···
+
# WARNING/NOTE: whenever you want to add an option here you need to either
+
# * mark it as an optional one with `option`,
+
# * or make sure it works for all the versions in nixpkgs,
+
# * or check for which kernel versions it will work (using kernel
+
# changelog, google or whatever) and mark it with `whenOlder` or
+
# Then do test your change by building all the kernels (or at least
+
# their configs) in Nixpkgs or else you will guarantee lots and lots
+
# of pain to users trying to switch to an older kernel because of some
+
# hardware problems with a new one.
+
# to let user override values, aka converting modules to included and vice-versa
+
, mkValueOverride ? null
+
# new extraConfig as a flattened set
+
, structuredExtraConfig ? {}
+
# legacy extraConfig as string
+
assert (mkValueOverride == null) || (builtins.isFunction mkValueOverride);
+
with import ../../../../lib/kernel.nix { inherit (stdenv) lib; inherit version; };
+
# TODO configuration items have to be part of subattrs. Remove this constraint
+
flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested));
+
DEBUG_INFO = if (features.debug or false) then yes else no;
+
TIMER_STATS = whenOlder "4.11" yes;
+
DEBUG_NX_TEST = whenOlder "4.11" no;
+
CPU_NOTIFIER_ERROR_INJECT = whenOlder "4.4" (option no);
+
DEBUG_STACK_USAGE = no;
+
DEBUG_STACKOVERFLOW = when (!grsecurity) no;
+
DETECT_HUNG_TASK = yes;
+
CRASH_DUMP = option no;
+
# Easier debugging of NFS issues.
+
SUNRPC_DEBUG = whenAtLeast "3.4" yes;
+
PM_RUNTIME = whenOlder "3.19" yes;
+
PM_ADVANCED_DEBUG = yes;
+
X86_INTEL_LPSS = whenAtLeast "3.11" yes;
+
X86_INTEL_PSTATE = whenAtLeast "3.10" yes;
+
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
+
USB_SUSPEND = whenOlder "3.10" yes;
+
# Support drivers that need external firmware.
+
# Make /proc/config.gz available
+
# Optimize with -O2, not -Os
+
CC_OPTIMIZE_FOR_SIZE = no;
+
# Include the CFQ I/O scheduler in the kernel, rather than as a
+
# module, so that the initrd gets a good I/O scheduler.
+
BLK_CGROUP = yes; # required by CFQ"
+
IOSCHED_DEADLINE = yes;
+
MQ_IOSCHED_DEADLINE = whenAtLeast "4.11" yes;
+
BFQ_GROUP_IOSCHED = whenAtLeast "4.12" yes;
+
MQ_IOSCHED_KYBER = whenAtLeast "4.12" yes;
+
IOSCHED_BFQ = whenAtLeast "4.12" module;
+
IPV6_PRIVACY = whenOlder "3.13" yes;
+
NETFILTER_ADVANCED = yes;
+
IP_DCCP_CCID3 = no; # experimental
+
BPF_JIT = when (stdenv.system == "x86_64-linux") yes;
+
# Required by systemd per-cgroup firewalling
+
CGROUP_BPF = option yes;
+
CGROUP_NET_PRIO = yes; # Required by systemd
+
IP_ROUTE_VERBOSE = yes;
+
IP_MROUTE_MULTIPLE_TABLES = yes;
+
IPV6_ROUTER_PREF = yes;
+
IPV6_OPTIMISTIC_DAD = yes;
+
IPV6_MULTIPLE_TABLES = yes;
+
IPV6_MROUTE_MULTIPLE_TABLES = yes;
+
IPV6_FOU_TUNNEL = whenAtLeast "4.7" module;
+
NET_CLS_BPF = whenAtLeast "4.4" module;
+
NET_ACT_BPF = whenAtLeast "4.4" module;
+
BRIDGE_VLAN_FILTERING = yes;
+
NET_L3_MASTER_DEV = option yes;
+
NET_FOU_IP_TUNNELS = option yes;
+
IP_NF_TARGET_REDIRECT = module;
+
PPP_MULTILINK = yes; # PPP multilink support
+
# needed for iwd WPS support (wpa_supplicant replacement)
+
KEY_DH_OPERATIONS = whenAtLeast "4.7" yes;
+
CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build
+
IPW2100_MONITOR = option yes; # support promiscuous mode
+
IPW2200_MONITOR = option yes; # support promiscuous mode
+
HOSTAP_FIRMWARE = option yes; # Support downloading firmware images with Host AP driver
+
HOSTAP_FIRMWARE_NVRAM = option yes;
+
ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus
+
ATH9K_AHB = option yes; # Ditto, AHB bus
+
B43_PHY_HT = option (whenAtLeast "3.2" yes);
+
BCMA_HOST_PCI = option yes;
+
FB_NVIDIA_I2C = yes; # Enable DDC Support
+
FB_ATY_CT = yes; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support
+
FB_ATY_GX = yes; # Mach64 GX support
+
FRAMEBUFFER_CONSOLE = yes;
+
FRAMEBUFFER_CONSOLE_ROTATION = yes;
+
FB_GEODE = when (versionOlder version "3.9" || stdenv.system == "i686-linux") yes;
+
# Enable KMS for devices whose X.org driver supports it
+
DRM_I915_KMS = whenOlder "4.3" yes;
+
# Allow specifying custom EDID on the kernel command line
+
DRM_LOAD_EDID_FIRMWARE = yes;
+
DRM_RADEON_KMS = option (whenOlder "3.9" yes);
+
VGA_SWITCHEROO = yes; # Hybrid graphics support
+
# necessary for amdgpu polaris support
+
DRM_AMD_POWERPLAY = whenBetween "4.5" "4.9" yes;
+
# (experimental) amdgpu support for verde and newer chipsets
+
DRM_AMDGPU_SI = whenAtLeast "4.9" yes;
+
# (stable) amdgpu support for bonaire and newer chipsets
+
DRM_AMDGPU_CIK = whenAtLeast "4.9" yes;
+
DRM_I915_GVT = whenAtLeast "4.16" yes;
+
DRM_I915_GVT_KVMGT = whenAtLeast "4.16" module;
+
SND_DYNAMIC_MINORS = yes;
+
SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode
+
SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer
+
SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions
+
# Support configuring jack functions via fw mechanism at boot
+
SND_HDA_PATCH_LOADER = yes;
+
SND_USB_CAIAQ_INPUT = yes;
+
# Enable PSS mixer (Beethoven ADSP-16 and other compatible)
+
PSS_MIXER = whenOlder "4.12" yes;
+
# Include firmware for various USB serial devices.
+
# Only applicable for kernels below 4.16, after that no firmware is shipped in the kernel tree.
+
USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver
+
} // optionalAttrs (versionOlder version "4.16") {
+
USB_SERIAL_KEYSPAN_MPR = yes; # include firmware for various USB serial devices
+
USB_SERIAL_KEYSPAN_USA28 = yes;
+
USB_SERIAL_KEYSPAN_USA28X = yes;
+
USB_SERIAL_KEYSPAN_USA28XA = yes;
+
USB_SERIAL_KEYSPAN_USA28XB = yes;
+
USB_SERIAL_KEYSPAN_USA19 = yes;
+
USB_SERIAL_KEYSPAN_USA18X = yes;
+
USB_SERIAL_KEYSPAN_USA19W = yes;
+
USB_SERIAL_KEYSPAN_USA19QW = yes;
+
USB_SERIAL_KEYSPAN_USA19QI = yes;
+
USB_SERIAL_KEYSPAN_USA49W = yes;
+
USB_SERIAL_KEYSPAN_USA49WLC = yes;
+
USB_DEBUG = option (whenOlder "3.15" no);
+
USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators
+
USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling
+
# Filesystem options - in particular, enable extended attributes and
+
# ACLs for all filesystems that support them.
+
FS_ENCRYPTION = option (whenAtLeast "4.9" module);
+
EXT2_FS_POSIX_ACL = yes;
+
EXT2_FS_SECURITY = yes;
+
EXT2_FS_XIP = whenOlder "4.0" yes; # Ext2 execute in place support
+
EXT3_FS_POSIX_ACL = yes;
+
EXT3_FS_SECURITY = yes;
+
EXT4_FS_POSIX_ACL = yes;
+
EXT4_FS_SECURITY = yes;
+
EXT4_ENCRYPTION = option ((if (versionOlder version "4.8") then module else yes));
+
REISERFS_FS_XATTR = option yes;
+
REISERFS_FS_POSIX_ACL = option yes;
+
REISERFS_FS_SECURITY = option yes;
+
JFS_POSIX_ACL = option yes;
+
JFS_SECURITY = option yes;
+
XFS_QUOTA = option yes;
+
XFS_POSIX_ACL = option yes;
+
XFS_RT = option yes; # XFS Realtime subvolume support
+
OCFS2_DEBUG_MASKLOG = option no;
+
BTRFS_FS_POSIX_ACL = yes;
+
UBIFS_FS_ADVANCED_COMPR = option yes;
+
F2FS_FS_SECURITY = option yes;
+
F2FS_FS_ENCRYPTION = option yes;
+
NFSD_PNFS = whenBetween "4.0" "4.6" yes;
+
NFSD_V4_SECURITY_LABEL = whenAtLeast "3.11" yes;
+
NFS_SWAP = whenAtLeast "3.6" yes;
+
NFS_V4_1 = whenAtLeast "3.11" yes; # NFSv4.1 client support
+
NFS_V4_2 = whenAtLeast "3.11" yes;
+
NFS_V4_SECURITY_LABEL = whenAtLeast "3.11" yes;
+
CIFS_WEAK_PW_HASH = yes;
+
CIFS_SMB2 = whenOlder "4.13" yes;
+
CEPH_FSCACHE = whenAtLeast "3.12" yes;
+
CEPH_FS_POSIX_ACL = whenAtLeast "3.14" yes;
+
SQUASHFS_FILE_DIRECT = whenAtLeast "3.13" yes;
+
SQUASHFS_DECOMP_MULTI_PERCPU = whenAtLeast "3.13" yes;
+
SQUASHFS_LZ4 = whenAtLeast "3.19" yes;
+
# Native Language Support modules, needed by some filesystems
+
NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option
+
NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option
+
# Detect writes to read-only module pages
+
DEBUG_SET_MODULE_RONX = option (whenOlder "4.11" yes);
+
RANDOMIZE_BASE = option yes;
+
STRICT_DEVMEM = option yes; # Filter access to /dev/mem
+
SECURITY_SELINUX_BOOTPARAM_VALUE = "0"; # Disable SELinux by default
+
# Prevent processes from ptracing non-children processes
+
SECURITY_YAMA = option yes;
+
DEVKMEM = when (!grsecurity) no; # Disable /dev/kmem
+
USER_NS = whenAtLeast "3.12" yes; # Support for user namespaces
+
SECURITY_APPARMOR = yes;
+
DEFAULT_SECURITY_APPARMOR = yes;
+
AUDIT_LOGINUID_IMMUTABLE = whenBetween "3.3" "3.13" yes;
+
} // optionalAttrs (!stdenv.hostPlatform.isAarch32) {
+
# Detect buffer overflows on the stack
+
CC_STACKPROTECTOR = option (whenOlder "3.14" yes);
+
CC_STACKPROTECTOR_REGULAR = option (whenOlder "4.18" yes);
+
MICROCODE_EARLY = whenBetween "3.11" "4.4" yes;
+
MICROCODE_INTEL_EARLY = whenBetween "3.11" "4.4" yes;
+
MICROCODE_AMD_EARLY = whenBetween "3.11" "4.4" yes;
+
} // optionalAttrs (versionAtLeast version "4.10") {
+
# Write Back Throttling
+
# https://lwn.net/Articles/682582/
+
# https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655
+
NAMESPACES = option yes; # Required by 'unshare' used by 'nixos-install'
+
CGROUP_DEVICE = option yes;
+
MEMCG = whenAtLeast "3.6" yes;
+
MEMCG_SWAP = whenAtLeast "3.6" yes;
+
CGROUP_MEM_RES_CTLR = whenOlder "3.6" yes;
+
CGROUP_MEM_RES_CTLR_SWAP = whenOlder "3.6" yes;
+
DEVPTS_MULTIPLE_INSTANCES = whenOlder "4.7" yes;
+
BLK_DEV_THROTTLING = yes;
+
CFQ_GROUP_IOSCHED = yes;
+
CGROUP_PIDS = whenAtLeast "4.3" yes;
+
# Enable staging drivers. These are somewhat experimental, but
+
# they generally don't hurt.
+
# PROC_EVENTS requires that the netlink connector is not built
+
# as a module. This is required by libcgroup's cgrulesengd.
+
UPROBE_EVENT = option (whenOlder "4.11" yes);
+
UPROBE_EVENTS = option (whenAtLeast "4.11" yes);
+
BPF_SYSCALL = whenAtLeast "4.4" yes;
+
BPF_EVENTS = whenAtLeast "4.4" yes;
+
FUNCTION_PROFILER = yes;
+
RING_BUFFER_BENCHMARK = no;
+
HYPERVISOR_GUEST = when (!grsecurity && versionAtLeast version "3.10") yes;
+
PARAVIRT_GUEST = option (when (!grsecurity && versionOlder version "3.10") yes);
+
PARAVIRT_SPINLOCKS = option yes;
+
KVM_APIC_ARCHITECTURE = whenOlder "4.8" yes;
+
KVM_CLOCK = option (whenOlder "3.7" yes);
+
KVM_COMPAT = option (whenBetween "4.0" "4.12" yes);
+
KVM_DEVICE_ASSIGNMENT = option (whenBetween "3.10" "4.12" yes);
+
KVM_GENERIC_DIRTYLOG_READ_PROTECT = whenAtLeast "4.0" yes;
+
KVM_GUEST = when (!grsecurity) yes;
+
KVM_VFIO = whenAtLeast "3.13" yes;
+
# We nneed 64 GB (PAE) support for Xen guest support
+
HIGHMEM64G = option (when (!stdenv.is64bit) yes);
+
VFIO_PCI_VGA = when (versionAtLeast version "3.9" && stdenv.is64bit) yes;
+
} // optionalAttrs (stdenv.isx86_64 || stdenv.isi686) ({
+
# XXX: why isn't this in the xen-dom0 conditional section below?
+
} // optionalAttrs (versionAtLeast version "3.18" && xen_dom0) {
+
HVC_XEN_FRONTEND = option yes;
+
XEN_SYS_HYPERVISOR = option yes;
+
SWIOTLB_XEN = option yes;
+
XEN_BACKEND = option yes;
+
XEN_BALLOON = option yes;
+
XEN_BALLOON_MEMORY_HOTPLUG = option yes;
+
XEN_HAVE_PVMMU = option yes;
+
XEN_MCE_LOG = option yes;
+
XEN_PVHVM = option yes;
+
XEN_SAVE_RESTORE = option yes;
+
XEN_SCRUB_PAGES = option yes;
+
XEN_SELFBALLOONING = option yes;
+
MEDIA_DIGITAL_TV_SUPPORT = yes;
+
MEDIA_CAMERA_SUPPORT = yes;
+
MEDIA_RC_SUPPORT = whenOlder "4.14" yes;
+
MEDIA_CONTROLLER = yes;
+
MEDIA_PCI_SUPPORT = yes;
+
MEDIA_USB_SUPPORT = yes;
+
MEDIA_ANALOG_TV_SUPPORT = yes;
+
VIDEO_STK1160_COMMON = module;
+
VIDEO_STK1160_AC97 = whenOlder "4.11" yes;
