From a8982182b390cbffe990f1783aafa7fa895c6c73 Mon Sep 17 00:00:00 2001
From: Daniel Lundin <dln@arity.se>
Date: Mon, 11 Nov 2024 23:02:38 +0100
Subject: [PATCH 1/2] WIP: next step on image build
---
flake.lock | 157 +-
flake.nix | 191 +--
justfile | 8 +-
modules/config/minimal-modules.nix | 15 +
modules/config/minimal-system.nix | 26 +
modules/default.nix | 6 +
modules/filesystems.nix | 44 -
modules/generic.nix | 71 -
modules/image/disk/:w | 128 ++
modules/image/disk/builder.nix | 161 ++
modules/image/disk/default.nix | 128 ++
modules/image/disk/ssh.nix | 40 +
modules/image/disk/updater.nix | 86 +
modules/image/disk/veritysetup.nix | 39 +
modules/kernel/default.nix | 24 -
modules/kernel/generic.config | 2521 ----------------------------
modules/minimize.nix | 18 -
modules/network.nix | 17 -
modules/partitions.nix | 103 --
modules/patagia-agent.nix | 34 -
modules/profiles/base.nix | 86 +
modules/profiles/network.nix | 56 +
modules/profiles/server.nix | 43 +
modules/sysext.nix | 23 -
modules/system_overrides.nix | 5 -
modules/sysupdate.nix | 90 -
modules/utils.nix | 29 -
pkgs/composefs.nix | 5 +
pkgs/linux-firmware.nix | 12 +
pkgs/openssh.nix | 7 +
pkgs/qemu.nix | 30 +
pkgs/systemd-ukify.nix | 48 +
pkgs/systemd.nix | 10 +
tests/common.nix | 111 ++
tests/lib.nix | 9 +
tests/podman.nix | 22 +
tests/ssh-preseed.nix | 37 +
tests/system-update.nix | 45 +
utils/qemu-uefi-tpm.nix | 49 +
39 files changed, 1262 insertions(+), 3272 deletions(-)
create mode 100644 modules/config/minimal-modules.nix
create mode 100644 modules/config/minimal-system.nix
create mode 100644 modules/default.nix
delete mode 100644 modules/filesystems.nix
delete mode 100644 modules/generic.nix
create mode 100644 modules/image/disk/:w
create mode 100644 modules/image/disk/builder.nix
create mode 100644 modules/image/disk/default.nix
create mode 100644 modules/image/disk/ssh.nix
create mode 100644 modules/image/disk/updater.nix
create mode 100644 modules/image/disk/veritysetup.nix
delete mode 100644 modules/kernel/default.nix
delete mode 100644 modules/kernel/generic.config
delete mode 100644 modules/minimize.nix
delete mode 100644 modules/network.nix
delete mode 100644 modules/partitions.nix
delete mode 100644 modules/patagia-agent.nix
create mode 100644 modules/profiles/base.nix
create mode 100644 modules/profiles/network.nix
create mode 100644 modules/profiles/server.nix
delete mode 100644 modules/sysext.nix
delete mode 100644 modules/system_overrides.nix
delete mode 100644 modules/sysupdate.nix
delete mode 100644 modules/utils.nix
create mode 100644 pkgs/composefs.nix
create mode 100644 pkgs/linux-firmware.nix
create mode 100644 pkgs/openssh.nix
create mode 100644 pkgs/qemu.nix
create mode 100644 pkgs/systemd-ukify.nix
create mode 100644 pkgs/systemd.nix
create mode 100644 tests/common.nix
create mode 100644 tests/lib.nix
create mode 100644 tests/podman.nix
create mode 100644 tests/ssh-preseed.nix
create mode 100644 tests/system-update.nix
create mode 100644 utils/qemu-uefi-tpm.nix
diff --git a/flake.lock b/flake.lock
index e774dca..2f5f887 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,169 +1,24 @@
{
"nodes": {
- "advisory-db": {
- "flake": false,
- "locked": {
- "lastModified": 1727353582,
- "narHash": "sha256-2csMEEOZhvowVKZNBHk1kMJqk72ZMrPj9LQYCzP6EKs=",
- "owner": "rustsec",
- "repo": "advisory-db",
- "rev": "cb905e6e405834bdff1eb1e20c9b10edb5403889",
- "type": "github"
- },
- "original": {
- "owner": "rustsec",
- "repo": "advisory-db",
- "type": "github"
- }
- },
- "crane": {
- "locked": {
- "lastModified": 1727316705,
- "narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "repo": "crane",
- "type": "github"
- }
- },
- "flake-utils": {
- "inputs": {
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_2": {
- "inputs": {
- "systems": "systems_2"
- },
- "locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
"nixpkgs": {
"locked": {
- "lastModified": 1730785428,
- "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
- "owner": "nixos",
+ "lastModified": 1731139594,
+ "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
+ "owner": "NixOS",
"repo": "nixpkgs",
- "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
+ "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
"type": "github"
},
"original": {
- "owner": "nixos",
+ "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
- "patagia-agent": {
- "inputs": {
- "advisory-db": "advisory-db",
- "crane": "crane",
- "flake-utils": "flake-utils_2",
- "nixpkgs": [
- "nixpkgs"
- ],
- "rust-overlay": "rust-overlay"
- },
- "locked": {
- "lastModified": 1729636943,
- "narHash": "sha256-uEvMiMcKyAZ30ZZZuirCu9jM6DwEbNV2olsmSwLkmtg=",
- "ref": "main",
- "rev": "9ec0cf1dd5dc1bd64073b58681a8637c21b979c3",
- "revCount": 10,
- "type": "git",
- "url": "ssh://git@patagia.dev/patagia/patagia-agent"
- },
- "original": {
- "ref": "main",
- "type": "git",
- "url": "ssh://git@patagia.dev/patagia/patagia-agent"
- }
- },
"root": {
"inputs": {
- "flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs",
- "patagia-agent": "patagia-agent"
- }
- },
- "rust-overlay": {
- "inputs": {
- "nixpkgs": [
- "patagia-agent",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1727490462,
- "narHash": "sha256-OrrPiNBiikv9BR464XTT75FzOq7tKAvMbMi7YOKVIeg=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "11a13e50debafae4ae802f1d6b8585101516dd93",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "systems": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
- "systems_2": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
+ "nixpkgs": "nixpkgs"
}
}
},
diff --git a/flake.nix b/flake.nix
index 429ff87..f616a01 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,151 +2,70 @@
description = "PatOS is a minimal, immutable Linux distribution specialized for the Patagia Platform.";
inputs = {
- flake-utils.url = "github:numtide/flake-utils";
- nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
- patagia-agent.url = "git+ssh://git@patagia.dev/patagia/patagia-agent?ref=main";
- patagia-agent.inputs.nixpkgs.follows = "nixpkgs";
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs =
+ { self, nixpkgs }:
+ let
+ releaseVersion = "0.0.1";
+ system = "x86_64-linux";
+ updateUrl = "https://images.dl.patagia.dev/patos/";
+ pkgs = import nixpkgs { inherit system; };
+ in
{
- self,
- flake-utils,
- nixpkgs,
- patagia-agent,
- }:
- flake-utils.lib.eachDefaultSystem (
- system:
- let
+ nixosModules.server.imports = [
+ ./modules/profiles/server.nix
+ ];
- pkgs = import nixpkgs {
- inherit system;
- overlays = [
- (import ./overlays)
- ];
- };
+ nixosModules.image.imports = [
+ ./modules
+ ./modules/profiles/base.nix
+ ./modules/image/disk
+ ];
- # Prepare an update package for the system.
