NixOS/mobile-nixos
1
1
Fork 0
mirror of https://github.com/NixOS/mobile-nixos.git synced 2024-09-11 12:05:26 +03:00
Code Issues Projects Releases Wiki Activity

support/kernel-config: Provide more defaults

Browse Source 
The goal here is to reduce the total diff between the different devices
in this repo.

I'm not married to most choices, we can change them as needed.
This commit is contained in:
Samuel Dionne-Riel 2023-09-12 01:55:24 -04:00
parent 5729cba165
commit 7586cfcb6d
4 changed files with 939 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

464
support/kernel-config/configuration.nix
View File

@ -1,11 +1,473 @@
{ lib, ... }:
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkDefault
mkIf
mkMerge
mkOptionDefault
;
# To expedite disabling them all...
knownArches = [
"ARCH_ACTIONS"
"ARCH_SUNXI"
"ARCH_ALPINE"
"ARCH_APPLE"
"ARCH_BCM"
"ARCH_BERLIN"
"ARCH_BITMAIN"
"ARCH_EXYNOS"
"ARCH_SPARX5"
"ARCH_K3"
"ARCH_LG1K"
"ARCH_HISI"
"ARCH_KEEMBAY"
"ARCH_MEDIATEK"
"ARCH_MESON"
"ARCH_MVEBU"
"ARCH_NXP"
"ARCH_MA35"
"ARCH_NPCM"
"ARCH_QCOM"
"ARCH_REALTEK"
"ARCH_RENESAS"
"ARCH_ROCKCHIP"
"ARCH_SEATTLE"
"ARCH_INTEL_SOCFPGA"
"ARCH_STM32"
"ARCH_SYNQUACER"
"ARCH_TEGRA"
"ARCH_SPRD"
"ARCH_THUNDER"
"ARCH_THUNDER2"
"ARCH_UNIPHIER"
"ARCH_VEXPRESS"
"ARCH_VISCONTI"
"ARCH_XGENE"
"ARCH_ZYNQMP"
];
inherit (pkgs.stdenv)
is64bit
isAarch32
isAarch64
isx86_32
isx86_64
;
isArm = pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32;
isx86 = isx86_32 || isx86_64;
evaluatedStructuredConfig = import ../../overlay/mobile-nixos/kernel/eval-config.nix rec {
inherit (pkgs) lib path writeShellScript;
version = "6.6"; # Unimportant, we just want to assert that *any* is enabled.
structuredConfig = (pkgs.systemBuild-structuredConfig version);
};
structuredConfig = evaluatedStructuredConfig.config.settings;
archConfig = lib.filterAttrs (key: _: lib.hasPrefix "ARCH_" key) structuredConfig;
enabledArchConfig = builtins.attrNames (lib.filterAttrs (_: val: val.tristate == "y") archConfig);
mkOptionDefaultIze =
attrs:
builtins.mapAttrs (_: value: mkOptionDefault value) attrs
;
mkDefaultIze =
attrs:
builtins.mapAttrs (_: value: mkDefault value) attrs
;
in
{
imports = [
./nixos.nix
./filesystems.nix
./networking.nix
];
assertions = [
{
assertion = !isArm || (builtins.length enabledArchConfig > 0);
message = "This AArch64 device is missing an appropriate ARCH_ configuration for normalization.";
}
];
mobile.kernel.structuredConfig = [
(helpers: with helpers; mkOptionDefaultIze {
# These default settings should hold mostly true for now.
EFI = if isx86 then yes else no;
ACPI = if isx86 then yes else no;
})
(helpers: with helpers; mkDefaultIze {
COMPAT = mkMerge [
(mkIf isAarch64 (whenAtLeast "3.7" yes))
];
CMDLINE = mkIf isArm (freeform ''""'');
IKCONFIG = yes;
IKCONFIG_PROC = yes;
CC_OPTIMIZE_FOR_PERFORMANCE = mkMerge [
(option yes) # Sometimes available on vendor kernels
(whenAtLeast "4.7" yes) # Required otherwise
];
CC_OPTIMIZE_FOR_SIZE = whenAtLeast "4.7" (no);
JUMP_LABEL = yes;
PRINTK = yes;
PRINTK_TIME = yes;
LEGACY_PTYS = no;
RPMSG_TTY = no;
LOG_BUF_SHIFT = freeform "20";
CONSOLE_LOGLEVEL_DEFAULT = (whenAtLeast "4.10" (freeform "4"));
CONSOLE_LOGLEVEL_QUIET = (whenAtLeast "4.10" (freeform "4"));
MESSAGE_LOGLEVEL_DEFAULT = (whenAtLeast "3.17" (freeform "7"));
PANIC_TIMEOUT = (freeform "5");
MAGIC_SYSRQ = no;
