profiles/hardened: Add note about potential instability

Enabling the profile can lead to hard-to-debug issues, which should be warned about in addition to the cost in features and performance. See https://github.com/NixOS/nixpkgs/issues/108262 for an example.
author: talyz <kim.lindberger@gmail.com> 2021-01-04 16:03:29 +0100
committer: talyz <kim.lindberger@gmail.com> 2021-01-04 16:03:29 +0100
commit: 0f0d5c0c49d2352e9f12cb9dc9b1d0ad548643fe (patch)
tree: 44c2f9e2d4ed78ec18f52f59380808e52673767b /nixos/doc
parent: e326297f6c8d01d996219c796245b061d61b1eb0 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/doc/manual/configuration/profiles/hardened.xml b/nixos/doc/manual/configuration/profiles/hardened.xml
index dc83fc837e2a..4a51754cc7ae 100644
--- a/nixos/doc/manual/configuration/profiles/hardened.xml
+++ b/nixos/doc/manual/configuration/profiles/hardened.xml
@@ -7,7 +7,7 @@
 
  <para>
   A profile with most (vanilla) hardening options enabled by default,
-  potentially at the cost of features and performance.
+  potentially at the cost of stability, features and performance.
  </para>
 
  <para>
@@ -21,4 +21,12 @@
    xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">
   profile source</literal> for further detail on which settings are altered.
  </para>
+ <warning>
+   <para>
+     This profile enables options that are known to affect system
+     stability. If you experience any stability issues when using the
+     profile, try disabling it. If you report an issue and use this
+     profile, always mention that you do.
+   </para>
+ </warning>
 </section>
author	talyz <kim.lindberger@gmail.com>	2021-01-04 16:03:29 +0100
committer	talyz <kim.lindberger@gmail.com>	2021-01-04 16:03:29 +0100
commit	0f0d5c0c49d2352e9f12cb9dc9b1d0ad548643fe (patch)
tree	44c2f9e2d4ed78ec18f52f59380808e52673767b /nixos/doc
parent	e326297f6c8d01d996219c796245b061d61b1eb0 (diff)