experiment

flake.nix

@@ -16,31 +16,33 @@
 
     linux-hardened = pkgs: arch: configfile:
     let
-      inherit (pkgs) linuxKernel fetchFromGitHub gccStdenv;
+      inherit (pkgs)
+        callPackage
+        gccStdenv
+        linuxPackagesFor
+        recurseIntoAttrs;
 
-      kernel = linuxKernel.manualConfig rec {
+      package = { stdenv, linuxKernel, fetchFromGitHub, features }:
-        pname = "linux-hardened";
+        linuxKernel.manualConfig rec {
-        version = "6.10.2-hardened1";
+          inherit configfile stdenv;
 
-        src = fetchFromGitHub {
+          pname = "linux-hardened";
-          owner = "anthraxx";
+          version = "6.10.2-hardened1";
-          repo = pname;
+
-          rev = "v${version}";
+          src = fetchFromGitHub {
-          hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s=";
+            owner = "anthraxx";
+            repo = pname;
+            rev = "v${version}";
+            hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s=";
+          };
+
+          extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
+          isHardened = true;
+          features = { efiBootStub = true; };
         };
 
-        stdenv = gccStdenv;
+      kernel = callPackage package { stdenv = gccStdenv; };
-
+    in recurseIntoAttrs (linuxPackagesFor kernel);
-        extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
-
-        isHardened = true;
-        inherit configfile features;
-      };
-
-      features = { efiBootStub = true; };
-    in kernel.overrideAttrs (base: {
-      passthru = base.passthru // { inherit features; };
-    });
   in {
     packages.x86_64-linux =
     let