From 448fe0d07aee1e3c3e527977194a669f50ebe3d0 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Tue, 14 Apr 2026 13:24:18 -0400
Subject: [PATCH] kernel: strip out some things I won't use

---
 home-manager/progs/zen/default.nix |  3 ++
 system/common.nix                  | 60 ++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)

diff --git a/home-manager/progs/zen/default.nix b/home-manager/progs/zen/default.nix
index 797673a..ba616e0 100644
--- a/home-manager/progs/zen/default.nix
+++ b/home-manager/progs/zen/default.nix
@@ -109,6 +109,9 @@ in
         # https://github.com/nix-community/home-manager/issues/6083
         "services.sync.engine.prefs" = false;
         "services.sync.engine.addons" = false;
+        # use a separate default search engine in private windows
+        "browser.search.separatePrivateDefault.ui.enabled" = true;
+        "browser.search.separatePrivateDefault" = true;
         # disable built-in password manager — using bitwarden
         "signon.rememberSignons" = false;
         "signon.autofillForms" = false;
diff --git a/system/common.nix b/system/common.nix
index 74189a4..af1638f 100644
--- a/system/common.nix
+++ b/system/common.nix
@@ -100,6 +100,66 @@
   # kernel options
   boot = {
 
+    # disable legacy subsystems neither host will ever use
+    kernelPatches = [
+      {
+        name = "disable-legacy-subsystems";
+        patch = null;
+        structuredExtraConfig = with lib.kernel; {
+          # ancient bus/card standards
+          PCMCIA = lib.mkForce no;
+          PCCARD = lib.mkForce no;
+          PARPORT = lib.mkForce no;
+          GAMEPORT = lib.mkForce no;
+          FIREWIRE = lib.mkForce no;
+          AGP = lib.mkForce no;
+
+          # legacy networking
+          ATM = lib.mkForce no;
+          FDDI = lib.mkForce no;
+          ISDN = lib.mkForce no;
+          CAN = lib.mkForce no;
+          NFC = lib.mkForce no;
+          INFINIBAND = lib.mkForce no;
+
+          # amateur radio (HAMRADIO is the umbrella but these are separate symbols)
+          HAMRADIO = lib.mkForce no;
+          AX25 = lib.mkForce no;
+          NETROM = lib.mkForce no;
+          ROSE = lib.mkForce no;
+
+          # dead protocols
+          PHONET = lib.mkForce no;
+          IEEE802154 = lib.mkForce no;
+          "6LOWPAN" = lib.mkForce no;
+
+          # tv tuners / digital video broadcasting
+          MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
+          MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
+          DVB_CORE = lib.mkForce no;
+
+          # hypervisor guest support (bare metal only)
+          HYPERV = lib.mkForce no;
+          VMWARE_VMCI = lib.mkForce no;
+
+          # staging drivers (experimental/unmaintained)
+          STAGING = lib.mkForce no;
+
+          # misc legacy
+          MOST = lib.mkForce no;
+          PPDEV = lib.mkForce no;
+          PHANTOM = lib.mkForce no;
+          W1 = lib.mkForce no;
+          X86_ANDROID_TABLETS = lib.mkForce no;
+
+          # deprecated userland compat
+          SGETMASK_SYSCALL = lib.mkForce no;
+          UID16 = lib.mkForce no;
+          X86_X32_ABI = lib.mkForce no;
+        };
+      }
+    ];
+
     # aes_generic is built-in as of linux 7.0, no longer a loadable module
     initrd.luks.cryptoModules = lib.mkForce (
       lib.filter (m: m != "aes_generic") options.boot.initrd.luks.cryptoModules.default