# quietly [ignores] numerous fatal conditions [otherwise]. Just say Y.
BUG = yes;
# Consider disabling on platforms with tiny boot partitions.
KALLSYMS = yes;
KALLSYMS_ALL = no;
PROFILING = no;
DEBUG_INFO_NONE = whenAtLeast "5.18" yes;
SECURITY = yes;
INTEGRITY = mkMerge [
(whenAtLeast "3.18" yes)
(whenOlder "3.18" (option yes))
];
# Only use this if you really know what you are doing.
EXPERT = no;
EMBEDDED = no;
RUNTIME_TESTING_MENU = no;
INITRAMFS_PRESERVE_MTIME = whenAtLeast "5.19" yes;
HIBERNATION = no;
# used for small on-chip SRAM areas found on many SoCs
SRAM = whenAtLeast "3.10" yes;
PACKING = whenAtLeast "5.2" yes;
MEMORY_FAILURE = no;
RAS = no;
PCIEAER = no;
EDAC_MM_EDAC = no;
UNIX_DIAG = yes;
PACKET_DIAG = yes;
})
(helpers: with helpers; mkDefaultIze {
BPF_SYSCALL = yes;
})
(helpers: with helpers; mkDefaultIze {
RCU_CPU_STALL_TIMEOUT = freeform "21";
RCU_EXP_CPU_STALL_TIMEOUT = whenAtLeast "5.19" (freeform "20");
RCU_TRACE = yes;
FRAME_WARN = freeform "2048";
STRIP_ASM_SYMS = yes;
DEBUG_MISC = no;
FTRACE = no;
})
(helpers: with helpers; mkDefaultIze {
# Devices using serial I/O; AT keyboard, PS/2 mouse, etc...
# Option no since some HID devices may `select` it.
SERIO = if isx86 then yes else (option no);
USB_ONBOARD_HUB = whenAtLeast "6.0" yes;
})
(helpers: with helpers; mkDefaultIze {
PM_AUTOSLEEP = yes;
CPU_FREQ = yes;
CPU_FREQ_GOV_PERFORMANCE = option yes;
CPU_FREQ_GOV_POWERSAVE = option yes;
CPU_FREQ_GOV_USERSPACE = option yes;
CPU_FREQ_GOV_ONDEMAND = option yes;
CPU_FREQ_GOV_CONSERVATIVE = option yes;
CPU_FREQ_GOV_SCHEDUTIL = whenAtLeast "4.7" yes;
})
# Disables all ARCH_* options by default
(helpers: with helpers; builtins.listToAttrs (
# Prefer mkOptionDefault as it makes using `mkDefault` in the soc options possible.
# `option` as `ARCH_×××` may not be available in all situations.
map (name: { inherit name; value = mkOptionDefault (option no); } ) knownArches
))
(helpers: with helpers; mkDefaultIze {
# If you're a distro say Y.
NO_HZ_FULL = mkMerge [
(mkIf is64bit (whenAtLeast "3.10" (option yes)))
(mkIf (!is64bit) (option no))
];
# The previous has the same default behaviour
NO_HZ_IDLE = mkMerge [
(mkIf is64bit (whenAtLeast "3.10" (option no)))
(mkIf (!is64bit) (option yes))
];
HIGH_RES_TIMERS = yes;
# 1000 Hz is the preferred choice for desktop systems and other systems requiring fast interactive responses to events.
HZ = (mkMerge [
(mkIf isArm (whenOlder "4.4" (option (freeform "1000"))))
(mkIf isArm (whenAtLeast "4.4" (freeform "1000")))
(mkIf (!isArm) (freeform "1000"))
]);
HZ_1000 = (mkMerge [
(mkIf isArm (whenOlder "4.4" (option yes)))
(mkIf isArm (whenAtLeast "4.4" yes))
(mkIf (!isArm) yes)
]);