+
# Enable the 9P cache to speed up NixOS VM tests.
+
"9P_FSCACHE" = option yes;
+
"9P_FS_POSIX_ACL" = option yes;
+
TRANSPARENT_HUGEPAGE = option yes;
+
TRANSPARENT_HUGEPAGE_ALWAYS = option no;
+
TRANSPARENT_HUGEPAGE_MADVISE = option yes;
+
ZSMALLOC = if (versionOlder version "3.18") then yes else module;
+
# Enable PCIe and USB for the brcmfmac driver
+
BRCMFMAC_USB = option yes;
+
BRCMFMAC_PCIE = option yes;
+
# Support x2APIC (which requires IRQ remapping)
+
x2apic = optionalAttrs (stdenv.system == "x86_64-linux") {
+
# For older kernels, painstakingly disable each symbol.
+
# Disable various self-test modules that have no use in a production system
+
# This menu disables all/most of them on >= 4.16
+
RUNTIME_TESTING_MENU = option no;
+
} // optionalAttrs (versionOlder version "4.16") {
+
ARM_KPROBES_TEST = option no;
+
ASYNC_RAID6_TEST = option no;
+
ATOMIC64_SELFTEST = option no;
+
BACKTRACE_SELF_TEST = option no;
+
INTERVAL_TREE_TEST = option no;
+
PERCPU_TEST = option no;
+
RBTREE_TEST = option no;
+
TEST_BITMAP = option no;
+
TEST_FIRMWARE = option no;
+
TEST_HEXDUMP = option no;
+
TEST_KSTRTOX = option no;
+
TEST_LIST_SORT = option no;
+
TEST_PARMAN = option no;
+
TEST_PRINTF = option no;
+
TEST_RHASHTABLE = option no;
+
TEST_STATIC_KEYS = option no;
+
TEST_STRING_HELPERS = option no;
+
TEST_UDELAY = option no;
+
TEST_USER_COPY = option no;
+
CRC32_SELFTEST = option no;
+
CRYPTO_TEST = option no;
+
GLOB_SELFTEST = option no;
+
DRM_DEBUG_MM_SELFTEST = option (whenOlder "4.18" no);
+
LNET_SELFTEST = option (whenOlder "4.18" no);
+
LOCK_TORTURE_TEST = option no;
+
NOTIFIER_ERROR_INJECTION = option no;
+
RCU_PERF_TEST = option no;
+
RCU_TORTURE_TEST = option no;
+
TEST_ASYNC_DRIVER_PROBE = option no;
+
WW_MUTEX_SELFTEST = option no;
+
XZ_DEC_TEST = option no;
+
} // optionalAttrs (features.criu or false) ({
+
CHECKPOINT_RESTORE = yes;
+
} // optionalAttrs (features.criu_revert_expert or true) {
+
RFKILL_INPUT = option yes;
+
HID_PICOLCD_FB = option yes;
+
HID_PICOLCD_BACKLIGHT = option yes;
+
HID_PICOLCD_LCD = option yes;
+
HID_PICOLCD_LEDS = option yes;
+
HID_PICOLCD_CIR = option yes;
+
DEBUG_MEMORY_INIT = option yes;
+
MODULE_COMPRESS = whenAtLeast "3.18" yes;
+
MODULE_COMPRESS_XZ = whenAtLeast "3.18" yes;
+
# Device mapper (RAID, LVM, etc.)
+
# Enable initrd support.
+
PM_TRACE_RTC = no; # Disable some expensive (?) features.
