pkgs: { arch, config, firmware, }: let inherit (pkgs) lib buildLinux fetchFromGitHub gccStdenv runCommand ; kernel = let args = { inherit (pkgs) lib hostPlatform; }; firmwareCollection = runCommand "linux-firmware" { inherit firmware; firmwarePackages = with pkgs; [ linux-firmware sof-firmware wireless-regdb ]; } '' for dir in ''${firmwarePackages[@]}; do pushd "$dir/lib/firmware" for fw in ''${firmware}; do if [ -e "$fw" ]; then local base="$(dirname "$fw")" mkdir -p "$out/lib/firmware/$base" ln -s "$dir/lib/firmware/$fw" "$out/lib/firmware/$base" fi done popd done ''; in buildLinux rec { pname = "linux-hardened"; version = "6.10.2-hardened1"; src = fetchFromGitHub { owner = "anthraxx"; repo = pname; rev = "v${version}"; hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s="; }; defconfig = "allnoconfig"; extraMakeFlags = [ "KCFLAGS=-march=${arch}" ]; enableCommonConfig = false; structuredExtraConfig = (import ./base.nix args) // (import config args) // lib.optionalAttrs (firmware != [ ]) { EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware); EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareCollection}/lib/firmware"; }; features = { efiBootStub = true; }; isHardened = true; stdenv = gccStdenv; }; in kernel.overrideAttrs (base: { installFlags = base.installFlags or [ ] ++ [ "INSTALL_MOD_PATH=$(out)" ]; postInstall = '' if [ -z "''${dontStrip-}" ]; then installFlagsArray+=( "INSTALL_MOD_STRIP=1" ) fi make modules_install $makeFlags "''${makeFlagsArray[@]}" \ $installFlags "''${installFlagsArray[@]}" depmod -b $out ${base.version} touch $out/lib/modules/${base.version}/modules.order ''; })