Re‐format code

arm64.nix

@@ -1,4 +1,6 @@
-{ lib, ... }: with lib.kernel; {
+{ lib, ... }:
+with lib.kernel;
+{
   ARM64_VA_BITS_48 = yes;
   ARM64_PAN = yes;
   ARM64_USE_LSE_ATOMICS = yes;

audio.nix

@@ -1,4 +1,6 @@
-{ lib, ... }: with lib.kernel; {
+{ lib, ... }:
+with lib.kernel;
+{
   SOUND = yes;
   SND = yes;
   SND_PCM_TIMER = yes;

base.nix

@@ -1,7 +1,9 @@
-{ lib, hostPlatform, ... }@args: with lib.kernel;
+{ lib, hostPlatform, ... }@args:
+with lib.kernel;
 
-(import ./disable.nix args) //
-(import ./systemd.nix args) // {
+(import ./disable.nix args)
+// (import ./systemd.nix args)
+// {
   KERNEL_ZSTD = yes;
 
   SYSVIPC = yes;
@@ -263,7 +265,7 @@
   USB_XHCI_HCD = yes;
   USB_XHCI_PCI = yes;
 
-  RTC_CLASS  = yes;
+  RTC_CLASS = yes;
 
   DMADEVICES = yes;
   ASYNC_TX_DMA = option yes;
@@ -344,8 +346,8 @@
   PANIC_TIMEOUT = freeform "-1";
 
   EARLY_PRINTK = option no;
-} // lib.optionalAttrs hostPlatform.is64bit {
-  "64BIT" = option yes;
-} // lib.optionalAttrs hostPlatform.isx86 (import ./x86.nix args)
+}
+// lib.optionalAttrs hostPlatform.is64bit { "64BIT" = option yes; }
+// lib.optionalAttrs hostPlatform.isx86 (import ./x86.nix args)
 // lib.optionalAttrs hostPlatform.isRiscV (import ./riscv.nix args)
 // lib.optionalAttrs hostPlatform.isAarch64 (import ./arm64.nix args)

disable.nix

@@ -1,4 +1,6 @@
-{ lib, ... }: with lib.kernel; {
+{ lib, ... }:
+with lib.kernel;
+{
   X86_MPPARSE = option no;
   AMD_NUMA = option no;
 

dm-crypt.nix

@@ -1,4 +1,6 @@
-{ lib, hostPlatform, ... }: with lib.kernel; {
+{ lib, hostPlatform, ... }:
+with lib.kernel;
+{
   MD = yes;
   MD_BITMAP_FILE = no;
   BLK_DEV_DM = yes;
@@ -13,14 +15,17 @@
 
   CRYPTO_USER_API_HASH = yes;
   CRYPTO_USER_API_SKCIPHER = yes;
-} // lib.optionalAttrs hostPlatform.isx86_64 {
+}
+// lib.optionalAttrs hostPlatform.isx86_64 {
   CRYPTO_AES_NI_INTEL = yes;
   CRYPTO_AEGIS128_AESNI_SSE2 = yes;
   CRYPTO_SHA256_SSSE3 = yes;
-} // lib.optionalAttrs hostPlatform.isRiscV64 {
+}
+// lib.optionalAttrs hostPlatform.isRiscV64 {
   CRYPTO_AES_RISCV64 = yes;
   CRYPTO_SHA256_RISCV64 = yes;
-} // lib.optionalAttrs hostPlatform.isAarch64 {
+}
+// lib.optionalAttrs hostPlatform.isAarch64 {
   CRYPTO_AES_ARM64 = yes;
   CRYPTO_AES_ARM64_CE = yes;
   CRYPTO_AES_ARM64_CE_BLK = yes;

flake.nix

@@ -8,42 +8,56 @@
     extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
   };
 
