From 3080d90d2ce98b0e4f8b75373ae05de943df9110 Mon Sep 17 00:00:00 2001
From: Antoine Viallon <antoine@lesviallon.fr>
Date: Fri, 8 Mar 2024 23:27:09 +0100
Subject: [PATCH] [Hardening] use hardened kernel by default, but do not force
 it

---
 security/hardening.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/hardening.nix b/security/hardening.nix
index 62622c8..a679d06 100644
--- a/security/hardening.nix
+++ b/security/hardening.nix
@@ -35,7 +35,7 @@ in
   ];
 
   config = mkIf cfg.enable {
-    aviallon.boot.kernel.package = mkIf cfg.hardcore pkgs.linuxKernel.kernels.linux_hardened;
+    aviallon.boot.kernel.package = mkIf cfg.hardcore (mkDefault pkgs.linuxKernel.kernels.linux_hardened);
     security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true);
     # security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec