From 3b465c7eb19be06e915c9915ca44ae7a339d5058 Mon Sep 17 00:00:00 2001
From: Lyn <lynatic@noreply.git.shibe.pro>
Date: Tue, 17 Sep 2024 03:06:09 +0200
Subject: [PATCH] fix hardened kernel config, enable for runner

---
 hosts/forgejo-ci/default.nix | 1 +
 modules/kernel/hardened.nix  | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/hosts/forgejo-ci/default.nix b/hosts/forgejo-ci/default.nix
index ab65ed8..f6809f7 100644
--- a/hosts/forgejo-ci/default.nix
+++ b/hosts/forgejo-ci/default.nix
@@ -6,6 +6,7 @@
     ];
   lyn.sops.secrets."hosts/forgejo-ci/forgejo_ci_token" = {};
   lyn.kernel.latest.enable = true; 
+  lyn.kernel.hardened.enable = true;
   lyn.profiles.base.enable = true;
   lyn.profiles.vm.enable = true;
   lyn.services.forgejo-ci.enable = true;
diff --git a/modules/kernel/hardened.nix b/modules/kernel/hardened.nix
index 3c02f5b..c01e471 100644
--- a/modules/kernel/hardened.nix
+++ b/modules/kernel/hardened.nix
@@ -1,6 +1,7 @@
-{lib, pkgs, config, ...}: let 
-    ifApparmor = config.lyn.kernel.hardened.apparmor.enable; 
-in{
+{lib, pkgs, config, cfg, ...}: let 
+    ifApparmor = cfg.apparmor.enable; 
+in {
+    opt.apparmor.enable = lib.mkEnableOption "apparmor";
     boot.kernelPackages = let
 	kernel = pkgs.linux-libre;
 	llvm = pkgs.llvmPackages_latest;