100 lines
2.5 KiB
Nix
100 lines
2.5 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
nixpkgs.overlays = [
|
|
(self: super: {
|
|
buildLinux = x:
|
|
super.buildLinux ({
|
|
ignoreConfigErrors = true;
|
|
enableParallelBuilding = true;
|
|
}
|
|
// x);
|
|
})
|
|
];
|
|
boot.kernelPatches = [
|
|
{
|
|
name = "foureighty";
|
|
patch = null;
|
|
extraConfig = ''
|
|
ACPI_CUSTOM_METHOD n
|
|
ACPI_DPTF y
|
|
BUG y
|
|
CC_STACKPROTECTOR_STRONG y
|
|
CPU_IDLE_GOV_HALTPOLL y
|
|
CPU_IDLE_GOV_TEO y
|
|
DEBUG_CREDENTIALS y
|
|
DEBUG_NOTIFIERS y
|
|
DEBUG_PI_LIST y
|
|
DEBUG_PLIST y
|
|
DEBUG_RODATA y
|
|
DEBUG_SET_MODULE_RONX y
|
|
DEBUG_SG y
|
|
DEVMEM y
|
|
DPTF_PCH_FIVR m
|
|
DPTF_POWER m
|
|
ENERGY_MODEL y
|
|
FORTIFY_SOURCE y
|
|
GCC_PLUGINS y
|
|
GCC_PLUGIN_LATENT_ENTROPY y
|
|
GCC_PLUGIN_RANDSTRUCT y
|
|
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
|
|
GCC_PLUGIN_STACKLEAK y
|
|
GCC_PLUGIN_STRUCTLEAK y
|
|
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y
|
|
HARDENED_USERCOPY y
|
|
HARDENED_USERCOPY_FALLBACK y
|
|
HARDLOCKUP_DETECTOR y
|
|
HZ_300 y
|
|
INET_DIAG n
|
|
INET_DIAG_DESTROY option no
|
|
INET_MPTCP_DIAG option no
|
|
INET_RAW_DIAG option no
|
|
INET_TCP_DIAG option no
|
|
INET_UDP_DIAG option no
|
|
INIT_ON_ALLOC_DEFAULT_ON y
|
|
INIT_ON_FREE_DEFAULT_ON y
|
|
INTEL_TXT y
|
|
KEXEC n
|
|
KFENCE y
|
|
LEGACY_VSYSCALL_NONE y
|
|
LOCKUP_DETECTOR y
|
|
MCORE2 y
|
|
NR_CPUS 16
|
|
NUMA_BALANCING y
|
|
NUMA_BALANCING_DEFAULT_ENABLED y
|
|
PAGE_POISONING y
|
|
PAGE_POISONING_NO_SANITY y
|
|
PAGE_POISONING_ZERO y
|
|
PANIC_TIMEOUT -1
|
|
PM_AUTOSLEEP y
|
|
POWER_EFFICIENT_DEFAULT y
|
|
PREEMPT y
|
|
PREEMPTION y
|
|
PREEMPT_COUNT y
|
|
PREEMPT_DYNAMIC y
|
|
PREEMPT_RCU y
|
|
PROC_KCORE n
|
|
RANDOMIZE_KSTACK_OFFSET_DEFAULT y
|
|
SCHED_CORE y
|
|
SCHED_STACK_END_CHECK y
|
|
SECURITY_SAFESETID y
|
|
SECURITY_SELINUX_DISABLE n
|
|
SECURITY_WRITABLE_HOOKS n
|
|
SHUFFLE_PAGE_ALLOCATOR y
|
|
SLAB_FREELIST_HARDENED y
|
|
SLAB_FREELIST_RANDOM y
|
|
SLUB_DEBUG y
|
|
STRICT_DEVMEM y
|
|
STRICT_KERNEL_RWX y
|
|
UNINLINE_SPIN_UNLOCK y
|
|
WATCH_QUEUE y
|
|
X86_INTEL_TSX_MODE_AUTO y
|
|
X86_SGX y
|
|
X86_SGX_KVM y
|
|
'';
|
|
}
|
|
];
|
|
}
|