- mkUpdate =
- nixos:
- let
- config = nixos.config;
- in
- pkgs.runCommand "update-${config.system.image.version}"
- {
- nativeBuildInputs = with pkgs; [
- erofs-utils
- zstd
- ];
- }
- ''
- mkdir -p $out
- cp ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.store.raw $out/
-
- zstd -9 ${config.system.build.uki}/${config.system.boot.loader.ukiFile} \
- -o $out/${config.system.boot.loader.ukiFile}.zst
-
- zstd -9 ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.store.raw \
- -o $out/${config.boot.uki.name}_${config.system.image.version}.img.zst
- '';
-
- # Prepare a ready-to-boot disk image.
- mkInstallImage =
- nixos:
- let
- config = nixos.config;
- in
- pkgs.runCommand "update-${config.system.image.version}"
- {
- nativeBuildInputs = with pkgs; [
- qemu
- zstd
- ];
- }
- ''
- mkdir -p $out
- cp ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.raw $out/
- qemu-img convert -f raw -O qcow2 -C ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.raw $out/disk.qcow2
-
- zstd -9 ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.store.raw \
- -o $out/${config.boot.uki.name}_${config.system.image.version}.img.zst
-
- zstd -9 ${config.system.build.uki}/${config.system.boot.loader.ukiFile} \
- -o $out/${config.system.boot.loader.ukiFile}.zst
- '';
- in
- {
- devShells.${system}.default = pkgs.mkShell {
- packages = with pkgs; [
- erofs-utils
- just
- self.packages.${system}.qemu-efi
- squashfs-tools-ng
- ];
- };
-
- packages = {
- default = self.packages.${system}.patos_image;
- patos_image = mkInstallImage self.nixosConfigurations.${system}.patos;
- patos_update = mkUpdate self.nixosConfigurations.${system}.patos;
-
- image = system.build;
-
- # FIXME: only do for x86_64
- # A helper script to run the disk images above.
- qemu-efi = pkgs.writeShellApplication {
- name = "qemu-efi";
-
- runtimeInputs = [ pkgs.qemu_kvm ];
-
- text = ''
- set -ex
- state="/tmp/qemu-$USER"
- mkdir -p "$state"
- chmod 700 "$state"
- qemu-system-x86_64 \
- -cpu host \
- -machine q35,accel=kvm \
- -m 4G \
- -smp 8 \
- -display none \
- -chardev "stdio,id=char0,mux=on,logfile=$state/serial.log,signal=off" \
- -serial chardev:char0 \
- -mon chardev=char0 \
- -drive "if=pflash,format=raw,unit=0,readonly=on,file=${pkgs.OVMF.firmware}" \
- -drive "if=pflash,format=raw,unit=1,readonly=on,file=${pkgs.OVMF.variables}" \
- -netdev id=net00,type=user,hostfwd=tcp::2222-:22 \
- -device virtio-net-pci,netdev=net00 \
- "$@"
- '';
- };
- };
-
- nixosConfigurations = rec {
- patos = nixpkgs.lib.nixosSystem {
- specialArgs.pkgs = pkgs;
- system = system;
+ packages.${system} = {
+ patos =
+ (nixpkgs.lib.nixosSystem {
modules = [
+ (
+ { lib, ... }:
+ {
+ nixpkgs.hostPlatform = system;
+ system.stateVersion = "24.05";
+ }
+ )
{
- _module.args = {
- inherit patagia-agent;
- };
+ boot.kernelParams = [
+ "console=ttyS0"
+ "systemd.journald.forward_to_console"
+ ];
+ system.image.updates.url = "${updateUrl}";
+ system.image.id = "patos";
+ system.image.version = releaseVersion;
}
- ./modules/kernel
- ./modules/filesystems.nix
- ./modules/generic.nix
- ./modules/minimize.nix
- ./modules/network.nix
- # ./modules/patagia-agent.nix
- ./modules/partitions.nix
- ./modules/system_overrides.nix
- ./modules/sysext.nix
- ./modules/sysupdate.nix
- ./modules/utils.nix
+ self.nixosModules.image
+ self.nixosModules.server
];
- };
- };
+ }).config.system.build.updatePackage;
- }
- );
+ qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { inherit pkgs; };
+ };
+
+ checks.${system} = {
+ ssh-preseed = import ./tests/ssh-preseed.nix { inherit pkgs self; };
+ podman = import ./tests/podman.nix { inherit pkgs self; };
+ system-update = import ./tests/system-update.nix { inherit pkgs self; };
+ };
+
+ devShells.${system}.default = pkgs.mkShell {
+ buildInputs = with pkgs; [
+ erofs-utils
+ just
+ self.packages.${system}.qemu-uefi-tpm
+ squashfs-tools-ng
+ ];
+ };
+
+ };
}
diff --git a/justfile b/justfile
index 8f3d12b..dfb84a2 100644
--- a/justfile
+++ b/justfile
@@ -13,11 +13,7 @@ build: build-image
# Build PatOS image
build-image:
- nix build .#patos_image
-
-# Build PatOS update image
-build-update:
- nix build .#patos_update
+ nix build .#patos
run: build-image
- qemu-efi -snapshot ./result/disk.qcow2
+ qemu-uefi-tpm ./result/*.img
diff --git a/modules/config/minimal-modules.nix b/modules/config/minimal-modules.nix
new file mode 100644
index 0000000..45bdb1f
--- /dev/null
+++ b/modules/config/minimal-modules.nix
@@ -0,0 +1,15 @@
+{ config, ... }:
+{
+ boot = {
+ bootspec.enable = false;
+ initrd.kernelModules = config.boot.kernelModules;
+ kernel.enable = false; # No kernel or modules in the rootfs
+ modprobeConfig.enable = false;
+ };
+
+ system.build = {
+ inherit (config.boot.kernelPackages) kernel;
+ };
+
+ system.modulesTree = [ config.boot.kernelPackages.kernel ] ++ config.boot.extraModulePackages;
+}
diff --git a/modules/config/minimal-system.nix b/modules/config/minimal-system.nix
new file mode 100644
index 0000000..e77476b
--- /dev/null
+++ b/modules/config/minimal-system.nix
@@ -0,0 +1,26 @@
+{ ... }:
+{
+
+ nixpkgs.overlays = [
+ (final: prev: {
+
+ composefs = final.callPackage ../../pkgs/composefs.nix { inherit prev; };
+ qemu_tiny = final.callPackage ../../pkgs/qemu.nix { inherit prev; };
+ systemdUkify = final.callPackage ../../pkgs/systemd-ukify.nix { inherit prev; };
+
+ # # FIXME: Revisit + refine these below in a future image minimization effort
+ #
+ # util-linux = prev.util-linux.override {
+ # ncursesSupport = false;
+ # nlsSupport = false;
+ # };
+ #
+ # dbus = prev.dbus.override {
+ # enableSystemd = false;
+ # x11Support = false;
+ # };
+
+ })
+ ];
+
+}
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..0a1a5e0
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./config/minimal-modules.nix
+ ./config/minimal-system.nix
+ ];
+}
diff --git a/modules/filesystems.nix b/modules/filesystems.nix
deleted file mode 100644
index 01753be..0000000
--- a/modules/filesystems.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, ... }: {
-
- zramSwap = {
- enable = true;
- algorithm = "zstd";
- memoryPercent = 20;
- };
-
- fileSystems = {
- "/" = {
- fsType = "tmpfs";
- options = [
- "size=20%"
- ];
- };
-
- "/var" =
- let
- partConf = config.image.repart.partitions."var".repartConfig;
- in
- {
- device = "/dev/disk/by-partuuid/${partConf.UUID}";
- fsType = partConf.Format;
- };
-
- "/boot" =
- let
- partConf = config.image.repart.partitions."esp".repartConfig;
- in
- {
- device = "/dev/disk/by-partuuid/${partConf.UUID}";
- fsType = partConf.Format;
- };
-
- "/nix/store" =
- let
- partConf = config.image.repart.partitions."store".repartConfig;
- in
- {
- device = "/dev/disk/by-partlabel/${partConf.Label}";
- fsType = partConf.Format;
- };
- };
-}
diff --git a/modules/generic.nix b/modules/generic.nix
deleted file mode 100644
index 2214f00..0000000
--- a/modules/generic.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{
- pkgs,
- config,
- lib,
- ...
-}:
-{
-
- boot = {
- enableContainers = false;
- initrd.systemd.enable = true;
- initrd.compressor = "zstd";
-
- # FIXME: Add debug/devel option to switch default kernel params
- kernelParams = [
- # "quiet"
- "console=tty1"
- "console=ttyS0,38400"
- "systemd.log_level=info"
- "systemd.log_target=console"
- ];
- loader.efi.canTouchEfiVariables = true;
- loader.grub.enable = false;
- loader.systemd-boot.enable = true;
- uki.name = "patos";
- };
-
- system.image.version = "0.0.1"; # FIXME: Use epoch version.
-
- system.nixos = {
- codeName = "Finn";
- distroId = "patos";
- distroName = "PatOS";
- release = "2024-09";
- };
-
- system.switch.enable = false;
-
- # Make the current system version visible in the prompt.
- programs.bash.promptInit = ''
- export PS1="\u@\h (version ${config.system.image.version}) \w $ "
- '';
-
- # Not compatible with system.etc.overlay.enable yet.
- # users.mutableUsers = false;
-
- services.getty.autologinUser = "root";
-
- # Temporary files
- boot.tmp.cleanOnBoot = true;
- boot.tmp.useTmpfs = true;
- systemd.services.nix-daemon = {
- environment.TMPDIR = "/var/tmp";
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=10M
- '';
-
- services.fstrim.enable = true;
-
- # Debugging
- environment.systemPackages = with pkgs; [
- (runCommand "systemd-sysupdate" { } ''
- mkdir -p $out/bin
- ln -s ${config.systemd.package}/lib/systemd/systemd-sysupdate $out/bin
- '')
- ];
-
- system.stateVersion = "24.11";
-}
diff --git a/modules/image/disk/:w b/modules/image/disk/:w
new file mode 100644
index 0000000..2862e18
--- /dev/null
+++ b/modules/image/disk/:w
@@ -0,0 +1,128 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+
+ imports = [
+ ./updater.nix
+ ./ssh.nix
+ ./builder.nix
+ ./veritysetup.nix
+ ];
+
+ system.build.updatePackage = pkgs.runCommand "update-package" { } ''
+ mkdir "$out"
+ cd "$out"
+ cp "${config.system.build.image}"/* .