-  outputs = { self, nixpkgs, ... }:
-  let
-    inherit (nixpkgs) lib;
-    inherit (lib) mapAttrs;
-    profiles = import ./profiles.nix;
-
-    legacyPackages = mapAttrs
-      (system: profile: import nixpkgs { inherit system; }) profiles;
-
-    linux-hardened = import ./linux-hardened.nix;
-  in {
-    packages = mapAttrs (system: profiles:
-      mapAttrs (name: profile:
-        linux-hardened legacyPackages.${system} profile) profiles)
-      profiles;
-
-    devShells = mapAttrs (system: profile:
+  outputs =
+    { self, nixpkgs, ... }:
     let
-      pkgs = legacyPackages.${system};
-      dummy = linux-hardened pkgs
-        { arch = ""; config = ./dummy.nix; firmware = [ ]; };
+      inherit (nixpkgs) lib;
+      inherit (lib) mapAttrs;
+      profiles = import ./profiles.nix;
 
-      mkShell = packages: pkgs.mkShell {
-        inherit packages;
-        shellHook = ''
-          exec $SHELL
-        '';
+      legacyPackages = mapAttrs (system: profile: import nixpkgs { inherit system; }) profiles;
+
+      linux-hardened = import ./linux-hardened.nix;
+    in
+    {
+      packages = mapAttrs (
+        system: profiles: mapAttrs (name: profile: linux-hardened legacyPackages.${system} profile) profiles
+      ) profiles;
+
+      devShells = mapAttrs (
+        system: profile:
+        let
+          pkgs = legacyPackages.${system};
+          dummy = linux-hardened pkgs {
+            arch = "";
+            config = ./dummy.nix;
+            firmware = [ ];
+          };
+
+          mkShell =
+            packages:
+            pkgs.mkShell {
+              inherit packages;
+              shellHook = ''
+                exec $SHELL
+              '';
+            };
+        in
+        {
+          default = mkShell (
+            with pkgs;
+            dummy.nativeBuildInputs
+            ++ [
+              ncurses
+              pkg-config
+            ]
+          );
+        }
+      ) profiles;
+
+      hydraJobs = {
+        kernel = self.packages;
+        shell = self.devShells;
       };
-    in {
-      default = mkShell
-        (with pkgs; dummy.nativeBuildInputs ++ [ ncurses pkg-config ]);
-    }) profiles;
-
-    hydraJobs = {
-      kernel = self.packages;
-      shell = self.devShells;
     };
-  };
 }

linux-hardened.nix

@@ -1,56 +1,82 @@
-pkgs: { arch, config, firmware }:
+pkgs:
+{
+  arch,
+  config,
+  firmware,
+}:
 let
-  inherit (pkgs) lib buildLinux fetchFromGitHub gccStdenv runCommand;
+  inherit (pkgs)
+    lib
+    buildLinux
+    fetchFromGitHub
+    gccStdenv
+    runCommand
+    ;
 
   kernel =
-  let
-    args = { inherit (pkgs) lib hostPlatform; };
+    let
+      args = {
+        inherit (pkgs) lib hostPlatform;
+      };
 
-    firmwareCollection = runCommand "linux-firmware" {
-      inherit firmware;
-      firmwarePackages = with pkgs; [ linux-firmware sof-firmware wireless-regdb ];
-    } ''
-      for dir in ''${firmwarePackages[@]}; do
-        pushd "$dir/lib/firmware"
+      firmwareCollection =
+        runCommand "linux-firmware"
+          {
+            inherit firmware;
+            firmwarePackages = with pkgs; [
+              linux-firmware
+              sof-firmware
+              wireless-regdb
+            ];
+          }
+          ''
+            for dir in ''${firmwarePackages[@]}; do
+              pushd "$dir/lib/firmware"
 
-        for fw in ''${firmware}; do
-          if [ -e "$fw" ]; then
-            local base="$(dirname "$fw")"
-            mkdir -p "$out/lib/firmware/$base"
-            ln -s "$dir/lib/firmware/$fw" "$out/lib/firmware/$base"
-          fi
-        done
+              for fw in ''${firmware}; do
+                if [ -e "$fw" ]; then
+                  local base="$(dirname "$fw")"
+                  mkdir -p "$out/lib/firmware/$base"
+                  ln -s "$dir/lib/firmware/$fw" "$out/lib/firmware/$base"
+                fi
+              done
 
