Unverified Commit 2cf50329 authored by John Titor's avatar John Titor
Browse files

nixos/ananicy: disable ananicy-cpp's BPF on hardened kernels

parent d626da64

nixos/modules/services/misc/ananicy.nix

+9 −3
Original line number Diff line number Diff line
@@ -18,7 +18,13 @@ let 
    lib.concatMapStringsSep "\n" (l: builtins.toJSON l) cfg.extraCgroups

  );

  servicename =

    if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then "ananicy-cpp" else "ananicy";

    if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-pp)) then "ananicy-cpp" else "ananicy";

  # Ananicy-CPP with BPF is not supported on hardened kernels https://github.com/NixOS/nixpkgs/issues/327382

  finalPackage =

    if (servicename == "ananicy-cpp" && config.boot.kernelPackages.isHardened) then

      (cfg.package { withBpf = false; })

    else

      cfg.package;

in

{

  options.services.ananicy = {
@@ -107,7 +113,7 @@ in 


  config = lib.mkIf cfg.enable {

    environment = {

      systemPackages = [ cfg.package ];

      systemPackages = [ finalPackage ];

      etc."ananicy.d".source = pkgs.runCommandLocal "ananicyfiles" { } ''

        mkdir -p $out

        # ananicy-cpp does not include rules or settings on purpose
@@ -159,7 +165,7 @@ in 
      );



    systemd = {

      packages = [ cfg.package ];

      packages = [ finalPackage ];

      services."${servicename}" = {

        wantedBy = [ "default.target" ];

      };