# Implementation arch-dependent, but often cited with:
# This is purely to save memory - each supported CPU adds approximately [eight|sixteen] kilobytes to the kernel image.
NR_CPUS = (freeform "16");
NUMA = (option no);
})
(helpers: with helpers; mkDefaultIze {
ATA = no;
MD = yes;
DAX = (whenAtLeast "4.12" yes);
DM_CRYPT = yes;
DM_INIT = no;
BLK_DEV = yes;
BLK_DEV_LOOP = yes;
BLK_DEV_DM = yes;
# TODO: see if needed for LVM?
BLK_DEV_MD = no;
BLK_DEV_NBD = no;
BLK_DEV_RAM = yes;
BLOCK_LEGACY_AUTOLOAD = whenAtLeast "5.18" no;
})
(helpers: with helpers; mkDefaultIze {
SWAP = yes;
ZSWAP = no;
ZSMALLOC = yes;
ZRAM = yes;
ZRAM_DEF_COMP_LZ4 = (whenAtLeast "5.11" yes);
ZRAM_DEF_COMP = (whenAtLeast "5.11" (freeform ''"lz4"''));
ZRAM_WRITEBACK = option yes;
ZBUD = option yes;
CRYPTO_LZ4 = (whenAtLeast "3.11" yes);
})
(helpers: with helpers; mkDefaultIze {
XEN = no;
VHOST_MENU = no;
VFIO = no;
VIRTIO_MENU = no;
VIRTIO_BALLOON = no;
VIRTIO_BLK = no;
VIRTIO_NET = no;
VIRTIO_CONSOLE = no;
MEMORY_BALLOON = no;
UTS_NS = yes;
})
(helpers: with helpers; mkDefaultIze {
CGROUP_BPF = yes;
CGROUP_DEBUG = no;
AUDIT = yes;
AUDITSYSCALL = yes;
})
(helpers: with helpers; mkDefaultIze {
STACKTRACE = yes;
MEMTEST = no;
CORESIGHT = no;
})
(helpers: with helpers; mkDefaultIze {
LOGO_LINUX_MONO = no;
LOGO_LINUX_VGA16 = no;
FB = yes;
FRAMEBUFFER_CONSOLE_ROTATION = yes;
FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes;
# See 8f5b1e6511b83ab5483dc5f8b60e2438e9c6dfbe
# We're only making the value the same across all builds here.
DUMMY_CONSOLE_COLUMNS = whenAtLeast "4.0" (freeform "80");
DUMMY_CONSOLE_ROWS = whenAtLeast "4.0" (freeform "25");
FB_MODE_HELPERS = no;
FB_ARMCLCD = no;
LCD_CLASS_DEVICE = no;
FB_SIMPLE = yes;
})
(helpers: with helpers; mkDefaultIze {
NEW_LEDS = yes;
LEDS_CLASS = yes;
LEDS_TRIGGERS = yes;
LEDS_TRIGGER_ACTIVITY = option yes;
LEDS_TRIGGER_AUDIO = option yes;
LEDS_TRIGGER_BACKLIGHT = option yes;
LEDS_TRIGGER_CAMERA = option yes;
LEDS_TRIGGER_CPU = option yes;
LEDS_TRIGGER_DEFAULT_ON = option yes;
LEDS_TRIGGER_DISK = option yes;
LEDS_TRIGGER_GPIO = option yes;
LEDS_TRIGGER_HEARTBEAT = option yes;
LEDS_TRIGGER_MTD = option yes;
LEDS_TRIGGER_NETDEV = option yes;
LEDS_TRIGGER_ONESHOT = option yes;
LEDS_TRIGGER_PANIC = option yes;
LEDS_TRIGGER_PATTERN = option yes;
LEDS_TRIGGER_TIMER = option yes;
LEDS_TRIGGER_TRANSIENT = option yes;
LEDS_TRIGGER_TTY = option yes;
USB_LEDS_TRIGGER_USBPORT = option yes;
})
