From 58efb77c911d4cc75bd24aa7a7adc81469e2d912 Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Tue, 30 Jul 2024 20:22:35 +0200 Subject: [PATCH] Add minified kernel --- systems/nixos-fw16/default.nix | 44 ++++- systems/nixos-fw16/mini_kernel.nix | 47 +++++ systems/nixos-fw16/modprobed.db | 274 +++++++++++++++++++++++++++++ systems/nixos-fw16/pkgs-for.nix | 104 +++++++++++ 4 files changed, 467 insertions(+), 2 deletions(-) create mode 100644 systems/nixos-fw16/mini_kernel.nix create mode 100644 systems/nixos-fw16/modprobed.db create mode 100644 systems/nixos-fw16/pkgs-for.nix diff --git a/systems/nixos-fw16/default.nix b/systems/nixos-fw16/default.nix index 42a5649..7f360ff 100644 --- a/systems/nixos-fw16/default.nix +++ b/systems/nixos-fw16/default.nix @@ -25,6 +25,32 @@ ./disks.nix ]; + #################### + systemd.user = { + services.modprobed-db = { + description = "modprobed-db service to scan and store new kernel modules"; + wants = [ "modprobed-db.timer" ]; + wantedBy = [ "default.target" ]; + serviceConfig = { + ExecStart = "${pkgs.modprobed-db}/bin/modprobed-db storesilent"; + ExecStop = "${pkgs.modprobed-db}/bin/modprobed-db storesilent"; + Type = "simple"; + }; + path = builtins.attrValues { + inherit (pkgs) gawk getent coreutils gnugrep gnused kmod; + }; + }; + timers.modprobed-db = { + wantedBy = [ "timers.target" ]; + partOf = [ "modprobed-db.service" ]; + timerConfig = { + Persistent = true; + OnUnitActiveSec = "1h"; + }; + }; + }; + ################ + security.sudo-rs.wheelNeedsPassword = lib.mkForce true; # unneded due to fp sensor # Power mgmt @@ -59,7 +85,9 @@ boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; environment.etc."specialisation".text = "linux-latest"; - system.nixos.tags = [ "linux-latest" ]; + system.nixos.tags = [ + "linux-latest" + ]; }; specialisation.linux-zen.configuration = { @@ -78,9 +106,19 @@ system.nixos.tags = [ "linux-xanmod-latest" ]; }; + specialisation.linux-cachy-mini.configuration = { + boot.kernelPackages = lib.mkForce (import ./mini_kernel.nix { + inherit inputs lib; + pkgs = pkgs.pkgsAMD64Microarchs.znver4; + }); + + environment.etc."specialisation".text = "linux-cachy-mini"; + system.nixos.tags = [ "linux-cachy-mini" ]; + }; + boot = { # kernelPackages = pkgs.linuxPackages_cachyos; # bootstrap - kernelPackages = pkgs.pkgsAMD64Microarchs.znver4.linuxPackages_cachyos; # TODO see above, include into module + kernelPackages = pkgs.pkgsAMD64Microarchs.znver4.linuxPackages_cachyos; kernelPatches = [ ]; kernelParams = [ # "systemd.unit=emergency.target" @@ -95,6 +133,8 @@ systemd-boot = { enable = false; # due to lanzaboote configurationLimit = 16; + + memtest86.enable = true; }; efi.canTouchEfiVariables = true; }; diff --git a/systems/nixos-fw16/mini_kernel.nix b/systems/nixos-fw16/mini_kernel.nix new file mode 100644 index 0000000..17cfe32 --- /dev/null +++ b/systems/nixos-fw16/mini_kernel.nix @@ -0,0 +1,47 @@ +{ inputs +, lib +, pkgs +, ... +}: +let + mainVersions = lib.importJSON "${inputs.chaotic}/pkgs/linux-cachyos/versions.json"; + mainConfig = import "${inputs.chaotic}/pkgs/linux-cachyos/config-nix/cachyos.x86_64-linux.nix"; + usedModules = builtins.readFile ./modprobed.db; + toLowerParts = list: (lib.lists.unique + (lib.lists.flatten + (builtins.map + (elem: (lib.strings.splitString "_" (lib.strings.toLower elem))) + list))); + usedModuleNames = builtins.map (x: lib.strings.toLower x) (lib.strings.splitString "\n" usedModules); + usedModuleNameParts = toLowerParts usedModuleNames; + filterParts = [ "crypto" "intel" "hid" "drm" "x86" "64" "" ]; + usedModuleNamePartsFiltered = (lib.lists.partition (elem: !