+
ACCESSIBILITY = yes; # Accessibility support
+
AUXDISPLAY = yes; # Auxiliary Display support
+
DONGLE = whenOlder "4.17" yes; # Serial dongle support
+
MTD_COMPLEX_MAPPINGS = yes; # needed for many devices
+
NET_POCKET = whenOlder "3.2" yes; # enable pocket and portable adapters
+
SCSI_LOWLEVEL = yes; # enable lots of SCSI devices
+
SCSI_LOWLEVEL_PCMCIA = yes;
+
SCSI_SAS_ATA = yes; # added to enable detection of hard drive
+
SPI = yes; # needed for many devices
+
"8139TOO_PIO" = no; # PIO is slower
+
AIC79XX_DEBUG_ENABLE = no;
+
AIC7XXX_DEBUG_ENABLE = no;
+
AUDIT_LOGINUID_IMMUTABLE = whenBetween "3.3" "3.13" yes;
+
B43_PCMCIA = option (whenOlder "4.4" yes);
+
BLK_DEV_INTEGRITY = yes;
+
BSD_PROCESS_ACCT_V3 = yes;
+
BT_HCIUART_BCSP = option yes;
+
BT_HCIUART_H4 = option yes; # UART (H4) protocol support
+
BT_HCIUART_LL = option yes;
+
BT_RFCOMM_TTY = option (whenAtLeast "3.4" yes); # RFCOMM TTY support
+
CLEANCACHE = option yes;
+
CRASH_DUMP = option no;
+
DMAR = option (whenOlder "3.1" no); # experimental
+
DVB_DYNAMIC_MINORS = option yes; # we use udev
+
EFI_STUB = whenAtLeast "3.3" yes; # EFI bootloader in the bzImage itself
+
CGROUPS = yes; # used by systemd
+
FHANDLE = yes; # used by systemd
+
SECCOMP = yes; # used by systemd >= 231
+
SECCOMP_FILTER = yes; # ditto
+
FUSION = yes; # Fusion MPT device support
+
IDE = no; # deprecated IDE support
+
IDLE_PAGE_TRACKING = whenAtLeast "4.3" yes;
+
IRDA_ULTRA = whenOlder "4.17" yes; # Ultra (connectionless) protocol
+
JOYSTICK_IFORCE_232 = option yes; # I-Force Serial joysticks and wheels
+
JOYSTICK_IFORCE_USB = option yes; # I-Force USB joysticks and wheels
+
JOYSTICK_XPAD_FF = option yes; # X-Box gamepad rumble support
+
JOYSTICK_XPAD_LEDS = option yes; # LED Support for Xbox360 controller 'BigX' LED
+
KEXEC_FILE = option yes;
+
KEXEC_JUMP = option yes;
+
# Windows Logical Disk Manager (Dynamic Disk) support
+
LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback
+
LOGO = no; # not needed
+
MLX4_EN_VXLAN = whenBetween "3.15" "4.8" yes;
+
MODVERSIONS = whenOlder "4.9" yes;
+
MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension
+
NET_FC = yes; # Fibre Channel driver support
+
# GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks
+
PINCTRL_BAYTRAIL = whenAtLeast "3.11" yes;
+
# 8 is default. Modern gpt tables on eMMC may go far beyond 8.
+
MMC_BLOCK_MINORS = "32";
+
REGULATOR = yes; # Voltage and Current Regulator Support
+
RC_DEVICES = option (whenAtLeast "3.6" yes); # Enable IR devices
+
RT2800USB_RT53XX = yes;
+
RT2800USB_RT55XX = whenAtLeast "3.10" yes;
+
SCSI_LOGGING = yes; # SCSI logging facility
+
SERIAL_8250 = yes; # 8250/16550 and compatible serial support
+
SLIP_COMPRESSED = yes; # CSLIP compressed headers
+
THERMAL_HWMON = yes; # Hardware monitoring support
+
UEVENT_HELPER = whenAtLeast "3.15" no;
+
USERFAULTFD = whenAtLeast "4.3" yes;
+
X86_CHECK_BIOS_CORRUPTION = yes;
+
# Our initrd init uses shebang scripts, so can't be modular.
+
BINFMT_SCRIPT = whenAtLeast "3.10" yes;
+
BINFMT_MISC = option yes;
+
# Disable the firmware helper fallback, udev doesn't implement it any more
+
FW_LOADER_USER_HELPER_FALLBACK = option no;
+
HOTPLUG_PCI_ACPI = whenAtLeast "3.12" yes; # PCI hotplug using ACPI
+
HOTPLUG_PCI_PCIE = whenAtLeast "3.12" yes; # PCI-Expresscard hotplug support
+
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
+
# Bump the maximum number of CPUs to support systems like EC2 x1.*
+
# instances and Xeon Phi.
+
in (generateNixKConf ((flattenKConf options) // structuredExtraConfig) mkValueOverride) + extraConfig
pyrox.dev