From 0f0d5c0c49d2352e9f12cb9dc9b1d0ad548643fe Mon Sep 17 00:00:00 2001
From: talyz <kim.lindberger@gmail.com>
Date: Mon, 4 Jan 2021 16:03:29 +0100
Subject: [PATCH] profiles/hardened: Add note about potential instability

Enabling the profile can lead to hard-to-debug issues, which should be
warned about in addition to the cost in features and performance.

See https://github.com/NixOS/nixpkgs/issues/108262 for an example.
---
 nixos/doc/manual/configuration/profiles/hardened.xml | 10 +++++++++-
 nixos/modules/profiles/hardened.nix                  |  7 ++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/nixos/doc/manual/configuration/profiles/hardened.xml b/nixos/doc/manual/configuration/profiles/hardened.xml
index dc83fc837e2a..4a51754cc7ae 100644
--- a/nixos/doc/manual/configuration/profiles/hardened.xml
+++ b/nixos/doc/manual/configuration/profiles/hardened.xml
@@ -7,7 +7,7 @@
 
  <para>
   A profile with most (vanilla) hardening options enabled by default,
-  potentially at the cost of features and performance.
+  potentially at the cost of stability, features and performance.
  </para>
 
  <para>
@@ -21,4 +21,12 @@
    xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">
   profile source</literal> for further detail on which settings are altered.
  </para>
+ <warning>
+   <para>
+     This profile enables options that are known to affect system
+     stability. If you experience any stability issues when using the
+     profile, try disabling it. If you report an issue and use this
+     profile, always mention that you do.
+   </para>
+ </warning>
 </section>
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 42ed62b06304..680fa40b9119 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -1,5 +1,10 @@
 # A profile with most (vanilla) hardening options enabled by default,
-# potentially at the cost of features and performance.
+# potentially at the cost of stability, features and performance.
+#
+# This profile enables options that are known to affect system
+# stability. If you experience any stability issues when using the
+# profile, try disabling it. If you report an issue and use this
+# profile, always mention that you do.
 
 { config, lib, pkgs, ... }: