2015-03-24 21:34:54 +00:00
|
|
|
/*
|
|
|
|
|
|
|
|
WARNING/NOTE: whenever you want to add an option here you need to
|
|
|
|
either
|
|
|
|
|
|
|
|
* mark it as an optional one with `?` suffix,
|
|
|
|
* or make sure it works for all the versions in nixpkgs,
|
|
|
|
* or check for which kernel versions it will work (using kernel
|
|
|
|
changelog, google or whatever) and mark it with `versionOlder` or
|
|
|
|
`versionAtLeast`.
|
|
|
|
|
|
|
|
Then do test your change by building all the kernels (or at least
|
|
|
|
their configs) in nixpkgs or else you will guarantee lots and lots
|
|
|
|
of pain to users trying to switch to an older kernel because of some
|
|
|
|
hardware problems with a new one.
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
2014-05-07 23:26:33 +01:00
|
|
|
{ stdenv, version, kernelPlatform, extraConfig, features }:
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
with stdenv.lib;
|
|
|
|
|
|
|
|
''
|
2015-03-04 15:37:42 +00:00
|
|
|
# Debugging.
|
2013-07-31 22:56:48 +01:00
|
|
|
DEBUG_KERNEL y
|
|
|
|
TIMER_STATS y
|
|
|
|
BACKTRACE_SELF_TEST n
|
|
|
|
CPU_NOTIFIER_ERROR_INJECT? n
|
|
|
|
DEBUG_DEVRES n
|
|
|
|
DEBUG_NX_TEST n
|
|
|
|
DEBUG_STACK_USAGE n
|
2015-03-02 22:34:44 +00:00
|
|
|
${optionalString (!(features.grsecurity or false)) ''
|
2014-05-18 14:56:52 +01:00
|
|
|
DEBUG_STACKOVERFLOW n
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
RCU_TORTURE_TEST n
|
|
|
|
SCHEDSTATS n
|
2013-07-31 23:50:48 +01:00
|
|
|
DETECT_HUNG_TASK y
|
2013-07-31 22:56:48 +01:00
|
|
|
|
2015-03-04 15:37:42 +00:00
|
|
|
# Power management.
|
|
|
|
${optionalString (versionOlder version "3.19") ''
|
|
|
|
PM_RUNTIME y
|
|
|
|
''}
|
|
|
|
PM_ADVANCED_DEBUG y
|
|
|
|
${optionalString (versionAtLeast version "3.10") ''
|
|
|
|
X86_INTEL_PSTATE y
|
|
|
|
''}
|
2015-03-04 16:04:02 +00:00
|
|
|
INTEL_IDLE y
|
|
|
|
CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
|
2015-03-04 15:37:42 +00:00
|
|
|
${optionalString (versionOlder version "3.10") ''
