{
  description = "Overlay for Linux kernel with fanotify access controls enabled";

  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  outputs = { self, nixpkgs }: let
    pkgs = import nixpkgs { system = "x86_64-linux"; };
  in rec {
    packages.x86_64-linux = rec {
      default = pkgs.symlinkJoin {
        name = "kernel-autobuild";
        paths = [
          linuxPackages_fanotify.kernel
          linuxPackages_fanotify.virtualbox
          linuxPackages_fanotify.zfs
        ];
      };

      linuxPackages_fanotify = pkgs.linuxPackages.extend (final: prev: {
        kernel = prev.kernel.override {
          extraConfig = ''
            FANOTIFY_ACCESS_PERMISSIONS y
          '';
        };
      });
    };

    overlay = final: prev: {
      inherit (packages.x86_64-linux) linuxPackages_fanotify;
    };
  };
}