+ ${pkgs.coreutils}/bin/sha256sum * > SHA256SUMS
+ '';
+
+ boot.initrd.systemd.enable = true;
+
+ boot.initrd.systemd.repart.enable = true;
+ systemd.repart.partitions = {
+ "10-esp" = {
+ Type = "esp";
+ Format = "vfat";
+ SizeMinBytes = "96M";
+ SizeMaxBytes = "96M";
+ };
+ "20-root-verity-a" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ };
+ "22-root-a" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ };
+ "30-root-verity-b" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "32-root-b" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "40-home" = {
+ Type = "home";
+ Format = "btrfs";
+ SizeMinBytes = "512M";
+ Encrypt = "tpm2";
+ };
+ };
+
+ boot.initrd.compressor = "zstd";
+ boot.initrd.compressorArgs = [ "-8" ];
+
+ boot.loader.grub.enable = false;
+
+ boot.initrd.luks.forceLuksSupportInInitrd = true;
+ boot.initrd.kernelModules = [
+ "dm_mod"
+ "dm_crypt"
+ ] ++ config.boot.initrd.luks.cryptoModules;
+
+ boot.initrd.supportedFilesystems = {
+ btrfs = true;
+ erofs = true;
+ };
+
+ system.etc.overlay.mutable = false;
+ users.mutableUsers = false;
+
+ boot.initrd.systemd.services.systemd-repart.after = lib.mkForce [ "sysroot.mount" ];
+ boot.initrd.systemd.services.systemd-repart.requires = [ "sysroot.mount" ];
+
+ boot.kernelParams = [
+ "rootfstype=erofs"
+ "rootflags=ro"
+ "roothash=${config.system.build.verityRootHash}"
+ ];
+
+ fileSystems."/var" = {
+ fsType = "tmpfs";
+ options = [ "mode=0755" ];
+ };
+
+ # Required to mount the efi partition
+ boot.kernelModules = [
+ "vfat"
+ "nls_cp437"
+ "nls_iso8859-1"
+ ];
+
+ # Store SSH host keys on /home since /etc is read-only
+ services.openssh.hostKeys = [
+ {
+ path = "/home/.ssh/ssh_host_ed25519_key";
+ type = "ed25519";
+ }
+ ];
+
+ environment.etc."machine-id" = {
+ text = "";
+ mode = "0755";
+ };
+
+ boot.initrd.systemd.services.systemd-repart.serviceConfig.Environment = [
+ "SYSTEMD_REPART_MKFS_OPTIONS_BTRFS=--nodiscard"
+ ];
+
+ # Refuse to boot on mount failure
+ systemd.targets."sysinit".requires = [ "local-fs.target" ];
+
+ # Make sure home gets mounted
+ systemd.targets."local-fs".requires = [ "home.mount" ];
+
+}
diff --git a/modules/image/disk/builder.nix b/modules/image/disk/builder.nix
new file mode 100644
index 0000000..280b30e
--- /dev/null
+++ b/modules/image/disk/builder.nix
@@ -0,0 +1,161 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ inherit (pkgs.stdenv.hostPlatform) efiArch;
+
+ initialPartitions = {
+ "10-root" = {
+ storePaths = [ config.system.build.toplevel ];
+ repartConfig = {
+ Type = "root";
+ Minimize = "best";
+ Format = "erofs";
+ MakeDirectories = "/home /root /etc /dev /sys /bin /var /proc /run /usr /srv /tmp /mnt /lib /efi";
+ Verity = "data";
+ VerityMatchKey = "root";
+ SplitName = "root";
+ };
+ };
+
+ "20-root-verity" = {
+ repartConfig = {
+ Type = "root-verity";
+ Minimize = "best";
+ Verity = "hash";
+ VerityMatchKey = "root";
+ SplitName = "verity";
+ };
+ };
+ };
+
+ # TODO: We don't need a combined image here - add dry-run flag to repart invocation
+ verityRepart = import (pkgs.path + "/nixos/lib/eval-config.nix") {
+ inherit lib pkgs;
+ system = null;
+ modules = [
+ (
+ { modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/image/repart.nix") ];
+ image.repart = {
+ name = "verity";
+ split = true;
+ mkfsOptions.erofs = [
+ "-zlz4hc,level=12"
+ "-Efragments,dedupe,ztailpacking"
+ ];
+ partitions = initialPartitions;
+ };
+ }
+ )
+ ];
+ };
+
+ rootPart = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.root.raw";
+ verityPart = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.verity.raw";
+
+ verityImgAttrs = builtins.fromJSON (
+ builtins.readFile "${verityRepart.config.system.build.image}/repart-output.json"
+ );
+ rootAttrs = builtins.elemAt verityImgAttrs 0;
+ verityAttrs = builtins.elemAt verityImgAttrs 1;
+
+ rootUuid = rootAttrs.uuid;
+ verityUuid = verityAttrs.uuid;
+ verityRootHash = rootAttrs.roothash;
+
+ finalPartitions = {
+ "10-esp" = {
+ contents = {
+ "/EFI/BOOT/BOOT${lib.toUpper efiArch}.EFI".source = "${pkgs.systemdUkify}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
+ "/EFI/Linux/${config.system.boot.loader.ukiFile}".source = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
+ "/default-ssh-authorized-keys.txt" = lib.mkIf config.system.image.sshKeys.enable {
+ source = pkgs.writeText "ssh-keys" (lib.concatStringsSep "\n" config.system.image.sshKeys.keys);
+ };
+ };
+ repartConfig = {
+ Type = "esp";
+ Format = "vfat";
+ SizeMinBytes = "96M";
+ SizeMaxBytes = "96M";
+ SplitName = "-";
+ };
+ };
+ "20-root-verity-a" = {
+ repartConfig = {
+ Type = "root-verity";
+ Label = "verity-${config.system.image.version}";
+ CopyBlocks = "${verityPart}";
+ SplitName = "-";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ UUID = "${verityUuid}";
+ ReadOnly = 1;
+ };
+ };
+ # TODO: Add signature partition for systemd-nspawn
+ "22-root-a" = {
+ repartConfig = {
+ Type = "root";
+ Label = "root-${config.system.image.version}";
+ CopyBlocks = "${rootPart}";
+ SplitName = "-";
+ UUID = "${rootUuid}";
+ ReadOnly = 1;
+ };
+ };
+ };
+
+ finalRepart = import (pkgs.path + "/nixos/lib/eval-config.nix") {
+ inherit lib pkgs;
+ system = null;
+ modules = [
+ (
+ { modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/image/repart.nix") ];
+ image.repart = {
+ name = "${config.system.image.id}";
+ partitions = finalPartitions;
+ };
+ }
+ )
+ ];
+ };
+
+in
+{
+
+ config.system.build = {
+ inherit verityRootHash;
+
+ image =
+ (pkgs.linkFarm "image-release" [
+ {
+ name = "${config.system.image.id}_${config.system.image.version}.efi";
+ path = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
+ }
+ {
+ name = "${config.system.image.id}_${config.system.image.version}_${verityUuid}.verity";
+ path = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.verity.raw";
+ }
+ {
+ name = "${config.system.image.id}_${config.system.image.version}_${rootUuid}.root";
+ path = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.root.raw";
+ }
+ {
+ name = "${config.system.image.id}_${config.system.image.version}.img";
+ path = "${finalRepart.config.system.build.image}/${finalRepart.config.image.repart.imageFileBasename}.raw";
+ }
+ ])
+ // {
+ imageFile = "${config.system.image.id}_${config.system.image.version}.img";
+ };
+
+ };
+
+}
diff --git a/modules/image/disk/default.nix b/modules/image/disk/default.nix
new file mode 100644
index 0000000..2862e18
--- /dev/null
+++ b/modules/image/disk/default.nix
@@ -0,0 +1,128 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+
+ imports = [
+ ./updater.nix
+ ./ssh.nix
+ ./builder.nix
+ ./veritysetup.nix
+ ];
+
+ system.build.updatePackage = pkgs.runCommand "update-package" { } ''
+ mkdir "$out"
+ cd "$out"
+ cp "${config.system.build.image}"/* .
+ ${pkgs.coreutils}/bin/sha256sum * > SHA256SUMS
+ '';
+
+ boot.initrd.systemd.enable = true;
+
+ boot.initrd.systemd.repart.enable = true;
+ systemd.repart.partitions = {
+ "10-esp" = {
+ Type = "esp";
+ Format = "vfat";
+ SizeMinBytes = "96M";
+ SizeMaxBytes = "96M";
+ };
+ "20-root-verity-a" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ };
+ "22-root-a" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ };
+ "30-root-verity-b" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "32-root-b" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "40-home" = {
+ Type = "home";
+ Format = "btrfs";
+ SizeMinBytes = "512M";
+ Encrypt = "tpm2";
+ };
+ };
+
+ boot.initrd.compressor = "zstd";
+ boot.initrd.compressorArgs = [ "-8" ];
+
+ boot.loader.grub.enable = false;
+
+ boot.initrd.luks.forceLuksSupportInInitrd = true;
+ boot.initrd.kernelModules = [
+ "dm_mod"
+ "dm_crypt"
+ ] ++ config.boot.initrd.luks.cryptoModules;
+
+ boot.initrd.supportedFilesystems = {
+ btrfs = true;
+ erofs = true;
+ };
+
+ system.etc.overlay.mutable = false;
+ users.mutableUsers = false;
+
+ boot.initrd.systemd.services.systemd-repart.after = lib.mkForce [ "sysroot.mount" ];
+ boot.initrd.systemd.services.systemd-repart.requires = [ "sysroot.mount" ];
+
+ boot.kernelParams = [
+ "rootfstype=erofs"
+ "rootflags=ro"
+ "roothash=${config.system.build.verityRootHash}"
+ ];
+
+ fileSystems."/var" = {
+ fsType = "tmpfs";
+ options = [ "mode=0755" ];
+ };
+
+ # Required to mount the efi partition
+ boot.kernelModules = [
+ "vfat"
+ "nls_cp437"
+ "nls_iso8859-1"
+ ];
+
+ # Store SSH host keys on /home since /etc is read-only
+ services.openssh.hostKeys = [
+ {
+ path = "/home/.ssh/ssh_host_ed25519_key";
+ type = "ed25519";
+ }
+ ];
+
+ environment.etc."machine-id" = {
+ text = "";
+ mode = "0755";
+ };
+
+ boot.initrd.systemd.services.systemd-repart.serviceConfig.Environment = [
+ "SYSTEMD_REPART_MKFS_OPTIONS_BTRFS=--nodiscard"
+ ];
+
+ # Refuse to boot on mount failure
+ systemd.targets."sysinit".requires = [ "local-fs.target" ];
+
+ # Make sure home gets mounted
+ systemd.targets."local-fs".requires = [ "home.mount" ];
+
+}
diff --git a/modules/image/disk/ssh.nix b/modules/image/disk/ssh.nix
new file mode 100644
index 0000000..3f6b3c4
--- /dev/null
+++ b/modules/image/disk/ssh.nix
@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+{
+ options.system.image.sshKeys = {
+ enable = lib.mkEnableOption "provisioning of default SSH keys from ESP";
+ keys = lib.mkOption {
+ type = lib.types.listOf lib.types.singleLineStr;
+ default = [ ];
+ };
+ };
+
+ config = lib.mkIf config.system.image.sshKeys.enable {
+
+ assertions = [
+ {
+ assertion = config.services.openssh.enable;
+ message = "OpenSSH must be enabled to preseed authorized keys";
+ }
+ ];
+
+ systemd.services."default-ssh-keys" = {
+ script = ''
+ mkdir -p /home/admin/.ssh/
+ cat /efi/default-ssh-authorized-keys.txt >> /home/admin/.ssh/authorized_keys
+ '';
+ wantedBy = [
+ "sshd.service"
+ "sshd.socket"
+ ];
+ unitConfig = {
+ ConditionPathExists = [
+ "/home/admin"
+ "!/home/admin/.ssh/authorized_keys"
+ "/efi/default-ssh-authorized-keys.txt"
+ ];
+ };
+ };
+
+ };
+
+}
diff --git a/modules/image/disk/updater.nix b/modules/image/disk/updater.nix
new file mode 100644
index 0000000..adce617
--- /dev/null
+++ b/modules/image/disk/updater.nix
@@ -0,0 +1,86 @@
+{ config, lib, ... }: {
+
+ options.system.image.updates = {
+ enable = lib.mkEnableOption "system updates via systemd-sysupdate" // {
+ default = config.system.image.updates.url != null;
+ };
+ url = lib.mkOption {
+ type = lib.types.nullOr lib.types.str;
+ default = null;
+ };
+ };
+
+ config = lib.mkIf config.system.image.updates.enable {
+
+ assertions = [
+ { assertion = config.system.image.updates.url != null; }
+ ];
+
+ systemd.sysupdate.enable = true;
+ systemd.sysupdate.reboot.enable = lib.mkDefault true;
+
+ systemd.sysupdate.transfers = {
+ "10-uki" = {
+ Transfer = {
+ Verify = "no";
+ };
+ Source = {
+ Type = "url-file";
+ Path = "${config.system.image.updates.url}";
+ MatchPattern = "${config.boot.uki.name}_@v.efi";
+ };
+ Target = {
+ Type = "regular-file";
+ Path = "/EFI/Linux";
+ PathRelativeTo = "esp";
+ MatchPattern = "${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi";
+ Mode = "0444";
+ TriesLeft = 3;
+ TriesDone = 0;
+ InstancesMax = 2;
+ };
+ };
+ "20-root-verity" = {
+ Transfer = {
+ Verify = "no";
+ };
+ Source = {
+ Type = "url-file";
+ Path = "${config.system.image.updates.url}";
+ MatchPattern = "${config.system.image.id}_@v_@u.verity";
+ };
+ Target = {
+ Type = "partition";
+ Path = "auto";
+ MatchPattern = "verity-@v";
+ MatchPartitionType = "root-verity";
+ ReadOnly = 1;
+ };
+ };
+ "22-root" = {
+ Transfer = {
+ Verify = "no";
+ };
+ Source = {
+ Type = "url-file";
+ Path = "${config.system.image.updates.url}";