|
|
|
|
USB_SUSPEND y
|
|
|
|
''}
|
|
|
|
|
2013-07-31 22:56:48 +01:00
|
|
|
# Support drivers that need external firmware.
|
|
|
|
STANDALONE n
|
|
|
|
|
2013-09-04 05:45:36 +01:00
|
|
|
# Make /proc/config.gz available.
|
2015-06-04 09:15:31 +01:00
|
|
|
IKCONFIG y
|
2013-07-31 22:56:48 +01:00
|
|
|
IKCONFIG_PROC y
|
|
|
|
|
|
|
|
# Optimize with -O2, not -Os.
|
|
|
|
CC_OPTIMIZE_FOR_SIZE n
|
|
|
|
|
|
|
|
# Enable the kernel's built-in memory tester.
|
|
|
|
MEMTEST y
|
|
|
|
|
|
|
|
# Include the CFQ I/O scheduler in the kernel, rather than as a
|
|
|
|
# module, so that the initrd gets a good I/O scheduler.
|
|
|
|
IOSCHED_CFQ y
|
|
|
|
BLK_CGROUP y # required by CFQ
|
|
|
|
|
|
|
|
# Enable NUMA.
|
|
|
|
NUMA? y
|
|
|
|
|
|
|
|
# Disable some expensive (?) features.
|
|
|
|
PM_TRACE_RTC n
|
|
|
|
|
|
|
|
# Enable various subsystems.
|
|
|
|
ACCESSIBILITY y # Accessibility support
|
|
|
|
AUXDISPLAY y # Auxiliary Display support
|
|
|
|
DONGLE y # Serial dongle support
|
|
|
|
HIPPI y
|
|
|
|
MTD_COMPLEX_MAPPINGS y # needed for many devices
|
|
|
|
${optionalString (versionOlder version "3.2") ''
|
|
|
|
NET_POCKET y # enable pocket and portable adapters
|
|
|
|
''}
|
|
|
|
SCSI_LOWLEVEL y # enable lots of SCSI devices
|
|
|
|
SCSI_LOWLEVEL_PCMCIA y
|
2014-10-17 21:31:08 +01:00
|
|
|
SCSI_SAS_ATA y # added to enable detection of hard drive
|
2013-07-31 22:56:48 +01:00
|
|
|
SPI y # needed for many devices
|
|
|
|
SPI_MASTER y
|
|
|
|
WAN y
|
|
|
|
|
|
|
|
# Networking options.
|
|
|
|
IP_PNP n
|
2014-01-20 03:35:24 +00:00
|
|
|
${optionalString (versionOlder version "3.13") ''
|
2014-11-10 19:21:28 +00:00
|
|
|
IPV6_PRIVACY y
|
2014-01-20 03:35:24 +00:00
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
NETFILTER_ADVANCED y
|
|
|
|
IP_VS_PROTO_TCP y
|
|
|
|
IP_VS_PROTO_UDP y
|
|
|
|
IP_VS_PROTO_ESP y
|
|
|
|
IP_VS_PROTO_AH y
|
|
|
|
IP_DCCP_CCID3 n # experimental
|
|
|
|
CLS_U32_PERF y
|
|
|
|
CLS_U32_MARK y
|
2014-11-10 19:21:28 +00:00
|
|
|
${optionalString (stdenv.system == "x86_64-linux") ''
|
|
|
|
BPF_JIT y
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
# Wireless networking.
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
CFG80211_WEXT? y # Without it, ipw2200 drivers don't build
|
|
|
|
IPW2100_MONITOR? y # support promiscuous mode
|
|
|
|
IPW2200_MONITOR? y # support promiscuous mode
|
|
|
|
HOSTAP_FIRMWARE? y # Support downloading firmware images with Host AP driver
|
|
|
|
HOSTAP_FIRMWARE_NVRAM? y
|
|
|
|
ATH9K_PCI? y # Detect Atheros AR9xxx cards on PCI(e) bus
|
|
|
|
ATH9K_AHB? y # Ditto, AHB bus
|
2013-07-31 22:56:48 +01:00
|
|
|
${optionalString (versionAtLeast version "3.2") ''
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
B43_PHY_HT? y
|
2013-07-31 22:56:48 +01:00
|
|
|
''}
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
BCMA_HOST_PCI? y
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
# Enable various FB devices.
|
|
|
|
FB y
|
|
|
|
FB_EFI y
|
|
|
|
FB_NVIDIA_I2C y # Enable DDC Support
|
|
|
|
FB_RIVA_I2C y
|
|
|
|
FB_ATY_CT y # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support
|
|
|
|
FB_ATY_GX y # Mach64 GX support
|
|
|
|
FB_SAVAGE_I2C y
|
|
|
|
FB_SAVAGE_ACCEL y
|
|
|
|
FB_SIS_300 y
|
|
|
|
FB_SIS_315 y
|
|
|
|
FB_3DFX_ACCEL y
|
2015-06-03 21:43:17 +01:00
|
|
|
FB_VESA y
|
|
|
|
FRAMEBUFFER_CONSOLE y
|
2013-09-04 05:49:22 +01:00
|
|
|
${optionalString (versionOlder version "3.9" || stdenv.system == "i686-linux") ''
