From 08c9f53265176128053e140bd47f34fed6f2f894 Mon Sep 17 00:00:00 2001 From: s0me1newithhand7s Date: Fri, 29 May 2026 00:03:12 +0300 Subject: [PATCH] fix(ada): initrd & kernel fixes Signed-off-by: s0me1newithhand7s --- ada/boot/initrd.nix | 12 +++++++-- ada/boot/kernel.nix | 65 ++++++++++++++++++++++++++++++++++----------- 2 files changed, 60 insertions(+), 17 deletions(-) diff --git a/ada/boot/initrd.nix b/ada/boot/initrd.nix index a6b9a83..5b9a541 100644 --- a/ada/boot/initrd.nix +++ b/ada/boot/initrd.nix @@ -10,17 +10,18 @@ _: { "sd_mod" "btrfs" "cryptd" + "tpm" + "hid_generic" ]; supportedFilesystems = { - ntfs = true; + bcachefs = true; vfat = true; btrfs = true; }; kernelModules = [ "amdgpu" - "zenpower" "i2c-dev" ]; @@ -28,6 +29,13 @@ _: { devices = { cryptroot = { device = "/dev/disk/by-id/nvme-KINGSTON_SKC3000S_1024G_AA000000000000000013-part2"; + crypttabExtraOpts = [ + "fido2-device=auto" + "fido2-pin=true" + "tpm2-device=auto" + "tpm2-pin=true" + # "headless=true" + ]; }; }; }; diff --git a/ada/boot/kernel.nix b/ada/boot/kernel.nix index 1f4c0cb..fedfb3e 100644 --- a/ada/boot/kernel.nix +++ b/ada/boot/kernel.nix @@ -1,55 +1,85 @@ { config, - pkgs, + self, ... }: { boot = { kernel = { sysctl = { - "vm.swappiness" = 100; + "vm.swappiness" = 150; "vm.dirty_background_bytes" = 67108864; "vm.dirty_bytes" = 268435456; "vm.dirty_expire_centisecs" = 1500; "vm.dirty_writeback_centisecs" = 100; "vm.vfs_cache_pressure" = 50; "vm.max_map_count" = 1048576; + "vm.page-cluster" = 0; + + "net.core.bpf_jit_harden" = 1; + + "dev.tty.ldisc_autoload" = 0; + + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + "net.ipv4.tcp_rfc1337" = 1; + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.icmp_echo_ignore_broadcasts" = 1; + + "kernel.dmesg_restrict" = 1; + "kernel.kptr_restrict" = 2; }; }; - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = self.inputs."nix-cachyos-kernel".legacyPackages.x86_64-linux.linuxPackages-cachyos-latest-lto-x86_64-v3; extraModulePackages = with config.boot.kernelPackages; [ - zenpower v4l2loopback ]; kernelModules = [ "amdgpu" - "zenpower" "v4l2loopback" - "i2c_dev" + "i2c-dev" + "ntsync" ]; kernelParams = [ - "amd_pstate=guided" - "udev.log_priority=3" + "amd_pstate=active" + "amd_iommu=force" + + "iommu=pt" + + "amdgpu.gpu_recovery=1" + "pcie_aspm=performance" + "quiet" "splash" "boot.shell_on_fail" "loglevel=3" "rd.systemd.show_status=false" "rd.udev.log_level=3" - - "page_alloc.shuffle=1" - "page_poison=1" - "slab_nomerge" - "zswap.enabled=0" + "udev.log_priority=3" "kernel.watchdog=0" + "mitigations=auto" + "lockdown=integrity" + "init_on_alloc=1" + "init_on_free=1" + "slab_nomerge" + "page_alloc.shuffle=1" + "vsyscall=none" "oops=panic" ]; blacklistedKernelModules = [ - "k10temp" + "dccp" + "sctp" + "rds" + "tipc" + "n-hdlc" "ax25" "netrom" "rose" @@ -77,12 +107,17 @@ "ufs" "sp5100-tco" "iTCO_wdt" + "ntfs3" + "appletalk" + "psnap" + "p8022" + "p8023" ]; supportedFilesystems = { - ntfs = true; vfat = true; btrfs = true; + bcachefs = true; }; consoleLogLevel = 0;