enable 32bit emulation in hardened kernel

nixos/boxes/foureighty.nix

@@ -13,11 +13,29 @@
       "cryptd"
     ];
     kernelParams = [
-      "i915.enable_fbc=1"
-      "i915.enable_psr=2"
-      "i915.enable_rc6=7"
       "mds=full"
     ];
+
+    kernelPatches = [ {
+      name = "native";
+      patch = null;
+      extraConfig = ''
+        SLAB_FREELIST_RANDOM y
+        SLAB_FREELIST_HARDENED y
+        REFCOUNT_FULL y
+        MODVERSIONS y
+        GENERIC_CPU n
+        MCORE2 y
+        X86_INTEL_USERCOPY y
+        X86_USE_PPRO_CHECKSUM y
+        X86_P6_NOP y
+        X86_INTEL_MPX y
+        KEXEC n
+        IA32_EMULATION y
+        X86_X32 y
+      '';
+    } ];
+
     initrd.luks.devices = [
       {
         name = "root";
@@ -30,6 +48,7 @@
         efiSupport = true;
       };
       loader.efi.canTouchEfiVariables = true;
+
     };
 
     time.hardwareClockInLocalTime = true;
@@ -38,6 +57,8 @@
     hardware.trackpoint.enable = true;
     services.fprintd.enable = true;
 
+    hardware.bumblebee.enable = true;
+
     imports = [
       /etc/nixos/hardware-configuration.nix
       ../quirks/thinkpad-cpu-throttling.nix

nixos/common-hardware.nix

@@ -20,7 +20,8 @@
             Enable=Source,Sink,Media,Socket
     '';
   };
-  powerManagement.cpuFreqGovernor = (lib.mkForce null);
 
-  hardware.nvidiaOptimus.disable = true;
+  powerManagement.cpuFreqGovernor = (lib.mkForce null);
+  powerManagement.powertop.enable = true;
+
 }

nixos/kernel-patches

@@ -1,21 +0,0 @@
-
-    kernelPatches = [ {
-      name = "native";
-      patch = null;
-      extraConfig = ''
-            SLAB_FREELIST_RANDOM y
-            SLAB_FREELIST_HARDENED y
-            CC_STACKPROTECTOR_REGULAR n
-            CC_STACKPROTECTOR_STRONG y
-            REFCOUNT_FULL y
-            MODVERSIONS y
-            GENERIC_CPU n
-            MCORE2 y
-            INTEL_RDT y
-            X86_INTEL_USERCOPY y
-            X86_USE_PPRO_CHECKSUM y
-            X86_P6_NOP y
-            X86_INTEL_MPX y
-            KEXEC n
-            '';
-          } ];