-        popd
-      done
-    '';
-  in buildLinux rec {
-    pname = "linux-hardened";
-    version = "6.10.2-hardened1";
+              popd
+            done
+          '';
+    in
+    buildLinux rec {
+      pname = "linux-hardened";
+      version = "6.10.2-hardened1";
 
-    src = fetchFromGitHub {
-      owner = "anthraxx";
-      repo = pname;
-      rev = "v${version}";
-      hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s=";
+      src = fetchFromGitHub {
+        owner = "anthraxx";
+        repo = pname;
+        rev = "v${version}";
+        hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s=";
+      };
+
+      defconfig = "allnoconfig";
+      extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
+      enableCommonConfig = false;
+
+      structuredExtraConfig =
+        (import ./base.nix args)
+        // (import config args)
+        // {
+          EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware);
+          EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareCollection}/lib/firmware";
+        };
+
+      features = {
+        efiBootStub = true;
+      };
+      isHardened = true;
+      stdenv = gccStdenv;
     };
-
-    defconfig = "allnoconfig";
-    extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
-    enableCommonConfig = false;
-
-    structuredExtraConfig = (import ./base.nix args) // (import config args) // {
-      EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware);
-      EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareCollection}/lib/firmware";
-    };
-
-    features = { efiBootStub = true; };
-    isHardened = true;
-    stdenv = gccStdenv;
-  };
-in kernel.overrideAttrs (base: {
-  installFlags = base.installFlags or [ ] ++
-    [ "INSTALL_MOD_PATH=$(out)" ];
+in
+kernel.overrideAttrs (base: {
+  installFlags = base.installFlags or [ ] ++ [ "INSTALL_MOD_PATH=$(out)" ];
 
   postInstall = ''
     if [ -z "''${dontStrip-}" ]; then

physical.nix

@@ -1,4 +1,6 @@
-{ lib, ... }: with lib.kernel; {
+{ lib, ... }:
+with lib.kernel;
+{
   MICROCODE = yes;
 
   ENERGY_MODEL = yes;

portable.nix

@@ -1,4 +1,6 @@
-{ lib, ... }: with lib.kernel; {
+{ lib, ... }:
+with lib.kernel;
+{
   PREEMPT_VOLUNTARY = yes;
 
   SUSPEND = yes;

profiles.nix

@@ -10,20 +10,31 @@
       arch = "alderlake";
       config = ./x86-64/thinkpad-x1-extreme-gen5.nix;
       firmware = [
-        "i915/adlp_dmc.bin" "i915/adlp_dmc_ver2_16.bin"
-        "i915/adlp_guc_70.bin" "i915/tgl_huc.bin"
-        "intel/ibt-0040-0041.sfi" "intel/ibt-0040-0041.ddc"
-        "intel/sof/sof-adl.ri" "intel/sof-tplg/sof-hda-generic-2ch.tplg"
-        "iwlwifi-so-a0-gf-a0-89.ucode" "iwlwifi-so-a0-gf-a0.pnvm"
+        "i915/adlp_dmc.bin"
+        "i915/adlp_dmc_ver2_16.bin"
+        "i915/adlp_guc_70.bin"
+        "i915/tgl_huc.bin"
+        "intel/ibt-0040-0041.sfi"
+        "intel/ibt-0040-0041.ddc"
+        "intel/sof/sof-adl.ri"
+        "intel/sof-tplg/sof-hda-generic-2ch.tplg"
+        "iwlwifi-so-a0-gf-a0-89.ucode"
+        "iwlwifi-so-a0-gf-a0.pnvm"
         "nvidia/ga107/acr/ucode_unload.bin"
-        "nvidia/ga107/acr/ucode_asb.bin" "nvidia/ga107/acr/ucode_ahesasc.bin"
-        "nvidia/ga107/gr/fecs_bl.bin" "nvidia/ga107/gr/fecs_sig.bin"
-        "nvidia/ga107/gr/gpccs_bl.bin" "nvidia/ga107/gr/gpccs_sig.bin"
+        "nvidia/ga107/acr/ucode_asb.bin"
+        "nvidia/ga107/acr/ucode_ahesasc.bin"
+        "nvidia/ga107/gr/fecs_bl.bin"
+        "nvidia/ga107/gr/fecs_sig.bin"
+        "nvidia/ga107/gr/gpccs_bl.bin"
+        "nvidia/ga107/gr/gpccs_sig.bin"
         "nvidia/ga107/gr/NET_img.bin"
-        "nvidia/ga107/sec2/desc.bin" "nvidia/ga107/sec2/image.bin"
-        "nvidia/ga107/sec2/sig.bin" "nvidia/ga107/sec2/hs_bl_sig.bin"
+        "nvidia/ga107/sec2/desc.bin"
+        "nvidia/ga107/sec2/image.bin"
+        "nvidia/ga107/sec2/sig.bin"
+        "nvidia/ga107/sec2/hs_bl_sig.bin"
         "nvidia/ga107/nvdec/scrubber.bin"
-        "regulatory.db" "regulatory.db.p7s"
+        "regulatory.db"
+        "regulatory.db.p7s"
       ];
     };
 

