From d8a218524a4abc5fac99b4501a8c951e864b4c1c Mon Sep 17 00:00:00 2001 From: Simon Gardling Date: Wed, 22 Apr 2026 15:27:12 -0400 Subject: [PATCH] kernel: disable more things --- modules/desktop-common.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/modules/desktop-common.nix b/modules/desktop-common.nix index 1016441..0116f6c 100644 --- a/modules/desktop-common.nix +++ b/modules/desktop-common.nix @@ -132,6 +132,7 @@ "6LOWPAN" = lib.mkForce no; NET_9P = lib.mkForce no; BATMAN_ADV = lib.mkForce no; + CAIF = lib.mkForce no; # tv tuners / digital video broadcasting MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no; @@ -174,6 +175,8 @@ SIOX = lib.mkForce no; SLIMBUS = lib.mkForce no; WWAN = lib.mkForce no; + QFMT_V1 = lib.mkForce no; + FIREWIRE_NOSY = lib.mkForce no; # nvidia gpu DRM_NOUVEAU = lib.mkForce no; @@ -234,6 +237,8 @@ # fpga FPGA = lib.mkForce no; + XILLYBUS = lib.mkForce no; + XILLYUSB = lib.mkForce no; # old x86 cpufreq / platform (both systems are modern Zen) AMD_NUMA = lib.mkForce no; @@ -255,6 +260,31 @@ SGETMASK_SYSCALL = lib.mkForce no; UID16 = lib.mkForce no; X86_X32_ABI = lib.mkForce no; + + # Disable EXT2 + EXT2_FS = lib.mkForce no; + EXT4_USE_FOR_EXT2 = lib.mkForce yes; + + # disable unused security stuff + SECURITY_TOMOYO = lib.mkForce no; + SECURITY_YAMA = lib.mkForce no; + SECURITY_SELINUX = lib.mkForce no; + SECURITY_APPARMOR = lib.mkForce no; + INTEGRITY = lib.mkForce no; + SECURITY_IPE = lib.mkForce no; + SECURITY_LANDLOCK = lib.mkForce no; + SECURITY_SMACK = lib.mkForce no; + + # I am not a switch + NET_SWITCHDEV = lib.mkForce no; + + # incorrect ARCH + XZ_DEC_POWERPC = lib.mkForce no; + XZ_DEC_ARM = lib.mkForce no; + XZ_DEC_ARMTHUMB = lib.mkForce no; + XZ_DEC_ARM64 = lib.mkForce no; + XZ_DEC_SPARC = lib.mkForce no; + XZ_DEC_RISCV = lib.mkForce no; }; } ];