|
|
|
|
FB_GEODE y
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
# Video configuration.
|
|
|
|
# Enable KMS for devices whose X.org driver supports it.
|
|
|
|
DRM_I915_KMS y
|
|
|
|
${optionalString (versionOlder version "3.9") ''
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
DRM_RADEON_KMS? y
|
2013-07-31 22:56:48 +01:00
|
|
|
''}
|
|
|
|
# Hybrid graphics support
|
|
|
|
VGA_SWITCHEROO y
|
|
|
|
|
|
|
|
# Sound.
|
2014-04-18 20:06:34 +01:00
|
|
|
SND_DYNAMIC_MINORS y
|
2013-07-31 22:56:48 +01:00
|
|
|
SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode
|
|
|
|
SND_HDA_INPUT_BEEP y # Support digital beep via input layer
|
|
|
|
SND_USB_CAIAQ_INPUT y
|
|
|
|
PSS_MIXER y # Enable PSS mixer (Beethoven ADSP-16 and other compatible)
|
|
|
|
|
|
|
|
# USB serial devices.
|
|
|
|
USB_SERIAL_GENERIC y # USB Generic Serial Driver
|
|
|
|
USB_SERIAL_KEYSPAN_MPR y # include firmware for various USB serial devices
|
|
|
|
USB_SERIAL_KEYSPAN_USA28 y
|
|
|
|
USB_SERIAL_KEYSPAN_USA28X y
|
|
|
|
USB_SERIAL_KEYSPAN_USA28XA y
|
|
|
|
USB_SERIAL_KEYSPAN_USA28XB y
|
|
|
|
USB_SERIAL_KEYSPAN_USA19 y
|
|
|
|
USB_SERIAL_KEYSPAN_USA18X y
|
|
|
|
USB_SERIAL_KEYSPAN_USA19W y
|
|
|
|
USB_SERIAL_KEYSPAN_USA19QW y
|
|
|
|
USB_SERIAL_KEYSPAN_USA19QI y
|
|
|
|
USB_SERIAL_KEYSPAN_USA49W y
|
|
|
|
USB_SERIAL_KEYSPAN_USA49WLC y
|
|
|
|
|
|
|
|
# Filesystem options - in particular, enable extended attributes and
|
|
|
|
# ACLs for all filesystems that support them.
|
2015-02-12 18:39:44 +00:00
|
|
|
FANOTIFY y
|
2013-07-31 22:56:48 +01:00
|
|
|
EXT2_FS_XATTR y
|
|
|
|
EXT2_FS_POSIX_ACL y
|
2014-08-18 13:33:09 +01:00
|
|
|
EXT2_FS_SECURITY y
|
2015-03-04 14:38:17 +00:00
|
|
|
${optionalString (versionOlder version "4.0") ''
|
|
|
|
EXT2_FS_XIP y # Ext2 execute in place support
|
|
|
|
''}
|
2014-08-18 13:33:09 +01:00
|
|
|
EXT3_FS_POSIX_ACL y
|
|
|
|
EXT3_FS_SECURITY y
|
2013-07-31 22:56:48 +01:00
|
|
|
EXT4_FS_POSIX_ACL y
|
|
|
|
EXT4_FS_SECURITY y
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
REISERFS_FS_XATTR? y
|
|
|
|
REISERFS_FS_POSIX_ACL? y
|
|
|
|
REISERFS_FS_SECURITY? y
|
|
|
|
JFS_POSIX_ACL? y
|
|
|
|
JFS_SECURITY? y
|
|
|
|
XFS_QUOTA? y
|
|
|
|
XFS_POSIX_ACL? y
|
|
|
|
XFS_RT? y # XFS Realtime subvolume support
|
|
|
|
OCFS2_DEBUG_MASKLOG? n
|
2013-07-31 22:56:48 +01:00
|
|
|
BTRFS_FS_POSIX_ACL y
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
UBIFS_FS_ADVANCED_COMPR? y
|
2015-05-16 00:33:45 +01:00
|
|
|
${optionalString (versionAtLeast version "4.0") ''
|
|
|
|
NFSD_PNFS y
|
|
|
|
''}
|
|
|
|
NFSD_V2_ACL y
|
|
|
|
NFSD_V3 y
|
|
|
|
NFSD_V3_ACL y
|
|
|
|
NFSD_V4 y
|
|
|
|
${optionalString (versionAtLeast version "3.11") ''
|
|
|
|
NFSD_V4_SECURITY_LABEL y
|
|
|
|
''}
|
|
|
|
NFS_FSCACHE y
|
2014-07-16 11:08:48 +01:00
|
|
|
${optionalString (versionAtLeast version "3.6") ''
|
|
|
|
NFS_SWAP y
|
|
|
|
''}
|
2015-05-16 00:33:45 +01:00
|
|
|
NFS_V3_ACL y
|
2014-04-23 15:47:50 +01:00
|
|
|
${optionalString (versionAtLeast version "3.11") ''
|
|
|
|
NFS_V4_1 y # NFSv4.1 client support
|
|
|
|
NFS_V4_2 y
|
2015-05-16 00:33:45 +01:00
|
|
|
NFS_V4_SECURITY_LABEL y
|
2014-04-23 15:47:50 +01:00
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
CIFS_XATTR y
|
|
|
|
CIFS_POSIX y
|
|
|
|
CIFS_FSCACHE y
|
2014-11-08 10:44:19 +00:00
|
|
|
${optionalString (versionAtLeast version "3.12") ''
|
|
|
|
CEPH_FSCACHE y
|
|
|
|
''}
|
|
|
|
${optionalString (versionAtLeast version "3.14") ''
|
|
|
|
CEPH_FS_POSIX_ACL y
|
|
|
|
''}
|
2015-03-20 21:41:03 +00:00
|
|
|
${optionalString (versionAtLeast version "3.13") ''
|
|
|
|
SQUASHFS_FILE_DIRECT y
|
|
|
|
SQUASHFS_DECOMP_MULTI_PERCPU y
|
|
|
|
''}
|
2015-02-16 18:42:10 +00:00
|
|
|
SQUASHFS_XATTR y
|
|
|
|
SQUASHFS_ZLIB y
|
|
|
|
SQUASHFS_LZO y
|
|
|
|
SQUASHFS_XZ y
|
2015-03-20 21:41:03 +00:00
|
|
|
${optionalString (versionAtLeast version "3.19") ''
|
|
|
|
SQUASHFS_LZ4 y
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
# Security related features.
|
|
|
|
STRICT_DEVMEM y # Filter access to /dev/mem
|
2013-07-31 23:08:44 +01:00
|
|
|
SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default
|
2015-05-18 19:32:29 +01:00
|
|
|
${optionalString (!(features.grsecurity or false)) ''
|
2015-05-16 01:38:09 +01:00
|
|
|
DEVKMEM n # Disable /dev/kmem
|
|
|
|
''}
|
2014-04-02 22:58:54 +01:00
|
|
|
${if versionOlder version "3.14" then ''
|
2014-05-18 01:44:03 +01:00
|
|
|
CC_STACKPROTECTOR? y # Detect buffer overflows on the stack
|
2014-04-02 22:58:54 +01:00
|
|
|
'' else ''
|
2014-05-18 01:44:03 +01:00
|
|
|
CC_STACKPROTECTOR_REGULAR? y
|
2014-04-01 01:54:47 +01:00
|
|
|
''}
|
2013-09-25 11:49:49 +01:00
|
|
|
${optionalString (versionAtLeast version "3.12") ''
|
|
|
|
USER_NS y # Support for user namespaces
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
|
2014-05-07 23:59:29 +01:00
|
|
|
# AppArmor support
|
|
|
|
SECURITY_APPARMOR y
|
|
|
|
DEFAULT_SECURITY_APPARMOR y
|
|
|
|
|
2015-03-25 18:29:57 +00:00
|
|
|
# Microcode loading support
|
|
|
|
MICROCODE y
|
|
|
|
MICROCODE_INTEL y
|
|
|
|
MICROCODE_AMD y
|
|
|
|
${optionalString (versionAtLeast version "3.11") ''