(helpers: with helpers; mkOptionDefaultIze {
# Generally desired to be enabled.
USB_GADGET = yes;
# But no pre-composed gadgets
USB_ZERO = no;
USB_AUDIO = no;
USB_ETH = no;
USB_G_NCM = no;
USB_GADGETFS = no;
USB_FUNCTIONFS = no;
USB_MASS_STORAGE = no;
USB_G_SERIAL = no;
USB_MIDI_GADGET = no;
USB_G_PRINTER = no;
USB_CDC_COMPOSITE = no;
USB_G_ACM_MS = no;
USB_G_MULTI = no;
USB_G_HID = no;
USB_G_DBGP = no;
USB_G_WEBCAM = no;
USB_RAW_GADGET = no;
# We want the configfs stuff
USB_CONFIGFS = yes;
USB_CONFIGFS_F_FS = yes;
# Networking
USB_CONFIGFS_ECM = yes;
USB_CONFIGFS_EEM = yes;
USB_CONFIGFS_NCM = yes;
USB_CONFIGFS_RNDIS = yes;
USB_CONFIGFS_ECM_SUBSET = no;
# Storage
USB_CONFIGFS_MASS_STORAGE = yes;
# Serial
USB_CONFIGFS_SERIAL = yes;
USB_CONFIGFS_ACM = no;
USB_CONFIGFS_OBEX = no;
# HID
USB_CONFIGFS_F_HID = yes;
# Sound
USB_CONFIGFS_F_UAC2 = yes;
# Video
USB_CONFIGFS_F_UVC = yes;
# Unneeded
USB_CONFIGFS_F_LB_SS = no;
USB_CONFIGFS_F_MIDI = no;
USB_CONFIGFS_F_PRINTER = no;
USB_CONFIGFS_F_UAC1 = no;
USB_CONFIGFS_F_UAC1_LEGACY = no;
})
(helpers: with helpers; mkDefaultIze {
PSTORE = yes;
# Does nothing if not congigured on the kernel command-line
# or in the device tree.
PSTORE_RAM = option yes;
# Default to always log console to pstore
PSTORE_CONSOLE = whenAtLeast "3.6" yes;
PSTORE_PMSG = yes;
# Logging all the time to EFI vars isn't great.
EFI_VARS_PSTORE = option no;
EFI_VARS_PSTORE_DEFAULT_DISABLE = option yes;
# Not desirable
MTD_PSTORE = no;
# Devices, users or debug config could enable this if needed
PSTORE_BLK = no;
PSTORE_DEFLATE_COMPRESS = no;
PSTORE_LZO_COMPRESS = no;
PSTORE_LZ4_COMPRESS = no;
PSTORE_LZ4HC_COMPRESS = no;
PSTORE_842_COMPRESS = no;
PSTORE_ZSTD_COMPRESS = whenAtLeast "4.19" yes;
PSTORE_COMPRESS_DEFAULT = freeform ''"zstd"'';
})
(helpers: with helpers; mkDefaultIze {
# Common stuff
GPIOLIB = yes;
I2C = yes;
I2C_HELPER_AUTO = yes;
POWER_SUPPLY = yes;
SND = yes;
SOUND = yes;
USB = yes;
ETHERNET = no;
RC_CORE = no;
})
(helpers: with helpers; mkDefaultIze {
# Input
INPUT = yes;
INPUT_EVDEV = yes;
INPUT_UINPUT = yes;
USB_HID = yes;
INPUT_FF_MEMLESS = yes;
INPUT_JOYDEV = yes;
INPUT_KEYBOARD = yes;
INPUT_LEDS = yes;
INPUT_MISC = yes;
INPUT_MOUSE = yes;
INPUT_TOUCHSCREEN = yes;
KEYBOARD_ATKBD = no;
MOUSE_PS2 = no;
INPUT_JOYSTICK = no;
})
(helpers: with helpers; mkOptionDefaultIze {
# Cameras yes
MEDIA_SUPPORT = yes;
MEDIA_CAMERA_SUPPORT = yes;
VIDEO_DEV = yes;
# Others, meh
MEDIA_PCI_SUPPORT = option no;
MEDIA_USB_SUPPORT = option no;
MEDIA_DIGITAL_TV_SUPPORT = no;
MEDIA_ANALOG_TV_SUPPORT = no;
MEDIA_RADIO_SUPPORT = no;
MEDIA_TUNER = no;
RADIO_ADAPTERS = no;
VIDEO_TVAUDIO = no;
})
(helpers: with helpers; mkDefaultIze {
DEVFREQ_GOV_SIMPLE_ONDEMAND = yes;
DEVFREQ_GOV_PERFORMANCE = yes;
DEVFREQ_GOV_POWERSAVE = yes;
DEVFREQ_GOV_USERSPACE = yes;
DEVFREQ_GOV_PASSIVE = yes;
PM_DEVFREQ_EVENT = yes;
})
(helpers: with helpers; mkOptionDefaultIze {
CMA = yes;
CMA_DEBUG = no;
CMA_DEBUGFS = no;
CMA_AREAS = freeform ''7''; # The default
DMA_CMA = yes;
CMA_SIZE_SEL_PERCENTAGE = yes;
CMA_SIZE_PERCENTAGE = freeform ''10''; # The default
})
