Describe the bug

In #331722 ananicy module overrides ananicy-cpp package to set withBpf = false on hardened kernel. This makes it impossible to use ananicy module with ananicy-cpp package with withBpf = true.

I have this configuration that worked perfectly fine before the mentioned PR:

  fileSystems."/sys/kernel/tracing" = {
    device = "tracefs";
    fsType = "tracefs";
  };
  services.ananicy = {
    enable = true;
    package = pkgs.ananicy-cpp;
  };

This configuration still works with #331722, the difference is that ananicy-cpp is being compiled without bpf support. This removes some features of the package.

It should be possible to overwrite withBpf options to true on hardened kernel. One viable solution is to add withBpf as service option, thus making such a configuration possible:

  fileSystems."/sys/kernel/tracing" = {
    device = "tracefs";
    fsType = "tracefs";
  };
  services.ananicy = {
    enable = true;
    package = pkgs.ananicy-cpp;
    withBpf = true;
  };

We could add the workaround and/or link to #327382 in the description of this service option too.

Notify maintainers

@Artturin @JohnRTitor

Note for maintainers: Please tag this issue in your PR.

Add a 👍 reaction to issues you find important.