|
|
|
|
MICROCODE_EARLY y
|
|
|
|
MICROCODE_INTEL_EARLY y
|
|
|
|
MICROCODE_AMD_EARLY y
|
|
|
|
''}
|
|
|
|
|
2013-07-31 22:56:48 +01:00
|
|
|
# Misc. options.
|
|
|
|
8139TOO_8129 y
|
|
|
|
8139TOO_PIO n # PIO is slower
|
|
|
|
AIC79XX_DEBUG_ENABLE n
|
|
|
|
AIC7XXX_DEBUG_ENABLE n
|
|
|
|
AIC94XX_DEBUG n
|
2014-01-20 03:35:24 +00:00
|
|
|
${optionalString (versionAtLeast version "3.3" && versionOlder version "3.13") ''
|
2013-07-31 22:56:48 +01:00
|
|
|
AUDIT_LOGINUID_IMMUTABLE y
|
|
|
|
''}
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
B43_PCMCIA? y
|
2013-07-31 22:56:48 +01:00
|
|
|
BLK_DEV_CMD640_ENHANCED y # CMD640 enhanced support
|
|
|
|
BLK_DEV_IDEACPI y # IDE ACPI support
|
|
|
|
BLK_DEV_INTEGRITY y
|
|
|
|
BSD_PROCESS_ACCT_V3 y
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
BT_HCIUART_BCSP? y
|
|
|
|
BT_HCIUART_H4? y # UART (H4) protocol support
|
|
|
|
BT_HCIUART_LL? y
|
2015-03-20 21:41:03 +00:00
|
|
|
${optionalString (versionAtLeast version "3.4") ''
|
|
|
|
BT_RFCOMM_TTY? y # RFCOMM TTY support
|
|
|
|
''}
|
2013-08-12 03:30:10 +01:00
|
|
|
CRASH_DUMP? n
|
2013-07-31 22:56:48 +01:00
|
|
|
${optionalString (versionOlder version "3.1") ''
|
|
|
|
DMAR? n # experimental
|
|
|
|
''}
|
|
|
|
DVB_DYNAMIC_MINORS? y # we use udev
|
|
|
|
${optionalString (versionAtLeast version "3.3") ''
|
|
|
|
EFI_STUB y # EFI bootloader in the bzImage itself
|
|
|
|
''}
|
|
|
|
FHANDLE y # used by systemd
|
|
|
|
FUSION y # Fusion MPT device support
|
|
|
|
IDE_GD_ATAPI y # ATAPI floppy support
|
|
|
|
IRDA_ULTRA y # Ultra (connectionless) protocol
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
JOYSTICK_IFORCE_232? y # I-Force Serial joysticks and wheels
|
|
|
|
JOYSTICK_IFORCE_USB? y # I-Force USB joysticks and wheels
|
|
|
|
JOYSTICK_XPAD_FF? y # X-Box gamepad rumble support
|
|
|
|
JOYSTICK_XPAD_LEDS? y # LED Support for Xbox360 controller 'BigX' LED
|
2013-07-31 22:56:48 +01:00
|
|
|
