From a9810e7343a70225904b11879dd8feebd4495bb6 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Wed, 31 Jan 2024 20:33:15 +0000
Subject: [PATCH] re-ship linux 6.7 to lappy/desko/servo

now that landlock-sandboxer builds against the correct linux headers,
this can actually work.
---
 hosts/common/hardware/x86_64.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hosts/common/hardware/x86_64.nix b/hosts/common/hardware/x86_64.nix
index d29a91a1..eec8314b 100644
--- a/hosts/common/hardware/x86_64.nix
+++ b/hosts/common/hardware/x86_64.nix
@@ -8,6 +8,11 @@
       "nvme"  # to boot from nvme devices
       # efi_pstore evivars
     ];
+    # moby has to run recent kernels (defined elsewhere).
+    # meanwhile, kernel variation plays some minor role in things like sandboxing (landlock) and capabilities.
+    # simpler to keep near the latest kernel on all devices,
+    # and also makes certain that any weird system-level bugs i see aren't likely to be stale kernel bugs.
+    boot.kernelPackages = lib.mkDefault (pkgs.linuxPackagesFor pkgs.linux_latest);
 
     hardware.cpu.amd.updateMicrocode = true;    # desktop
     hardware.cpu.intel.updateMicrocode = true;  # laptop