e326297f6c
2 changed files with 15 additions and 2 deletions
--- a/nixos/doc/manual/configuration/profiles/hardened.xml
+++ b/nixos/doc/manual/configuration/profiles/hardened.xml
@ -7,7 +7,7 @@

 <para>
  A profile with most (vanilla) hardening options enabled by default,
-  potentially at the cost of features and performance.
+  potentially at the cost of stability, features and performance.
 </para>

 <para>
@ -21,4 +21,12 @@
   xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">
  profile source</literal> for further detail on which settings are altered.
 </para>
+ <warning>
+   <para>
+     This profile enables options that are known to affect system
+     stability. If you experience any stability issues when using the
+     profile, try disabling it. If you report an issue and use this
+     profile, always mention that you do.
+   </para>
+ </warning>
 </section>
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@ -1,5 +1,10 @@
 # A profile with most (vanilla) hardening options enabled by default,
-# potentially at the cost of features and performance.
+# potentially at the cost of stability, features and performance.
+#
+# This profile enables options that are known to affect system
+# stability. If you experience any stability issues when using the
+# profile, try disabling it. If you report an issue and use this
+# profile, always mention that you do.

 { config, lib, pkgs, ... }: