{ lib, hostPlatform, ... }@args: with lib.kernel; (import ./disable.nix args) // (import ./systemd.nix args) // { KERNEL_ZSTD = yes; SYSVIPC = yes; POSIX_MQUEUE = yes; AUDIT = no; NO_HZ_FULL = yes; HIGH_RES_TIMERS = yes; BPF_SYSCALL = yes; BPF_JIT = yes; BPF_JIT_ALWAYS_ON = yes; SCHED_CORE = yes; CPU_ISOLATION = yes; UTS_NS = yes; TIME_NS = yes; USER_NS = yes; PID_NS = yes; SCHED_AUTOGROUP = yes; BLK_DEV_INITRD = yes; RD_GZIP = no; RD_BZIP2 = no; RD_LZMA = no; RD_XZ = no; RD_LZO = no; RD_LZ4 = no; RD_ZSTD = yes; BOOT_CONFIG = yes; EXPERT = yes; SGETMASK_SYSCALL = no; SYSFS_SYSCALL = no; PCSPKR_PLATFORM = no; KALLSYMS = yes; KALLSYMS_ALL = no; SMP = yes; SCHED_MC = yes; SCHED_CLUSTER = option yes; SCHED_SMT = option yes; NUMA = yes; EFI = yes; EFI_STUB = yes; HZ_1000 = yes; RELOCATABLE = yes; RANDOMIZE_BASE = yes; RANDOMIZE_MEMORY = yes; PM = yes; ENERGY_MODEL = yes; ACPI = yes; ACPI_APEI = yes; ACPI_NUMA = yes; CPU_FREQ = yes; CPU_FREQ_STAT = yes; CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes; CPU_FREQ_GOV_SCHEDUTIL = yes; CPU_IDLE = yes; CPU_IDLE_GOV_MENU = no; CPU_IDLE_GOV_TEO = yes; JUMP_LABEL = yes; SECCOMP = yes; STACKPROTECTOR = yes; STACKPROTECTOR_STRONG = yes; LTO_CLANG_FULL = yes; CFI_CLANG = yes; VMAP_STACK = yes; RANDOMIZE_KSTACK_OFFSET_DEFAULT = yes; BLK_DEV_WRITE_MOUNTED = yes; BLK_WBT = yes; BLK_WBT_MQ = yes; PARTITION_ADVANCED = yes; MSDOS_PARTITION = no; EFI_PARTITION = yes; MQ_IOSCHED_DEADLINE = yes; MQ_IOSCHED_KYBER = yes; IOSCHED_BFQ = yes; BINFMT_ELF = yes; CORE_DUMP_DEFAULT_ELF_HEADERS = yes; BINFMT_SCRIPT = yes; BINFMT_MISC = yes; COREDUMP = yes; SWAP = yes; SLAB_FREELIST_RANDOM = yes; SLAB_FREELIST_HARDENED = yes; SLAB_CANARY = yes; SLUB_CPU_PARTIAL = yes; RANDOM_KMALLOC_CACHES = yes; SHUFFLE_PAGE_ALLOCATOR = yes; COMPAT_BRK = no; SPARSEMEM_VMEMMAP = yes; MEMORY_HOTPLUG = yes; MEMORY_HOTREMOVE = yes; COMPACTION = yes; MIGRATION = yes; KSM = yes; TRANSPARENT_HUGEPAGE = yes; TRANSPARENT_HUGEPAGE_ALWAYS = yes; READ_ONLY_THP_FOR_FS = yes; DEFERRED_STRUCT_PAGE_INIT = yes; ZONE_DEVICE = yes; DEVICE_PRIVATE = yes; LRU_GEN = option yes; LRU_GEN_ENABLED = option yes; NET = yes; PACKET = yes; PACKET_DIAG = yes; UNIX = yes; UNIX_DIAG = yes; XDP_SOCKETS = yes; XDP_SOCKETS_DIAG = yes; INET = yes; SYN_COOKIES = yes; INET_DIAG = yes; INET_UDP_DIAG = yes; INET_RAW_DIAG = yes; TCP_CONG_ADVANCED = yes; TCP_CONG_BIC = no; TCP_CONG_CUBIC = no; TCP_CONG_WESTWOOD = no; TCP_CONG_HTCP = no; TCP_CONG_BBR = yes; DEFAULT_BBR = yes; IPV6 = yes; NETFILTER = yes; NETFILTER_ADVANCED = yes; NETFILTER_INGRESS = yes; NETFILTER_EGRESS = yes; NETFILTER_NETLINK_LOG = yes; NF_LOG_SYSLOG = yes; NF_CONNTRACK = yes; NF_TABLES = yes; NF_TABLES_INET = yes; NFT_CT = yes; NFT_CONNLIMIT = yes; NFT_LIMIT = yes; NFT_LOG = yes; NFT_REJECT = yes; NFT_FIB_INET = yes; NF_TABLES_IPV4 = yes; NFT_FIB_IPV4 = yes; NF_TABLES_IPV6 = yes; NFT_FIB_IPV6 = yes; NET_SCH_CAKE = yes; NET_SCH_FQ = yes; NET_SCH_DEFAULT = yes; DEFAULT_FQ = yes; DEFAULT_NET_SCH = freeform "fq"; NETLINK_DIAG = yes; ETHTOOL_NETLINK = yes; PCI = yes; PCI_MSI = yes; PCI_HOST_GENERIC = option yes; DEVTMPFS = yes; DEVTMPFS_MOUNT = yes; DEVTMPFS_SAFE = yes; STANDALONE = yes; PREVENT_FIRMWARE_BUILD = yes; FW_LOADER_COMPRESS = yes; FW_LOADER_COMPRESS_XZ = no; FW_LOADER_COMPRESS_ZSTD = yes; ALLOW_DEV_COREDUMP = yes; SYSFB_SIMPLEFB = yes; EFI_VARS_PSTORE = yes; RESET_ATTACK_MITIGATION = yes; EFI_DISABLE_PCI_DMA = yes; BLK_DEV = yes; ZRAM = yes; ZRAM_DEF_COMP_ZSTD = yes; ZRAM_WRITEBACK = yes; BLK_DEV_LOOP = yes; BLK_DEV_LOOP_MIN_COUNT = freeform "0"; NETDEVICES = yes; NET_CORE = yes; INPUT = yes; INPUT_SPARSEKMAP = yes; INPUT_EVDEV = yes; INPUT_KEYBOARD = yes; TTY = yes; VT = yes; CONSOLE_TRANSLATIONS = yes; VT_CONSOLE = yes; UNIX98_PTYS = yes; SERIAL_DEV_BUS = yes; SERIAL_DEV_CTRL_TTYPORT = yes; HW_RANDOM = yes; TCG_TPM = yes; TCG_TPM2_HMAC = yes; HW_RANDOM_TPM = yes; TCG_TIS = yes; TCG_CRB = yes; WATCHDOG = yes; WATCHDOG_HANDLE_BOOT_ENABLED = yes; DRM_SIMPLE_DRM = option yes; FB = yes; FB_EFI = yes; FB_SIMPLE = option yes; FB_DEVICE = no; VGA_CONSOLE = no; FRAMEBUFFER_CONSOLE = yes; FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes; HID_SUPPORT = yes; HID = yes; HIDRAW = yes; UHID = yes; HID_GENERIC = yes; USB_HID = yes; USB_HIDDEV = yes; USB_SUPPORT = yes; USB = yes; USB_PCI = yes; USB_PCI_AMD = no; USB_ANNOUNCE_NEW_DEVICES = yes; USB_DEFAULT_PERSIST = yes; USB_DYNAMIC_MINORS = yes; USB_LEDS_TRIGGER_USBPORT = yes; USB_XHCI_HCD = yes; USB_XHCI_PCI = yes; RTC_CLASS = yes; DMADEVICES = yes; ASYNC_TX_DMA = option yes; STAGING = yes; IOMMU_SUPPORT = yes; IOMMU_DEFAULT_DMA_STRICT = yes; IRQ_REMAP = yes; MSDOS_FS = yes; VFAT_FS = yes; FAT_DEFAULT_UTF8 = yes; PROC_FS = yes; PROC_KCORE = no; PROC_SYSCTL = yes; PROC_PAGE_MONITOR = yes; SYSFS = yes; TMPFS = yes; TMPFS_POSIX_ACL = yes; HUGETLBFS = yes; HUGETLB_PAGE_OPTIMIZE_VMEMMAP = yes; HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON = yes; EFIVAR_FS = yes; NLS = yes; NLS_CODEPAGE_437 = yes; NLS_ISO8859_1 = yes; UNICODE = yes; SECURITY_DMESG_RESTRICT = yes; SECURITY_PERF_EVENTS_RESTRICT = yes; SECURITY_TIOCSTI_RESTRICT = yes; SECURITY = yes; SECURITY_NETWORK = yes; SECURITY_YAMA = yes; SECURITY_LOCKDOWN_LSM = yes; SECURITY_LOCKDOWN_LSM_EARLY = yes; LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY = yes; SECURITY_LANDLOCK = yes; HARDENED_USERCOPY = yes; FORTIFY_SOURCE = yes; INIT_STACK_ALL_ZERO = yes; GCC_PLUGIN_STACKLEAK = option yes; INIT_ON_FREE_DEFAULT_ON = yes; ZERO_CALL_USED_REGS = yes; BUG_ON_DATA_CORRUPTION = yes; CRYPTO_ZSTD = yes; SWIOTLB_DYNAMIC = yes; FONTS = yes; FONT_TER16x32 = yes; DEBUG_BUGVERBOSE = yes; DEBUG_INFO_DWARF5 = yes; DEBUG_INFO_SPLIT = yes; STRIP_ASM_SYMS = yes; UBSAN = yes; UBSAN_BOUNDS = yes; UBSAN_SIGNED_WRAP = no; UBSAN_BOOL = no; UBSAN_ENUM = no; WARN_ALL_UNSEEDED_RANDOM = yes; DEBUG_WX = yes; KFENCE = yes; KFENCE_DEFERRABLE = yes; KFENCE_BUG_ON_DATA_CORRUPTION = yes; PANIC_ON_OOPS = yes; PANIC_TIMEOUT = freeform "-1"; EARLY_PRINTK = option no; } // lib.optionalAttrs hostPlatform.is64bit { "64BIT" = option yes; } // lib.optionalAttrs hostPlatform.isx86 (import ./x86.nix args) // lib.optionalAttrs hostPlatform.isRiscV (import ./riscv.nix args) // lib.optionalAttrs hostPlatform.isAarch64 (import ./arm64.nix args)