linux-hardened/flake.nix

57 lines
1.9 KiB
Nix

{
description = "Hardened Linux kernel";
inputs = {
neoidiosyn.url = "git+https://woof.rip/mikael/neoidiosyn.git";
};
nixConfig = {
extra-experimental-features = [ "pipe-operator" "pipe-operators" ];
extra-substituters = [ "https://cache.kyouma.net" ];
extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
};
outputs = { self, neoidiosyn, ... }@inputs: let
inherit (neoidiosyn) lib;
packageWith = pkgs: args: pkgs.callPackage ./package.nix
(if builtins.isPath args then import args else args);
in {
lib.kernel = import ./lib.nix { inherit lib; };
packages = {
riscv64-linux = let
package = packageWith neoidiosyn.legacyPackages.riscv64-linux;
in {
default = package { };
paravirt = package ./platform/paravirt.nix;
};
aarch64-linux = let
package = packageWith neoidiosyn.legacyPackages.aarch64-linux;
in {
default = package { };
paravirt = package ./platform/paravirt.nix;
};
x86_64-linux = let
package = packageWith neoidiosyn.legacyPackages.x86_64-linux;
in {
default = package { };
paravirt = package ./platform/paravirt.nix;
supermicro-h11ssw = package ./platform/supermicro-h11ssw.nix;
thinkpad-x1-extreme-gen5 = package ./platform/thinkpad-x1-extreme-gen5.nix;
};
};
devShells = lib.genAttrs [ "riscv64-linux" "aarch64-linux" "x86_64-linux" ] (system: {
default = let
pkgs = neoidiosyn.legacyPackages.${system};
in pkgs.mkShell {
packages = with pkgs; [ pkg-config ncurses.dev bison ];
inputsFrom = [ self.packages.${system}.default ];
};
});
hydraJobs = self.packages |> lib.foldlAttrs (jobs: system: packages: lib.recursiveUpdate jobs
(lib.mapAttrs (name: package: { ${system} = lib.hydraJob package; }) packages)) { };
};
}