kernel: strip out some things I won't use

2026-04-14 13:24:18 -04:00
parent abb762604d
commit 448fe0d07a
2 changed files with 63 additions and 0 deletions
--- a/home-manager/progs/zen/default.nix
+++ b/home-manager/progs/zen/default.nix
@@ -109,6 +109,9 @@ in
        # https://github.com/nix-community/home-manager/issues/6083
        "services.sync.engine.prefs" = false;
        "services.sync.engine.addons" = false;
+        # use a separate default search engine in private windows
+        "browser.search.separatePrivateDefault.ui.enabled" = true;
+        "browser.search.separatePrivateDefault" = true;
        # disable built-in password manager — using bitwarden
        "signon.rememberSignons" = false;
        "signon.autofillForms" = false;
--- a/system/common.nix
+++ b/system/common.nix
@@ -100,6 +100,66 @@
  # kernel options
  boot = {

+    # disable legacy subsystems neither host will ever use
+    kernelPatches = [
+      {
+        name = "disable-legacy-subsystems";
+        patch = null;
+        structuredExtraConfig = with lib.kernel; {
+          # ancient bus/card standards
+          PCMCIA = lib.mkForce no;
+          PCCARD = lib.mkForce no;
+          PARPORT = lib.mkForce no;
+          GAMEPORT = lib.mkForce no;
+          FIREWIRE = lib.mkForce no;
+          AGP = lib.mkForce no;
+
+          # legacy networking
+          ATM = lib.mkForce no;
+          FDDI = lib.mkForce no;
+          ISDN = lib.mkForce no;
+          CAN = lib.mkForce no;
+          NFC = lib.mkForce no;
+          INFINIBAND = lib.mkForce no;
+
+          # amateur radio (HAMRADIO is the umbrella but these are separate symbols)
+          HAMRADIO = lib.mkForce no;
+          AX25 = lib.mkForce no;
+          NETROM = lib.mkForce no;
+          ROSE = lib.mkForce no;
+
+          # dead protocols
+          PHONET = lib.mkForce no;
+          IEEE802154 = lib.mkForce no;
+          "6LOWPAN" = lib.mkForce no;
+
+          # tv tuners / digital video broadcasting
+          MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
+          MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
+          DVB_CORE = lib.mkForce no;
+
+          # hypervisor guest support (bare metal only)
+          HYPERV = lib.mkForce no;
+          VMWARE_VMCI = lib.mkForce no;
+
+          # staging drivers (experimental/unmaintained)
+          STAGING = lib.mkForce no;
+
+          # misc legacy
+          MOST = lib.mkForce no;
+          PPDEV = lib.mkForce no;
+          PHANTOM = lib.mkForce no;
+          W1 = lib.mkForce no;
+          X86_ANDROID_TABLETS = lib.mkForce no;
+
+          # deprecated userland compat
+          SGETMASK_SYSCALL = lib.mkForce no;
+          UID16 = lib.mkForce no;
+          X86_X32_ABI = lib.mkForce no;
+        };
+      }
+    ];
+
    # aes_generic is built-in as of linux 7.0, no longer a loadable module
    initrd.luks.cryptoModules = lib.mkForce (
      lib.filter (m: m != "aes_generic") options.boot.initrd.luks.cryptoModules.default