(builtins.elem elem filterParts)) usedModuleNameParts).right; + usedModuleNamePartsTrace = builtins.trace usedModuleNameParts usedModuleNamePartsFiltered; + filteredConfig = builtins.listToAttrs ( + builtins.map + (attr: + let + no_conf_key = builtins.replaceStrings [ "CONFIG_" ] [ "" ] attr.name; + in + { + name = attr.name; + value = + if + attr.value + == "m" + && !(builtins.elem (lib.strings.toLower no_conf_key) usedModuleNames) + && ((lib.lists.intersectLists (toLowerParts [ no_conf_key ]) usedModuleNamePartsFiltered) == [ ]) + then "n" + else attr.value; + }) + (builtins.attrValues (builtins.mapAttrs (name: value: { inherit name value; }) mainConfig)) + ); + mkCachyKernel = attrs: pkgs.callPackage ./pkgs-for.nix ({ versions = mainVersions; } // attrs); + mainKernel = mkCachyKernel { + inherit inputs; + taste = "linux-cachyos"; + kConfig = filteredConfig; + withUpdateScript = "stable"; + }; +in +mainKernel diff --git a/systems/nixos-fw16/modprobed.db b/systems/nixos-fw16/modprobed.db new file mode 100644 index 0000000..805c1dd --- /dev/null +++ b/systems/nixos-fw16/modprobed.db @@ -0,0 +1,274 @@ +ac97_bus +adiantum +aesni_intel +af_alg +algif_hash +algif_skcipher +amd_atl +amdgpu +amd_pmc +amd_pmf +amd_sfh +amdtee +amdxcp +asn1_encoder +atkbd +bcachefs +blowfish_common +blowfish_generic +blowfish_x86_64 +bluetooth +bnep +bridge +br_netfilter +btbcm +btintel +btmtk +btrtl +btusb +camellia_aesni_avx2 +camellia_aesni_avx_x86_64 +camellia_generic +camellia_x86_64 +cast5_avx_x86_64 +cast5_generic +cast_common +cbc +ccp +cdc_acm +cdc_ether +cdc_mbim +cdc_ncm +cdc_wdm +cec +cfg80211 +chacha_x86_64 +cifs +cifs_arc4 +cifs_md4 +cmac +crc16 +crc32c_generic +crc32c_intel +crc32_pclmul +crct10dif_pclmul +cros_ec +cros_ec_chardev +cros_ec_debugfs +cros_ec_dev +cros_ec_lpcs +cros_ec_sysfs +cros_usbpd_charger +cros_usbpd_logger +cros_usbpd_notify +cryptd +crypto_simd +curve25519_x86_64 +des3_ede_x86_64 +des_generic +dimlib +dm_crypt +dm_mod +dns_resolver +drm_buddy +drm_display_helper +drm_exec +drm_suballoc_helper +drm_ttm_helper +encrypted_keys +fat +framework_laptop +gf128mul +ghash_clmulni_intel +gpio_cros_ec +gpu_sched +hid_generic +hid_multitouch +hid_sensor_als +hid_sensor_hub +hid_sensor_iio_common +hid_sensor_trigger +i2c_algo_bit +i2c_dev +i2c_hid +i2c_hid_acpi +i2c_piix4 +ib_cm +ib_core +industrialio +industrialio_triggered_buffer +inet_diag +intel_rapl_common +intel_rapl_msr +ip6t_rpfilter +ip6_udp_tunnel +ip_tables +ipt_REJECT +ipt_rpfilter +iw_cm +joydev +k10temp +kfifo_buf +kvm +kvm_amd +libarc4 +libchacha +libchacha20poly1305 +libcrc32c +libcurve25519_generic +libdes +libpoly1305 +libps2 +llc +loop +lrw +lz4_compress +lz4hc_compress +mac80211 +mac_hid +macvlan +mii +mousedev +mt76 +mt76_connac_lib +mt7921_common +mt7921e +mt792x_lib +netfs +nf_conntrack +nf_conntrack_broadcast +nf_conntrack_netbios_ns +nf_conntrack_netlink +nf_defrag_ipv4 +nf_defrag_ipv6 +nf_log_syslog +nf_nat +nfnetlink +nf_reject_ipv4 +nf_tables +nft_chain_nat +nft_compat +nhpoly1305 +nhpoly1305_avx2 +nhpoly1305_sse2 +nls_iso8859_1 +nls_ucs2_utils +nls_utf8 +nvme +nvme_auth +nvme_core +overlay +platform_profile +poly1305_x86_64 +polyval_clmulni +polyval_generic +qrtr +raid6_pq +rapl +rdma_cm +rfcomm +rfkill +roles +ryzen_smu +sch_fq_codel +serio +serpent_avx2 +serpent_avx_x86_64 +serpent_generic +serpent_sse2_x86_64 +sha1_ssse3 +sha256_ssse3 +sha512_ssse3 +snd +snd_acp_config +snd_acp_legacy_common +snd_acp_pci +snd_amd_sdw_acpi +snd_compress +snd_hda_codec +snd_hda_codec_generic +snd_hda_codec_hdmi +snd_hda_codec_realtek +snd_hda_core +snd_hda_intel +snd_hda_scodec_component +snd_hrtimer +snd_hwdep +snd_intel_dspcfg +snd_intel_sdw_acpi +snd_pci_acp3x +snd_pci_acp5x +snd_pci_acp6x +snd_pci_ps +snd_pcm +snd_pcm_dmaengine +snd_rn_pci_acp3x +snd_rpl_pci_acp6x +snd_seq +snd_seq_device +snd_seq_dummy +snd_soc_acpi +snd_soc_core +snd_sof +snd_sof_amd_acp +snd_sof_amd_acp63 +snd_sof_amd_rembrandt +snd_sof_amd_renoir +snd_sof_amd_vangogh +snd_sof_pci +snd_sof_utils +snd_sof_xtensa_dsp +snd_timer +soundcore +soundwire_amd +soundwire_bus +soundwire_generic_allocation +sp5100_tco +stp +tap +tcp_diag +tee +thunderbolt +trusted +ttm +tun +twofish_avx_x86_64 +twofish_common +twofish_generic +twofish_x86_64 +twofish_x86_64_3way +typec +typec_displayport +typec_ucsi +uas +ucsi_acpi +udp_tunnel +uinput +usbhid +usbnet +usb_storage +veth +vfat +video +vivaldi_fmap +wireguard +wmi +wmi_bmof +xfrm_algo +xfrm_user +xhci_pci +xhci_pci_renesas +xor +x_tables +xt_addrtype +xt_CHECKSUM +xt_conntrack +xt_CT +xt_LOG +xt_mark +xt_MASQUERADE +xt_nat +xt_pkttype +xts +xt_tcpudp +zram diff --git a/systems/nixos-fw16/pkgs-for.nix b/systems/nixos-fw16/pkgs-for.nix new file mode 100644 index 0000000..adca4e7 --- /dev/null +++ b/systems/nixos-fw16/pkgs-for.nix @@ -0,0 +1,104 @@ +{ stdenv +, inputs +, taste +, kConfig +, versions +, callPackage +, linuxPackages +, linuxPackagesFor +, fetchFromGitHub +, nyxUtils +, lib +, ogKernelConfigfile ? linuxPackages.kernel.passthru.configfile +, # those are set in their PKGBUILDs + kernelPatches ? { } +, basicCachy ? true +, cpuSched ? "cachyos" +, useLTO ? "none" +, ticksHz ? 500 +, tickRate ? "full" +, preempt ? "full" +, hugePages ? "always" +, withDAMON ? false +, withNTSync ? true +, withHDR ? true +, withoutDebug ? false +, description ? "Linux EEVDF-BORE scheduler Kernel by CachyOS with other patches and improvements" +, withUpdateScript ? null +, packagesExtend ? null +, +}: +let + cachyConfig = { + inherit + taste + versions + basicCachy + cpuSched + useLTO + ticksHz + tickRate + preempt + hugePages + withDAMON + withNTSync + withHDR + withoutDebug + description + withUpdateScript + ; + }; + + # The three phases of the config + # - First we apply the changes fromt their PKGBUILD using kconfig; + # - Then we NIXify it (in the update-script); + # - Last state is importing the NIXified version for building. + preparedConfigfile = callPackage "${inputs.chaotic}/pkgs/linux-cachyos/prepare.nix" { + inherit cachyConfig stdenv kernel ogKernelConfigfile; + }; + kconfigToNix = callPackage "${inputs.chaotic}/pkgs/linux-cachyos/lib/kconfig-to-nix.nix" { + configfile = preparedConfigfile; + }; + linuxConfigTransfomed = kConfig; + + kernel = callPackage "${inputs.chaotic}/pkgs/linux-cachyos/kernel.nix" { + inherit cachyConfig stdenv kconfigToNix; + kernelPatches = [ ]; + configfile = preparedConfigfile; + config = linuxConfigTransfomed; + }; + + # CachyOS repeating stuff. + addZFS = _finalAttrs: prevAttrs: { + kernel_configfile = prevAttrs.kernel.configfile; + zfs_cachyos = prevAttrs.zfs_unstable.overrideAttrs (prevAttrs: { + src = fetchFromGitHub { + owner = "cachyos"; + repo = "zfs"; + inherit (versions.zfs) rev hash; + }; + meta = prevAttrs.meta // { broken = false; }; + patches = [ ]; + }); + }; + + basePackages = linuxPackagesFor kernel; + packagesWithZFS = basePackages.extend addZFS; + packagesWithExtend = + if packagesExtend == null + then packagesWithZFS + else packagesWithZFS.extend (packagesExtend kernel); + packagesWithoutZFS = removeAttrs packagesWithExtend [ "zfs" "zfs_2_1" "zfs_2_2" "zfs_unstable" ]; + packagesWithoutUpdateScript = nyxUtils.dropAttrsUpdateScript packagesWithoutZFS; + packagesWithRightPlatforms = nyxUtils.setAttrsPlatforms supportedPlatforms packagesWithoutUpdateScript; + + supportedPlatforms = [ (with lib.systems.inspect.patterns; isx86_64 // isLinux) "x86_64-linux" ]; + + versionSuffix = "+C${nyxUtils.shorter versions.config.rev}+P${nyxUtils.shorter versions.patches.rev}"; +in +packagesWithRightPlatforms + // { + _description = "Kernel and modules for ${description}"; + _version = "${versions.linux.version}${versionSuffix}"; + inherit (basePackages) kernel; # This one still has the updateScript +}