# ARM defaults
(mkIf isAarch64 (helpers: with helpers; mkDefaultIze {
# Assume device trees are to be used...
OF = yes;
}))
# AArch64 specifics
(mkIf isAarch64 (helpers: with helpers; mkDefaultIze {
ARM64_SME = whenAtLeast "5.19" yes;
ARM64_PSEUDO_NMI = whenAtLeast "5.1" yes;
}))
];
}

218
support/kernel-config/filesystems.nix Normal file
View File

@ -0,0 +1,218 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkDefault
mkIf
mkMerge
mkOptionDefault
;
inherit (pkgs.stdenv)
is64bit
isAarch32
isAarch64
isx86_32
isx86_64
;
isArm = isAarch64 || isAarch32;
isx86 = isx86_32 || isx86_64;
mkDefaultIze =
attrs:
builtins.mapAttrs (_: value: mkDefault value) attrs
;
in
{
mobile.kernel.structuredConfig = [
# Mobile NixOS *defaults*
(helpers: with helpers; mkDefaultIze {
# Partitions
PARTITION_ADVANCED = no;
MSDOS_PARTITION = yes;
EFI_PARTITION = yes;
# pseudo filesystems
CONFIGFS_FS = yes;
DEBUG_FS = yes;
RELAY = yes;
PROC_FS = yes;
SND_PROC_FS = (whenAtLeast "4.2" yes);
# meta filesystems
OVERLAY_FS = (whenAtLeast "3.18" yes);
FUSE_FS = yes;
CUSE = yes;
# Desirable rootfs fileystems
BTRFS_FS = yes;
EXT4_FS = yes;
F2FS_FS = yes;
SQUASHFS = yes;
# Used mostly as a filesystem
NET_9P = yes;
NET_9P_FD = (whenAtLeast "5.17" yes);
# Additional useful filesystems
FAT_FS = yes;
VFAT_FS = yes;
ISO9660_FS = yes;
UDF_FS = yes;
# Unwanted by default
SCSI_PROC_FS = no;
BLK_DEBUG_FS = no;
AUTOFS4_FS = no;
AUTOFS_FS = no;
ADFS_FS = no;
AFFS_FS = no;
BEFS_FS = no;
BFS_FS = no;
ECRYPT_FS = no;
EFS_FS = no;
EROFS_FS = no;
EXT2_FS = no;
EXT3_FS = no;
EXFAT_FS = no;
GFS2_FS = no;
HFSPLUS_FS = no;
HFS_FS = no;
HPFS_FS = no;
JFFS2_FS = no;
JFS_FS = no;
MINIX_FS = no;
MSDOS_FS = no;
NILFS2_FS = no;
NTFS3_FS = no;
NTFS_FS = no;
OCFS2_FS = no;
OMFS_FS = no;
ORANGEFS_FS = no;
QNX4FS_FS = no;
QNX6FS_FS = no;
REISERFS_FS = no;
ROMFS_FS = no;
SYSV_FS = no;
UFS_FS = no;
VXFS_FS = no;
XFS_FS = no;
VIRTIO_FS = no;
# Networkd filesystems
NETWORK_FILESYSTEMS = yes;
NFS_FS = no;
NFSD = no;
CEPH_FS = no;
CIFS = no;
SMB_SERVER = no;
CODA_FS = no;
AFS_FS = no;
# Used within NixOS tests
"9P_FS" = yes;
# This option does not affect initramfs based booting
DEVTMPFS_MOUNT = no;
})