+ MatchPattern = "${config.system.image.id}_@v_@u.root";
+ };
+ Target = {
+ Type = "partition";
+ Path = "auto";
+ MatchPattern = "root-@v";
+ MatchPartitionType = "root";
+ ReadOnly = 1;
+ };
+ };
+ };
+
+ systemd.additionalUpstreamSystemUnits = [
+ "systemd-bless-boot.service"
+ "boot-complete.target"
+ ];
+
+ };
+
+}
diff --git a/modules/image/disk/veritysetup.nix b/modules/image/disk/veritysetup.nix
new file mode 100644
index 0000000..1505b45
--- /dev/null
+++ b/modules/image/disk/veritysetup.nix
@@ -0,0 +1,39 @@
+{ config, lib, ... }:
+{
+
+ options.boot.initrd.systemd.root = lib.mkOption {
+ type = lib.types.enum [
+ "fstab"
+ "gpt-auto"
+ ""
+ ];
+ };
+
+ config.boot.initrd = {
+
+ kernelModules = [
+ "dm_mod"
+ "dm_verity"
+ ];
+
+ systemd = {
+
+ # Required to activate systemd-fstab-generator
+ root = "";
+
+ additionalUpstreamUnits = [
+ "veritysetup-pre.target"
+ "veritysetup.target"
+ "remote-veritysetup.target"
+ ];
+
+ storePaths = [
+ "${config.boot.initrd.systemd.package}/lib/systemd/systemd-veritysetup"
+ "${config.boot.initrd.systemd.package}/lib/systemd/system-generators/systemd-veritysetup-generator"
+ ];
+
+ };
+
+ };
+
+}
diff --git a/modules/kernel/default.nix b/modules/kernel/default.nix
deleted file mode 100644
index f41ee79..0000000
--- a/modules/kernel/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-{
- boot.kernelPackages =
- let
- version = "6.11.2";
- in
- pkgs.linuxPackagesFor (
- pkgs.linuxManualConfig {
- version = "${version}-patos1";
- modDirVersion = version;
- src = pkgs.fetchurl {
- url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${version}.tar.xz";
- sha256 = "ec9ef7a0b9cebb55940e1ef87a1f9e1004b10456a119dc386bb3e565b0d39c42";
- };
- configfile = ./generic.config;
- allowImportFromDerivation = true;
- }
- );
-}
diff --git a/modules/kernel/generic.config b/modules/kernel/generic.config
deleted file mode 100644
index 2073cdf..0000000
--- a/modules/kernel/generic.config
+++ /dev/null
@@ -1,2521 +0,0 @@
-CONFIG_64BIT=y
-CONFIG_ACPI_AC=y
-CONFIG_ACPI_BATTERY=y
-CONFIG_ACPI_BUTTON=y
-CONFIG_ACPI_CONTAINER=y
-CONFIG_ACPI_CPPC_LIB=y
-CONFIG_ACPI_CPU_FREQ_PSS=y
-CONFIG_ACPI_FAN=y
-CONFIG_ACPI_HOTPLUG_CPU=y
-CONFIG_ACPI_HOTPLUG_IOAPIC=y
-CONFIG_ACPI_I2C_OPREGION=y
-CONFIG_ACPI_IPMI=y
-CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
-CONFIG_ACPI_LPIT=y
-CONFIG_ACPI_MDIO=y
-CONFIG_ACPI_NUMA=y
-CONFIG_ACPI_PCC=y
-CONFIG_ACPI_PRMT=y
-CONFIG_ACPI_PROCESSOR_CSTATE=y
-CONFIG_ACPI_PROCESSOR_IDLE=y
-CONFIG_ACPI_PROCESSOR=y
-CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
-CONFIG_ACPI_SLEEP=y
-CONFIG_ACPI_SPCR_TABLE=y
-CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
-CONFIG_ACPI_TABLE_UPGRADE=y
-CONFIG_ACPI_THERMAL=y
-CONFIG_ACPI_VIDEO=y
-CONFIG_ACPI_WATCHDOG=y
-CONFIG_ACPI_WMI=y
-CONFIG_ACPI=y
-CONFIG_ADDRESS_MASKING=y
-CONFIG_ADVISE_SYSCALLS=y
-CONFIG_AF_UNIX_OOB=y
-CONFIG_AIO=y
-CONFIG_ALLOW_DEV_COREDUMP=y
-CONFIG_ALX=m
-CONFIG_AMD_IOMMU_V2=y
-CONFIG_AMD_IOMMU=y
-CONFIG_AMD_NB=y
-CONFIG_AMD_NUMA=y
-CONFIG_AMD_PMC=m
-CONFIG_APERTURE_HELPERS=y
-CONFIG_AQTION=m
-CONFIG_ARCH_CLOCKSOURCE_INIT=y
-CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y
-CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y
-CONFIG_ARCH_CPUIDLE_HALTPOLL=y
-CONFIG_ARCH_DMA_ADDR_T_64BIT=y
-CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y
-CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
-CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
-CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y
-CONFIG_ARCH_HAS_ADD_PAGES=y
-CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
-CONFIG_ARCH_HAS_COPY_MC=y
-CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y
-CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y
-CONFIG_ARCH_HAS_CPU_RELAX=y
-CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y
-CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
-CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y
-CONFIG_ARCH_HAS_DEBUG_WX=y
-CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
-CONFIG_ARCH_HAS_ELFCORE_COMPAT=y
-CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
-CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
-CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
-CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
-CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
-CONFIG_ARCH_HAS_KCOV=y
-CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
-CONFIG_ARCH_HAS_MEM_ENCRYPT=y
-CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y
-CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y
-CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y
-CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y
-CONFIG_ARCH_HAS_PKEYS=y
-CONFIG_ARCH_HAS_PMEM_API=y
-CONFIG_ARCH_HAS_PTE_DEVMAP=y
-CONFIG_ARCH_HAS_PTE_SPECIAL=y
-CONFIG_ARCH_HAS_SET_DIRECT_MAP=y
-CONFIG_ARCH_HAS_SET_MEMORY=y
-CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
-CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
-CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y
-CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y
-CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
-CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
-CONFIG_ARCH_HAS_ZONE_DMA_SET=y
-CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
-CONFIG_ARCH_HIBERNATION_POSSIBLE=y
-CONFIG_ARCH_MAY_HAVE_PC_FDC=y
-CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y
-CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
-CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
-CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
-CONFIG_ARCH_MMAP_RND_BITS=28
-CONFIG_ARCH_MMAP_RND_BITS_MAX=32
-CONFIG_ARCH_MMAP_RND_BITS_MIN=28
-CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8
-CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
-CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
-CONFIG_ARCH_SELECTS_KEXEC_FILE=y
-CONFIG_ARCH_SPARSEMEM_DEFAULT=y
-CONFIG_ARCH_SPARSEMEM_ENABLE=y
-CONFIG_ARCH_STACKWALK=y
-CONFIG_ARCH_SUPPORTS_ACPI=y
-CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
-CONFIG_ARCH_SUPPORTS_CFI_CLANG=y
-CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y
-CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y
-CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
-CONFIG_ARCH_SUPPORTS_INT128=y
-CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y
-CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y
-CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y
-CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y
-CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y
-CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y
-CONFIG_ARCH_SUPPORTS_KEXEC=y
-CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
-CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y
-CONFIG_ARCH_SUPPORTS_LTO_CLANG=y
-CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
-CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
-CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y
-CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y
-CONFIG_ARCH_SUPPORTS_UPROBES=y
-CONFIG_ARCH_SUSPEND_POSSIBLE=y
-CONFIG_ARCH_USE_BUILTIN_BSWAP=y
-CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
-CONFIG_ARCH_USE_MEMREMAP_PROT=y
-CONFIG_ARCH_USE_MEMTEST=y
-CONFIG_ARCH_USE_QUEUED_RWLOCKS=y
-CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y
-CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
-CONFIG_ARCH_USES_PG_UNCACHED=y
-CONFIG_ARCH_USE_SYM_ANNOTATIONS=y
-CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
-CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
-CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
-CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
-CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
-CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y
-CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
-CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y
-CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y
-CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
-CONFIG_ARCH_WANTS_NO_INSTR=y
-CONFIG_ARCH_WANTS_THP_SWAP=y
-CONFIG_AS_AVX512=y
-CONFIG_AS_GFNI=y
-CONFIG_AS_HAS_NON_CONST_LEB128=y
-CONFIG_AS_IS_GNU=y
-CONFIG_ASM_MODVERSIONS=y
-CONFIG_ASN1=y
-CONFIG_AS_SHA1_NI=y
-CONFIG_AS_SHA256_NI=y
-CONFIG_ASSOCIATIVE_ARRAY=y
-CONFIG_AS_TPAUSE=y
-CONFIG_AS_VERSION=24200
-CONFIG_AS_WRUSS=y
-CONFIG_ASYMMETRIC_KEY_TYPE=y
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
-CONFIG_ASYNC_CORE=m
-CONFIG_ASYNC_MEMCPY=m
-CONFIG_ASYNC_PQ=m
-CONFIG_ASYNC_RAID6_RECOV=m
-CONFIG_ASYNC_XOR=m
-CONFIG_ATA_ACPI=y
-CONFIG_ATA_BMDMA=y
-CONFIG_ATA_FORCE=y
-CONFIG_ATA_PIIX=y
-CONFIG_ATA_SFF=y
-CONFIG_ATA_VERBOSE_ERROR=y
-CONFIG_ATA=y
-CONFIG_ATM_DRIVERS=y
-CONFIG_ATM=y
-CONFIG_AUDIT_ARCH=y
-CONFIG_AUDITSYSCALL=y
-CONFIG_AUDIT=y
-CONFIG_AUTOFS_FS=y
-CONFIG_AUXILIARY_BUS=y
-CONFIG_AX88796B_PHY=m
-CONFIG_BACKLIGHT_CLASS_DEVICE=y
-CONFIG_BALLOON_COMPACTION=y
-CONFIG_BASE_FULL=y
-CONFIG_BASE_SMALL=0
-CONFIG_BCMA_POSSIBLE=y
-CONFIG_BE2NET_BE2=y
-CONFIG_BE2NET_BE3=y
-CONFIG_BE2NET_HWMON=y
-CONFIG_BE2NET_LANCER=y
-CONFIG_BE2NET=m
-CONFIG_BE2NET_SKYHAWK=y
-CONFIG_BFQ_GROUP_IOSCHED=y
-CONFIG_BINARY_PRINTF=y
-CONFIG_BINFMT_ELF=y
-CONFIG_BINFMT_MISC=m
-CONFIG_BINFMT_SCRIPT=y
-CONFIG_BITREVERSE=y
-CONFIG_BLK_CGROUP_PUNT_BIO=y
-CONFIG_BLK_CGROUP_RWSTAT=y
-CONFIG_BLK_CGROUP=y
-CONFIG_BLK_DEBUG_FS=y
-CONFIG_BLK_DEV_BSG_COMMON=y
-CONFIG_BLK_DEV_BSGLIB=y
-CONFIG_BLK_DEV_BSG=y
-CONFIG_BLK_DEV_DM_BUILTIN=y
-CONFIG_BLK_DEV_DM=y
-CONFIG_BLK_DEV_INITRD=y
-CONFIG_BLK_DEV_IO_TRACE=y
-CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
-CONFIG_BLK_DEV_LOOP=y
-CONFIG_BLK_DEV_MD=y
-CONFIG_BLK_DEV_NBD=m
-CONFIG_BLK_DEV_NVME=m
-CONFIG_BLK_DEV_RBD=y
-CONFIG_BLK_DEV_SD=y
