pkgs: { arch, config, firmware }: let inherit (pkgs) lib buildEnv buildLinux buildPackages fetchFromGitHub overrideCC runCommand; kernel = let inherit (pkgs.llvmPackages_19) llvm clang-unwrapped lld clang bintools; args = { inherit (pkgs) lib hostPlatform; }; firmwareEnv = buildEnv { name = "linux-firmware"; pathsToLink = [ "/lib/firmware" ]; paths = with pkgs; [ linux-firmware sof-firmware wireless-regdb ]; }; in buildLinux rec { pname = "linux-hardened"; version = "6.10.4-hardened1"; src = fetchFromGitHub { owner = "anthraxx"; repo = pname; rev = "v${version}"; hash = "sha256-qq2vmrUIYUuXEwuZoXrXbZY/li+ReFNuqhsy1R0yx0s="; }; defconfig = "allnoconfig"; enableCommonConfig = false; extraMakeFlags = [ "LLVM=1" "HOSTCC=${clang}/bin/clang" "HOSTCXX=${clang}/bin/clang++" "HOSTLD=${bintools}/bin/ld.lld" "HOSTAR=${bintools}/bin/ar" "CC=${clang-unwrapped}/bin/clang" "LD=${lld}/bin/ld.lld" "AR=${llvm}/bin/llvm-ar" "NM=${llvm}/bin/llvm-nm" "OBJCOPY=${llvm}/bin/llvm-objcopy" "OBJDUMP=${llvm}/bin/llvm-objdump" "READELF=${llvm}/bin/llvm-readelf" "STRIP=${llvm}/bin/llvm-strip" "KCFLAGS=-march=${arch}" ]; structuredExtraConfig = (import ./base.nix args) // (import config args) // lib.optionalAttrs (firmware != [ ]) { EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware); EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareEnv}/lib/firmware"; }; features = { efiBootStub = true; }; isHardened = true; }; in kernel.overrideAttrs (base: { installFlags = base.installFlags or [ ] ++ [ "INSTALL_MOD_PATH=$(out)" ]; postInstall = '' if [ -z "''${dontStrip-}" ]; then installFlagsArray+=( "INSTALL_MOD_STRIP=1" ) fi make modules_install $makeFlags "''${makeFlagsArray[@]}" \ $installFlags "''${installFlagsArray[@]}" depmod -b $out ${base.version} touch $out/lib/modules/${base.version}/modules.order ''; })