42 lines
943 B
Nix
42 lines
943 B
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
cfg = config.global.kernel;
|
|
in
|
|
{
|
|
options.global.kernel = {
|
|
enable = mkEnableOption "kernel version and configuration" // {
|
|
default = true;
|
|
};
|
|
lts = mkEnableOption "longterm kernel releases";
|
|
sysctl = {
|
|
enable = mkEnableOption "sysctl presets" // {
|
|
default = true;
|
|
};
|
|
harden = mkEnableOption "hardening sysctls" // {
|
|
default = true;
|
|
};
|
|
swappiness = mkOption {
|
|
type = with types; int;
|
|
default = 0;
|
|
description = "vm.swappiness value, should be zero for low memory SSD systems";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
boot.kernel.sysctl = {
|
|
"kernel.dmesg_restrict" = mkIf cfg.sysctl.harden 1;
|
|
"vm.swappiness" = cfg.sysctl.swappiness;
|
|
};
|
|
boot.kernelPackages =
|
|
with pkgs;
|
|
mkOverride 1001 (if cfg.lts then linuxPackages else linuxPackages_latest);
|
|
};
|
|
}
|