# From NixOS
(helpers: with helpers; mkDefaultIze {
# Filesystem options - in particular, enable extended attributes and
# ACLs for all filesystems that support them.
FANOTIFY = yes;
FANOTIFY_ACCESS_PERMISSIONS = yes;
TMPFS = yes;
TMPFS_POSIX_ACL = yes;
FS_ENCRYPTION = mkMerge [
(option yes) # Sometimes available on vendor kernels
(whenAtLeast "4.6" yes) # Required otherwise
];
EXT2_FS_XATTR = option yes;
EXT2_FS_POSIX_ACL = option yes;
EXT2_FS_SECURITY = option yes;
EXT3_FS_POSIX_ACL = option yes;
EXT3_FS_SECURITY = option yes;
EXT4_FS_POSIX_ACL = yes;
EXT4_FS_SECURITY = yes;
EXT4_ENCRYPTION = whenBetween "4.1" "5.1" yes;
REISERFS_FS_XATTR = option yes;
REISERFS_FS_POSIX_ACL = option yes;
REISERFS_FS_SECURITY = option yes;
JFS_POSIX_ACL = option yes;
JFS_SECURITY = option yes;
XFS_QUOTA = option yes;
XFS_POSIX_ACL = option yes;
XFS_RT = option yes; # XFS Realtime subvolume support
XFS_ONLINE_SCRUB = option yes;
OCFS2_DEBUG_MASKLOG = option no;
BTRFS_FS_POSIX_ACL = yes;
UBIFS_FS_ADVANCED_COMPR = option yes;
F2FS_FS_SECURITY = option yes;
F2FS_FS_ENCRYPTION = whenBetween "4.2" "5.1" yes;
F2FS_FS_COMPRESSION = whenAtLeast "5.6" yes;
NFSD_V2_ACL = whenOlder "6.2" (option yes);
NFSD_V3 = whenOlder "5.18" (option yes);
NFSD_V3_ACL = option yes;
NFSD_V4 = option yes;
NFSD_V4_SECURITY_LABEL = option yes;
NFS_FSCACHE = option yes;
NFS_SWAP = option yes;
NFS_V3_ACL = option yes;
NFS_V4_1 = option yes; # NFSv4.1 client support
NFS_V4_2 = option yes;
NFS_V4_SECURITY_LABEL = option yes;
CIFS_XATTR = option yes;
CIFS_POSIX = option yes;
CIFS_FSCACHE = option yes;
CIFS_STATS = whenOlder "4.19" (option yes);
CIFS_WEAK_PW_HASH = whenOlder "5.15" (option yes);
CIFS_UPCALL = option yes;
CIFS_ACL = whenOlder "5.3" (option yes);
CIFS_DFS_UPCALL = option yes;
CEPH_FSCACHE = option yes;
CEPH_FS_POSIX_ACL = option yes;
SQUASHFS_DECOMP_MULTI_PERCPU = whenBetween "3.13" "6.2" yes;
SQUASHFS_XATTR = yes;
SQUASHFS_ZLIB = yes;
SQUASHFS_LZO = yes;
SQUASHFS_XZ = yes;
SQUASHFS_LZ4 = whenAtLeast "3.19" yes;
SQUASHFS_ZSTD = whenAtLeast "4.14" yes;
# `choice`; android trees may have this option removed :<
SQUASHFS_FILE_CACHE = whenAtLeast "3.13" (option no);
SQUASHFS_FILE_DIRECT = whenAtLeast "3.13" (option yes);
# Native Language Support modules, needed by some filesystems
NLS = yes;
NLS_DEFAULT = freeform ''"utf8"'';
NLS_ASCII = no;
NLS_UTF8 = yes;
NLS_CODEPAGE_437 = yes; # VFAT default for the codepage= mount option
NLS_ISO8859_1 = yes; # VFAT default for the iocharset= mount option
FAT_DEFAULT_IOCHARSET = freeform ''"utf8"'';
UNICODE = whenAtLeast "5.2" yes; # Casefolding support for filesystems
QUOTA = yes;
})
];
}

41
support/kernel-config/networking.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkDefault
mkIf
mkMerge
mkOptionDefault
;
inherit (pkgs.stdenv)
is64bit
isAarch32
isAarch64
isx86_32
isx86_64
;
isArm = isAarch64 || isAarch32;
isx86 = isx86_32 || isx86_64;
mkDefaultIze =
attrs:
builtins.mapAttrs (_: value: mkDefault value) attrs
;
in
{
mobile.kernel.structuredConfig = [
# Removing stuff unneeded by default
(helpers: with helpers; mkDefaultIze {
IP_SET = no;
IP_VS = no;
NET_DSA = no;
})
(helpers: with helpers; mkDefaultIze {
NET_SCHED = yes;