LDM_PARTITION y # Windows Logical Disk Manager (Dynamic Disk) support
|
|
|
|
LEDS_TRIGGER_IDE_DISK y # LED IDE Disk Trigger
|
|
|
|
LOGIRUMBLEPAD2_FF y # Logitech Rumblepad 2 force feedback
|
|
|
|
LOGO n # not needed
|
|
|
|
MEDIA_ATTACH y
|
|
|
|
MEGARAID_NEWGEN y
|
2015-05-16 00:36:54 +01:00
|
|
|
${optionalString (versionAtLeast version "3.15") ''
|
|
|
|
MLX4_EN_VXLAN y
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
MODVERSIONS y
|
|
|
|
MOUSE_PS2_ELANTECH y # Elantech PS/2 protocol extension
|
|
|
|
MTRR_SANITIZER y
|
|
|
|
NET_FC y # Fibre Channel driver support
|
|
|
|
PPP_MULTILINK y # PPP multilink support
|
2014-11-02 12:39:14 +00:00
|
|
|
PPP_FILTER y
|
2013-07-31 22:56:48 +01:00
|
|
|
REGULATOR y # Voltage and Current Regulator Support
|
|
|
|
${optionalString (versionAtLeast version "3.6") ''
|
|
|
|
RC_DEVICES? y # Enable IR devices
|
|
|
|
''}
|
2015-03-29 20:40:57 +01:00
|
|
|
${optionalString (versionAtLeast version "3.10") ''
|
|
|
|
RT2800USB_RT55XX y
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
SCSI_LOGGING y # SCSI logging facility
|
|
|
|
SERIAL_8250 y # 8250/16550 and compatible serial support
|
|
|
|
SLIP_COMPRESSED y # CSLIP compressed headers
|
|
|
|
SLIP_SMART y
|
|
|
|
THERMAL_HWMON y # Hardware monitoring support
|
2015-04-06 13:00:03 +01:00
|
|
|
${optionalString (versionAtLeast version "3.15") ''
|
|
|
|
UEVENT_HELPER n
|
|
|
|
''}
|
2015-03-20 22:05:43 +00:00
|
|
|
${optionalString (versionOlder version "3.15") ''
|
|
|
|
USB_DEBUG? n
|
|
|
|
''}
|
2013-07-31 22:56:48 +01:00
|
|
|
USB_EHCI_ROOT_HUB_TT y # Root Hub Transaction Translators
|
|
|
|
USB_EHCI_TT_NEWSCHED y # Improved transaction translator scheduling
|
|
|
|
X86_CHECK_BIOS_CORRUPTION y
|
|
|
|
X86_MCE y
|
|
|
|
|
|
|
|
# Linux containers.
|
|
|
|
RT_GROUP_SCHED? y
|
|
|
|
CGROUP_DEVICE? y
|
|
|
|
${if versionAtLeast version "3.6" then ''
|
|
|
|
MEMCG y
|
|
|
|
MEMCG_SWAP y
|
|
|
|
'' else ''
