diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel/common-config.nix')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 72 |
1 files changed, 55 insertions, 17 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 5fdfdb3b6a1..218532a695e 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -54,6 +54,7 @@ with stdenv.lib; STANDALONE n # Make /proc/config.gz available. + IKCONFIG y IKCONFIG_PROC y # Optimize with -O2, not -Os. @@ -131,13 +132,19 @@ with stdenv.lib; FB_SIS_300 y FB_SIS_315 y FB_3DFX_ACCEL y + FB_VESA y + FRAMEBUFFER_CONSOLE y ${optionalString (versionOlder version "3.9" || stdenv.system == "i686-linux") '' FB_GEODE y ''} # Video configuration. # Enable KMS for devices whose X.org driver supports it. - DRM_I915_KMS y + ${optionalString (versionOlder version "4.3") '' + DRM_I915_KMS y + ''} + # Allow specifying custom EDID on the kernel command line + DRM_LOAD_EDID_FIRMWARE y ${optionalString (versionOlder version "3.9") '' DRM_RADEON_KMS? y ''} @@ -190,18 +197,26 @@ with stdenv.lib; OCFS2_DEBUG_MASKLOG? n BTRFS_FS_POSIX_ACL y UBIFS_FS_ADVANCED_COMPR? y + ${optionalString (versionAtLeast version "4.0") '' + NFSD_PNFS y + ''} + NFSD_V2_ACL y + NFSD_V3 y + NFSD_V3_ACL y + NFSD_V4 y + ${optionalString (versionAtLeast version "3.11") '' + NFSD_V4_SECURITY_LABEL y + ''} + NFS_FSCACHE y ${optionalString (versionAtLeast version "3.6") '' NFS_SWAP y ''} + NFS_V3_ACL y ${optionalString (versionAtLeast version "3.11") '' NFS_V4_1 y # NFSv4.1 client support NFS_V4_2 y + NFS_V4_SECURITY_LABEL y ''} - NFSD_V2_ACL y - NFSD_V3 y - NFSD_V3_ACL y - NFSD_V4 y - NFS_FSCACHE y CIFS_XATTR y CIFS_POSIX y CIFS_FSCACHE y @@ -226,7 +241,9 @@ with stdenv.lib; # Security related features. STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default - DEVKMEM? n # Disable /dev/kmem + ${optionalString (!(features.grsecurity or false)) '' + DEVKMEM n # Disable /dev/kmem + ''} ${if versionOlder version "3.14" then '' CC_STACKPROTECTOR? y # Detect buffer overflows on the stack '' else '' @@ -292,6 +309,9 @@ with stdenv.lib; LOGO n # not needed MEDIA_ATTACH y MEGARAID_NEWGEN y + ${optionalString (versionAtLeast version "3.15") '' + MLX4_EN_VXLAN y + ''} MODVERSIONS y MOUSE_PS2_ELANTECH y # Elantech PS/2 protocol extension MTRR_SANITIZER y @@ -309,6 +329,7 @@ with stdenv.lib; SERIAL_8250 y # 8250/16550 and compatible serial support SLIP_COMPRESSED y # CSLIP compressed headers SLIP_SMART y + HWMON y THERMAL_HWMON y # Hardware monitoring support ${optionalString (versionAtLeast version "3.15") '' UEVENT_HELPER n @@ -322,6 +343,7 @@ with stdenv.lib; X86_MCE y # Linux containers. + NAMESPACES? y # Required by 'unshare' used by 'nixos-install' RT_GROUP_SCHED? y CGROUP_DEVICE? y ${if versionAtLeast version "3.6" then '' @@ -367,15 +389,34 @@ with stdenv.lib; # Virtualisation. PARAVIRT? y - ${if versionAtLeast version "3.10" then '' - HYPERVISOR_GUEST? y - '' else '' - PARAVIRT_GUEST? y - ''} - KVM_GUEST? y + ${optionalString (!(features.grsecurity or false)) + (if versionAtLeast version "3.10" then '' + HYPERVISOR_GUEST y + '' else '' + PARAVIRT_GUEST? y + '') + } + KVM_APIC_ARCHITECTURE y + KVM_ASYNC_PF y ${optionalString (versionOlder version "3.7") '' KVM_CLOCK? y ''} + ${optionalString (versionAtLeast version "4.0") '' + KVM_COMPAT? y + ''} + ${optionalString (versionAtLeast version "3.10") '' + KVM_DEVICE_ASSIGNMENT? y + ''} + ${optionalString (versionAtLeast version "4.0") '' + KVM_GENERIC_DIRTYLOG_READ_PROTECT y + ''} + ${optionalString (!features.grsecurity or true) '' + KVM_GUEST y + ''} + KVM_MMIO y + ${optionalString (versionAtLeast version "3.13") '' + KVM_VFIO y + ''} XEN? y XEN_DOM0? y ${optionalString ((versionAtLeast version "3.18") && (features.xen_dom0 or false)) '' @@ -437,10 +478,7 @@ with stdenv.lib; ''} ZRAM m - ${optionalString (versionAtLeast version "3.17") "NFC? n"} - - # Enable firmware loading via udev. Only needed for non-declarative - # firmware in /root/test-firmware. + # Enable firmware loading via udev (legacy). ${optionalString (versionAtLeast version "3.17") '' FW_LOADER_USER_HELPER_FALLBACK y ''} |