diff --git a/flake.nix b/flake.nix index 7e21a43..a6a05d8 100644 --- a/flake.nix +++ b/flake.nix @@ -16,31 +16,33 @@ linux-hardened = pkgs: arch: configfile: let - inherit (pkgs) linuxKernel fetchFromGitHub gccStdenv; + inherit (pkgs) + callPackage + gccStdenv + linuxPackagesFor + recurseIntoAttrs; - kernel = linuxKernel.manualConfig rec { - pname = "linux-hardened"; - version = "6.10.2-hardened1"; + package = { stdenv, linuxKernel, fetchFromGitHub, features }: + linuxKernel.manualConfig rec { + inherit configfile stdenv; - src = fetchFromGitHub { - owner = "anthraxx"; - repo = pname; - rev = "v${version}"; - hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s="; + pname = "linux-hardened"; + version = "6.10.2-hardened1"; + + src = fetchFromGitHub { + owner = "anthraxx"; + repo = pname; + rev = "v${version}"; + hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s="; + }; + + extraMakeFlags = [ "KCFLAGS=-march=${arch}" ]; + isHardened = true; + features = { efiBootStub = true; }; }; - stdenv = gccStdenv; - - extraMakeFlags = [ "KCFLAGS=-march=${arch}" ]; - - isHardened = true; - inherit configfile features; - }; - - features = { efiBootStub = true; }; - in kernel.overrideAttrs (base: { - passthru = base.passthru // { inherit features; }; - }); + kernel = callPackage package { stdenv = gccStdenv; }; + in recurseIntoAttrs (linuxPackagesFor kernel); in { packages.x86_64-linux = let