# The name implies routing... but virtual stuff would apply here.
# E.g. android roots, etc...
IP_ADVANCED_ROUTER = yes;
})
];
}

217
support/kernel-config/nixos.nix Normal file
View File

@ -0,0 +1,217 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkDefault
mkIf
mkMerge
mkOptionDefault
;
inherit (pkgs.stdenv)
is64bit
isAarch32
isAarch64
isx86_32
isx86_64
;
isArm = isAarch64 || isAarch32;
isx86 = isx86_32 || isx86_64;
mkDefaultIze =
attrs:
builtins.mapAttrs (_: value: mkDefault value) attrs
;
in
{
mobile.kernel.structuredConfig = [
# From NixOS
(helpers: with helpers; mkDefaultIze {
STANDALONE = no;
# debug
DEBUG_KERNEL = yes;
DEBUG_DEVRES = no;
DYNAMIC_DEBUG = yes;
DEBUG_STACK_USAGE = no;
RCU_TORTURE_TEST = no;
SCHEDSTATS = no;
DETECT_HUNG_TASK = yes;
CRASH_DUMP = option no;
# Provide access to tunables like sched_migration_cost_ns
SCHED_DEBUG = yes;
# power-management
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
CPU_FREQ_GOV_SCHEDUTIL = whenAtLeast "4.7" yes;
PM_DEBUG = yes;
PM_ADVANCED_DEBUG = yes;
PM_WAKELOCKS = yes;
POWERCAP = whenAtLeast "3.13" yes;
## # ACPI Firmware Performance Data Table Support
## ACPI_FPDT = whenAtLeast "5.12" (option yes);
## # ACPI Heterogeneous Memory Attribute Table Support
## ACPI_HMAT = whenAtLeast "5.2" (option yes);
## # ACPI Platform Error Interface
## ACPI_APEI = (option yes);
## # APEI Generic Hardware Error Source
## ACPI_APEI_GHES = (option yes);
# Enable lazy RCUs for power savings:
# https://lore.kernel.org/rcu/20221019225138.GA2499943@paulmck-ThinkPad-P17-Gen-1/
# RCU_LAZY depends on RCU_NOCB_CPU depends on NO_HZ_FULL
# depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT,
# so we can't force-enable this
RCU_LAZY = whenAtLeast "6.2" (option yes);
# scheduler
IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1
BLK_CGROUP = yes; # required by CFQ"
BLK_CGROUP_IOLATENCY = whenAtLeast "4.19" yes;
BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes;
IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1
MQ_IOSCHED_DEADLINE = whenAtLeast "4.11" yes;
BFQ_GROUP_IOSCHED = whenAtLeast "4.12" yes;
MQ_IOSCHED_KYBER = whenAtLeast "4.12" yes;
IOSCHED_BFQ = whenAtLeast "4.12" yes;
# wireless
WIRELESS = yes;
CFG80211 = yes;
CFG80211_WEXT = yes;
RFKILL = yes;
# video
DRM_LEGACY = no;
# Allow specifying custom EDID on the kernel command line
DRM_LOAD_EDID_FIRMWARE = option yes;
# usb
USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";};
USB_EHCI_ROOT_HUB_TT = option yes; # Root Hub Transaction Translators
USB_EHCI_TT_NEWSCHED = option yes; # Improved transaction translator scheduling
USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies)
# security
FORTIFY_SOURCE = option yes;
# https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
DEBUG_LIST = yes;
HARDENED_USERCOPY = whenAtLeast "4.8" yes;
RANDOMIZE_BASE = option yes;
STRICT_DEVMEM = yes; # Filter access to /dev/mem
IO_STRICT_DEVMEM = whenAtLeast "4.5" yes;
SECURITY_SELINUX = yes;
SECURITY_SELINUX_BOOTPARAM = yes;
SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default
# Prevent processes from ptracing non-children processes
SECURITY_YAMA = option yes;
# The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
# This does not have any effect if a program does not support it
SECURITY_LANDLOCK = whenAtLeast "5.13" yes;
DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem
USER_NS = yes; # Support for user namespaces
SECURITY_APPARMOR = yes;
DEFAULT_SECURITY_APPARMOR = yes;
RANDOM_TRUST_CPU = whenOlder "6.2" (whenAtLeast "4.19" yes); # allow RDRAND to seed the RNG
RANDOM_TRUST_BOOTLOADER = whenOlder "6.2" (whenAtLeast "5.4" yes); # allow the bootloader to seed the RNG
MODULE_SIG = option no; # r13y, generates a random key during build and bakes it in