|
|
|
|
CGROUP_MEM_RES_CTLR y
|
|
|
|
CGROUP_MEM_RES_CTLR_SWAP y
|
|
|
|
''}
|
|
|
|
DEVPTS_MULTIPLE_INSTANCES y
|
2013-09-17 15:00:36 +01:00
|
|
|
BLK_DEV_THROTTLING y
|
|
|
|
CFQ_GROUP_IOSCHED y
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
# Enable staging drivers. These are somewhat experimental, but
|
|
|
|
# they generally don't hurt.
|
|
|
|
STAGING y
|
|
|
|
|
|
|
|
# PROC_EVENTS requires that the netlink connector is not built
|
|
|
|
# as a module. This is required by libcgroup's cgrulesengd.
|
|
|
|
CONNECTOR y
|
|
|
|
PROC_EVENTS y
|
|
|
|
|
|
|
|
# Tracing.
|
|
|
|
FTRACE y
|
2015-03-11 16:11:41 +00:00
|
|
|
KPROBES y
|
2013-07-31 22:56:48 +01:00
|
|
|
FUNCTION_TRACER y
|
|
|
|
FTRACE_SYSCALLS y
|
|
|
|
SCHED_TRACER y
|
2015-03-11 16:11:41 +00:00
|
|
|
STACK_TRACER y
|
2015-03-20 21:41:03 +00:00
|
|
|
${optionalString (versionAtLeast version "3.10") ''
|
|
|
|
UPROBE_EVENT y
|
|
|
|
''}
|
2015-03-11 16:11:41 +00:00
|
|
|
FUNCTION_PROFILER y
|
|
|
|
RING_BUFFER_BENCHMARK n
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
# Devtmpfs support.
|
|
|
|
DEVTMPFS y
|
|
|
|
|
|
|
|
# Easier debugging of NFS issues.
|
|
|
|
${optionalString (versionAtLeast version "3.4") ''
|
|
|
|
SUNRPC_DEBUG y
|
|
|
|
''}
|
|
|
|
|
|
|
|
# Virtualisation.
|
2014-05-17 22:28:56 +01:00
|
|
|
PARAVIRT? y
|
2015-05-18 19:32:29 +01:00
|
|
|
${optionalString (!(features.grsecurity or false))
|
2015-05-16 01:38:09 +01:00
|
|
|
(if versionAtLeast version "3.10" then ''
|
|
|
|
HYPERVISOR_GUEST y
|
|
|
|
'' else ''
|
|
|
|
PARAVIRT_GUEST? y
|
|
|
|
'')
|
|
|
|
}
|
2015-05-16 00:50:20 +01:00
|
|
|
KVM_APIC_ARCHITECTURE y
|
|
|
|
KVM_ASYNC_PF y
|
2013-08-01 13:01:59 +01:00
|
|
|
${optionalString (versionOlder version "3.7") ''
|
2014-05-17 22:28:56 +01:00
|
|
|
KVM_CLOCK? y
|
2013-08-01 13:01:59 +01:00
|
|
|
''}
|
2015-05-16 00:50:20 +01:00
|
|
|
${optionalString (versionAtLeast version "4.0") ''
|
2015-06-09 22:27:33 +01:00
|
|
|
KVM_COMPAT? y
|
2015-05-16 00:50:20 +01:00
|
|
|
''}
|
|
|
|
${optionalString (versionAtLeast version "3.10") ''
|
2015-05-17 11:02:44 +01:00
|
|
|
KVM_DEVICE_ASSIGNMENT? y
|
2015-05-16 00:50:20 +01:00
|
|
|
''}
|
|
|
|
${optionalString (versionAtLeast version "4.0") ''
|
|
|
|
KVM_GENERIC_DIRTYLOG_READ_PROTECT y
|
|
|
|
''}
|
|
|
|
${optionalString (!features.grsecurity or true) ''
|
|
|
|
KVM_GUEST y
|
|
|
|
''}
|
|
|
|
KVM_MMIO y
|
|
|
|
${optionalString (versionAtLeast version "3.13") ''
|
|
|
|
KVM_VFIO y
|
|
|
|
''}
|
2014-05-17 22:28:56 +01:00
|
|
|
XEN? y
|
2013-07-31 22:56:48 +01:00
|
|
|
XEN_DOM0? y
|
2015-02-10 15:53:03 +00:00
|
|
|
${optionalString ((versionAtLeast version "3.18") && (features.xen_dom0 or false)) ''
|
|
|
|
PCI_XEN? y
|
|
|
|
HVC_XEN? y
|
|
|
|
HVC_XEN_FRONTEND? y
|
|
|
|
XEN_SYS_HYPERVISOR? y
|
|
|
|
SWIOTLB_XEN? y
|
|
|
|
XEN_BACKEND? y
|
|
|
|
XEN_BALLOON? y
|
|
|
|
XEN_BALLOON_MEMORY_HOTPLUG? y
|
|
|
|
XEN_EFI? y
|
|
|
|
XEN_HAVE_PVMMU? y
|
|
|
|
XEN_MCE_LOG? y
|
|
|
|
XEN_PVH? y
|
|
|
|
XEN_PVHVM? y
|
|
|
|
XEN_SAVE_RESTORE? y
|
|
|
|
XEN_SCRUB_PAGES? y
|
|
|
|
XEN_SELFBALLOONING? y
|
|
|
|
XEN_STUB? y
|
|
|
|
XEN_TMEM? y
|
|
|
|
''}
|
2013-08-01 13:01:59 +01:00
|
|
|
KSM y
|
|
|
|
${optionalString (!stdenv.is64bit) ''
|
|
|
|
HIGHMEM64G? y # We need 64 GB (PAE) support for Xen guest support.
