mikael/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-hardened/flake.nix
Mikael Voss d5a1fd5848 experiment
2024-07-31 19:53:56 +02:00

75 lines
1.9 KiB
Nix
Raw Blame History

{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
};
nixConfig = {
extra-substituters = [ "https://cache.kyouma.net" ];
extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
};
outputs = { self, nixpkgs, ... }:
let
inherit (nixpkgs) lib;
eachSystem = lib.genAttrs [ "x86_64-linux" ];
legacyPackages = eachSystem (system: import nixpkgs { inherit system; });
linux-hardened = pkgs: arch: configfile:
let
inherit (pkgs) linuxKernel fetchFromGitHub gccStdenv;
kernelPkg = linuxKernel.manualConfig rec {
inherit configfile;
pname = "linux-hardened";
version = "6.10.2-hardened1";
src = fetchFromGitHub {
owner = "anthraxx";
repo = pname;
rev = "v${version}";
hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s=";
};
stdenv = gccStdenv;
extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
isHardened = true;
features = { efiBootStub = true; };
};
kernel = pkgs.callPackage kernelPkg { };
in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor kernel);
in {
packages.x86_64-linux =
let
pkgs = legacyPackages.x86_64-linux;
in {
qemu-virtio =
linux-hardened pkgs "x86-64-v3" ./x86-64/qemu-virtio;
thinkpad-x1-extreme-gen5 =
linux-hardened pkgs "alderlake" ./x86-64/thinkpad-x1-extreme-gen5;
};
devShells.x86_64-linux =
let
pkgs = legacyPackages.x86_64-linux;
mkShell = packages: pkgs.mkShell {
inherit packages;
shellHook = ''
exec $SHELL
'';
};
in {
default = mkShell
(with pkgs; self.packages.x86_64-linux.qemu-virtio.nativeBuildInputs ++ [ ncurses pkg-config ]);
};
hydraJobs = {
kernel = self.packages;
shell = self.devShells;
};
};
}
Reference in a new issue View git blame Copy permalink