qemu-virtio.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 
-with lib.kernel; {
+with lib.kernel;
+{
   NR_CPUS = freeform "8";
 
   HYPERVISOR_GUEST = yes;

riscv.nix

@@ -1,4 +1,6 @@
-{ lib, ... }: with lib.kernel; {
+{ lib, ... }:
+with lib.kernel;
+{
   ARCH_RV64I = yes;
   COMPAT = no;
 

router.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 
-with lib.kernel; {
+with lib.kernel;
+{
   IP_ADVANCED_ROUTER = yes;
   IP_MULTIPLE_TABLES = yes;
   IP_ROUTE_MULTIPATH = yes;

systemd.nix

@@ -1,4 +1,6 @@
-{ lib, ... }: with lib.kernel; {
+{ lib, ... }:
+with lib.kernel;
+{
   # Base requirements
   DEVTMPFS = yes;
   CGROUPS = yes;

wireless.nix

@@ -1,4 +1,6 @@
-{ lib, hostPlatform, ... }: with lib.kernel; {
+{ lib, hostPlatform, ... }:
+with lib.kernel;
+{
   WIRELESS = yes;
   CFG80211 = yes;
   CFG80211_DEFAULT_PS = yes;
@@ -43,17 +45,20 @@
   X509_CERTIFICATE_PARSER = option yes;
   PKCS7_MESSAGE_PARSER = option yes;
   PKCS8_PRIVATE_KEY_PARSER = option yes;
-} // lib.optionalAttrs hostPlatform.isx86_64 {
+}
+// lib.optionalAttrs hostPlatform.isx86_64 {
   CRYPTO_AES_NI_INTEL = option yes;
   CRYPTO_DES3_EDE_X86_64 = option yes;
   CRYPTO_SHA1_SSSE3 = option yes;
   CRYPTO_SHA256_SSSE3 = option yes;
   CRYPTO_SHA512_SSSE3 = option yes;
-} // lib.optionalAttrs hostPlatform.isRiscV64 {
+}
+// lib.optionalAttrs hostPlatform.isRiscV64 {
   CRYPTO_AES_RISCV64 = option yes;
   CRYPTO_SHA256_RISCV64 = option yes;
   CRYPTO_SHA512_RISCV64 = option yes;
-} // lib.optionalAttrs hostPlatform.isAarch64 {
+}
+// lib.optionalAttrs hostPlatform.isAarch64 {
   CRYPTO_AES_ARM64_CE = option yes;
   CRYPTO_AES_ARM64_CE_BLK = option yes;
   CRYPTO_SHA1_ARM64_CE = option yes;

x86.nix

@@ -1,4 +1,6 @@
-{ lib, hostPlatform, ... }: with lib.kernel; {
+{ lib, hostPlatform, ... }:
+with lib.kernel;
+{
   SCHED_OMIT_FRAME_POINTER = yes;
 
   X86_FRED = yes;