|
|
|
|
''}
|
2014-11-11 08:21:53 +00:00
|
|
|
${optionalString (versionAtLeast version "3.9" && stdenv.is64bit) ''
|
2014-11-08 10:44:19 +00:00
|
|
|
VFIO_PCI_VGA y
|
|
|
|
''}
|
|
|
|
VIRT_DRIVERS y
|
2013-07-31 22:56:48 +01:00
|
|
|
|
|
|
|
# Media support.
|
|
|
|
${optionalString (versionAtLeast version "3.6") ''
|
|
|
|
MEDIA_DIGITAL_TV_SUPPORT y
|
|
|
|
MEDIA_CAMERA_SUPPORT y
|
|
|
|
MEDIA_RC_SUPPORT y
|
|
|
|
''}
|
|
|
|
${optionalString (versionAtLeast version "3.7") ''
|
|
|
|
MEDIA_USB_SUPPORT y
|
|
|
|
''}
|
|
|
|
|
|
|
|
# Our initrd init uses shebang scripts, so can't be modular.
|
|
|
|
${optionalString (versionAtLeast version "3.10") ''
|
|
|
|
BINFMT_SCRIPT y
|
|
|
|
''}
|
|
|
|
|
|
|
|
# Enable the 9P cache to speed up NixOS VM tests.
|
nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-17 23:30:51 +00:00
|
|
|
9P_FSCACHE? y
|
|
|
|
9P_FS_POSIX_ACL? y
|
2013-07-31 22:56:48 +01:00
|
|
|
|
2014-04-16 21:30:58 +01:00
|
|
|
# Enable transparent support for huge pages.
|
|
|
|
TRANSPARENT_HUGEPAGE? y
|
|
|
|
TRANSPARENT_HUGEPAGE_ALWAYS? n
|
|
|
|
TRANSPARENT_HUGEPAGE_MADVISE? y
|
|
|
|
|
2014-10-20 12:18:33 +01:00
|
|
|
# zram support (e.g for in-memory compressed swap).
|
2014-04-24 13:03:18 +01:00
|
|
|
${optionalString (versionAtLeast version "3.4") ''
|
|
|
|
ZSMALLOC y
|
|
|
|
''}
|
|
|
|
ZRAM m
|
2014-10-20 12:18:33 +01:00
|
|
|
|
2014-08-29 06:49:32 +01:00
|
|
|
${optionalString (versionAtLeast version "3.17") "NFC? n"}
|
2014-04-24 13:03:18 +01:00
|
|
|
|
2014-10-20 12:18:33 +01:00
|
|
|
# Enable firmware loading via udev. Only needed for non-declarative
|
|
|
|
# firmware in /root/test-firmware.
|
|
|
|
${optionalString (versionAtLeast version "3.17") ''
|
|
|
|
FW_LOADER_USER_HELPER_FALLBACK y
|
|
|
|
''}
|
|
|
|
|
2013-07-31 22:56:48 +01:00
|
|
|
${kernelPlatform.kernelExtraConfig or ""}
|
|
|
|
${extraConfig}
|
|
|
|
''
|