# Depends on MODULE_SIG and only really helps when you sign your modules
# and enforce signatures which we don't do by default.
SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" no;
# provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis
KEYS = yes;
PERSISTENT_KEYRINGS = whenAtLeast "3.13" yes;
# enable temporary caching of the last request_key() result
KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes;
# microcode
MICROCODE = mkIf isx86 yes;
MICROCODE_INTEL = mkIf isx86 yes;
MICROCODE_AMD = mkIf isx86 yes;
# Write Back Throttling
# https://lwn.net/Articles/682582/
# https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655
BLK_WBT = whenAtLeast "4.10" yes;
BLK_WBT_SQ = whenBetween "4.10" "5.0" yes; # Removed in 5.0-RC1
BLK_WBT_MQ = whenAtLeast "4.10" yes;
# container
NAMESPACES = yes; # Required by 'unshare' used by 'nixos-install'
RT_GROUP_SCHED = no;
CGROUP_DEVICE = yes;
HUGETLBFS = if isAarch32 then no else yes;
CGROUP_HUGETLB = whenAtLeast "4.5" yes;
CGROUP_PERF = whenAtLeast "4.5" yes; PERF_EVENTS = yes;
CGROUP_RDMA = whenAtLeast "4.11" yes;
MEMCG = whenAtLeast "3.6" yes;
MEMCG_SWAP = whenBetween "3.6" "6.1" yes;
BLK_DEV_THROTTLING = yes;
CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1
CGROUP_PIDS = whenAtLeast "4.3" yes;
# staging
STAGING = yes;
# proc-events
CONNECTOR = yes;
PROC_EVENTS = yes;
# 9p
"9P_FSCACHE" = option yes;
"9P_FS_POSIX_ACL" = option yes;
"NET_9P_VIRTIO" = option yes;
# huge-page
TRANSPARENT_HUGEPAGE = option yes;
TRANSPARENT_HUGEPAGE_ALWAYS = option no;
TRANSPARENT_HUGEPAGE_MADVISE = option yes;
# misc
HID_BATTERY_STRENGTH = whenAtLeast "3.3" yes;
HIDRAW = yes;
MODULE_COMPRESS = whenOlder "5.13" (option yes);
MODULE_COMPRESS_XZ = option yes;
BLK_DEV_INTEGRITY = yes;
IDLE_PAGE_TRACKING = whenAtLeast "4.3" yes;
KEXEC_FILE = option yes;
KEXEC_JUMP = option yes;
PSI = whenAtLeast "4.20" yes;
MMC_BLOCK_MINORS = option (freeform "32");
REGULATOR = yes; # Voltage and Current Regulator Support
SCHED_AUTOGROUP = yes;
CFS_BANDWIDTH = yes;
SLAB_FREELIST_HARDENED = whenAtLeast "4.14" yes;
SLAB_FREELIST_RANDOM = whenAtLeast "4.7" yes;
HWMON = yes;
THERMAL = yes;
THERMAL_HWMON = yes; # Hardware monitoring support
BINFMT_SCRIPT = whenAtLeast "3.10" yes;
BINFMT_MISC = option yes;
FW_LOADER_USER_HELPER_FALLBACK = option no;
FW_LOADER_COMPRESS = option yes;
PREEMPT = no;
PREEMPT_VOLUNTARY = yes;
SCHED_SMT = yes;
SCHED_CORE = whenAtLeast "5.14" yes;
LRU_GEN = whenAtLeast "6.1" yes;
LRU_GEN_ENABLED = whenAtLeast "6.1" yes;
# NOTE: does not support actual android kernel tree equivalents for the moment.
ASHMEM = { optional = true; tristate = whenBetween "5.0" "5.18" "y";};
ANDROID = { optional = true; tristate = whenBetween "5.0" "5.19" "y";};
ANDROID_BINDER_IPC = { optional = true; tristate = whenAtLeast "5.0" "y";};
ANDROID_BINDERFS = { optional = true; tristate = whenAtLeast "5.0" "y";};
ANDROID_BINDER_DEVICES = { optional = true; freeform = whenAtLeast "5.0" "binder,hwbinder,vndbinder";};
TASKSTATS = yes;
TASK_DELAY_ACCT = yes;
TASK_XACCT = yes;
TASK_IO_ACCOUNTING = yes;
WERROR = whenAtLeast "5.15" no;
KUNIT = whenAtLeast "5.5" no;
ACCESSIBILITY = yes;
AIO = yes; # POSIX asynchronous I/O
})
];
}