-CONFIG_BLK_DEV_SR=y
-CONFIG_BLK_DEV_THROTTLING=y
-CONFIG_BLK_DEV=y
-CONFIG_BLK_ICQ=y
-CONFIG_BLK_MQ_PCI=y
-CONFIG_BLK_MQ_STACKING=y
-CONFIG_BLK_MQ_VIRTIO=y
-CONFIG_BLK_PM=y
-CONFIG_BLOCK_HOLDER_DEPRECATED=y
-CONFIG_BLOCK_LEGACY_AUTOLOAD=y
-CONFIG_BLOCK=y
-CONFIG_BNX2=m
-CONFIG_BNX2X=m
-CONFIG_BNX2X_SRIOV=y
-CONFIG_BNXT_FLOWER_OFFLOAD=y
-CONFIG_BNXT_HWMON=y
-CONFIG_BNXT=m
-CONFIG_BNXT_SRIOV=y
-CONFIG_BONDING=y
-CONFIG_BOOT_VESA_SUPPORT=y
-CONFIG_BPF_EVENTS=y
-CONFIG_BPF_JIT_ALWAYS_ON=y
-CONFIG_BPF_JIT_DEFAULT_ON=y
-CONFIG_BPF_JIT=y
-CONFIG_BPF_LSM=y
-CONFIG_BPF_STREAM_PARSER=y
-CONFIG_BPF_SYSCALL=y
-CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
-CONFIG_BPF=y
-CONFIG_BQL=y
-CONFIG_BRANCH_PROFILE_NONE=y
-CONFIG_BRIDGE_EBT_802_3=y
-CONFIG_BRIDGE_EBT_AMONG=y
-CONFIG_BRIDGE_EBT_ARPREPLY=y
-CONFIG_BRIDGE_EBT_ARP=y
-CONFIG_BRIDGE_EBT_BROUTE=y
-CONFIG_BRIDGE_EBT_DNAT=y
-CONFIG_BRIDGE_EBT_IP6=y
-CONFIG_BRIDGE_EBT_IP=y
-CONFIG_BRIDGE_EBT_LIMIT=y
-CONFIG_BRIDGE_EBT_LOG=y
-CONFIG_BRIDGE_EBT_MARK_T=y
-CONFIG_BRIDGE_EBT_MARK=y
-CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BRIDGE_EBT_PKTTYPE=y
-CONFIG_BRIDGE_EBT_REDIRECT=y
-CONFIG_BRIDGE_EBT_SNAT=y
-CONFIG_BRIDGE_EBT_STP=y
-CONFIG_BRIDGE_EBT_T_FILTER=y
-CONFIG_BRIDGE_EBT_T_NAT=y
-CONFIG_BRIDGE_EBT_VLAN=y
-CONFIG_BRIDGE_IGMP_SNOOPING=y
-CONFIG_BRIDGE_NETFILTER=y
-CONFIG_BRIDGE_NF_EBTABLES=y
-CONFIG_BRIDGE_VLAN_FILTERING=y
-CONFIG_BRIDGE=y
-CONFIG_BSD_DISKLABEL=y
-CONFIG_BSD_PROCESS_ACCT=y
-CONFIG_BTRFS_FS=m
-CONFIG_BTRFS_FS_POSIX_ACL=y
-CONFIG_BUFFER_HEAD=y
-CONFIG_BUG_ON_DATA_CORRUPTION=y
-CONFIG_BUG=y
-CONFIG_BUILD_SALT=""
-CONFIG_BUILDTIME_MCOUNT_SORT=y
-CONFIG_BUILDTIME_TABLE_SORT=y
-CONFIG_CACHESTAT_SYSCALL=y
-CONFIG_CALL_DEPTH_TRACKING=y
-CONFIG_CALL_PADDING=y
-CONFIG_CALL_THUNKS=y
-CONFIG_CAVIUM_PTP=m
-CONFIG_CC10001_ADC=m
-CONFIG_CC_CAN_LINK=y
-CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
-CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
-CONFIG_CC_HAS_ASM_INLINE=y
-CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
-CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y
-CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y
-CONFIG_CC_HAS_ENTRY_PADDING=y
-CONFIG_CC_HAS_IBT=y
-CONFIG_CC_HAS_INT128=y
-CONFIG_CC_HAS_KASAN_GENERIC=y
-CONFIG_CC_HAS_NAMED_AS_FIXED_SANITIZERS=y
-CONFIG_CC_HAS_NAMED_AS=y
-CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
-CONFIG_CC_HAS_RETURN_THUNK=y
-CONFIG_CC_HAS_SANCOV_TRACE_PC=y
-CONFIG_CC_HAS_SANE_STACKPROTECTOR=y
-CONFIG_CC_HAS_SLS=y
-CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
-CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y
-CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
-CONFIG_CC_IS_GCC=y
-CONFIG_CC_NO_ARRAY_BOUNDS=y
-CONFIG_CC_NO_STRINGOP_OVERFLOW=y
-CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
-CONFIG_CCS811=m
-CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.3.0"
-CONFIG_CDROM=y
-CONFIG_CEPH_FS_POSIX_ACL=y
-CONFIG_CEPH_FS=y
-CONFIG_CEPH_LIB=y
-CONFIG_CFS_BANDWIDTH=y
-CONFIG_CGROUP_BPF=y
-CONFIG_CGROUP_CPUACCT=y
-CONFIG_CGROUP_DEVICE=y
-CONFIG_CGROUP_FREEZER=y
-CONFIG_CGROUP_HUGETLB=y
-CONFIG_CGROUP_MISC=y
-CONFIG_CGROUP_NET_CLASSID=y
-CONFIG_CGROUP_NET_PRIO=y
-CONFIG_CGROUP_PERF=y
-CONFIG_CGROUP_PIDS=y
-CONFIG_CGROUP_SCHED=y
-CONFIG_CGROUPS=y
-CONFIG_CGROUP_WRITEBACK=y
-CONFIG_CHECK_SIGNATURE=y
-CONFIG_CHELSIO_INLINE_CRYPTO=y
-CONFIG_CHELSIO_IPSEC_INLINE=m
-CONFIG_CHELSIO_T1=m
-CONFIG_CHELSIO_T3=m
-CONFIG_CHELSIO_T4=m
-CONFIG_CHELSIO_T4VF=m
-CONFIG_CHR_DEV_SG=y
-CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
-CONFIG_CIFS_DEBUG=y
-CONFIG_CIFS_DFS_UPCALL=y
-CONFIG_CIFS_UPCALL=y
-CONFIG_CIFS_XATTR=y
-CONFIG_CIFS=y
-CONFIG_CLANG_VERSION=0
-CONFIG_CLKBLD_I8253=y
-CONFIG_CLKEVT_I8253=y
-CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
-CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100
-CONFIG_CLOCKSOURCE_WATCHDOG=y
-CONFIG_CLZ_TAB=y
-CONFIG_COMMON_CLK=y
-CONFIG_COMPACTION=y
-CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1
-CONFIG_COMPAT_32BIT_TIME=y
-CONFIG_COMPAT_32=y
-CONFIG_COMPAT_BINFMT_ELF=y
-CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
-CONFIG_COMPAT_OLD_SIGACTION=y
-CONFIG_COMPAT=y
-CONFIG_CONFIGFS_FS=y
-CONFIG_CONNECTOR=y
-CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7
-CONFIG_CONSOLE_LOGLEVEL_QUIET=4
-CONFIG_CONSOLE_TRANSLATIONS=y
-CONFIG_CONTEXT_SWITCH_TRACER=y
-CONFIG_CONTEXT_TRACKING_IDLE=y
-CONFIG_CONTEXT_TRACKING=y
-CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
-CONFIG_COREDUMP=y
-CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL=y
-CONFIG_CPU_FREQ_GOV_ATTR_SET=y
-CONFIG_CPU_FREQ_GOV_COMMON=y
-CONFIG_CPU_FREQ_GOV_ONDEMAND=y
-CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
-CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y
-CONFIG_CPU_FREQ_GOV_USERSPACE=y
-CONFIG_CPU_FREQ=y
-CONFIG_CPU_IBPB_ENTRY=y
-CONFIG_CPU_IBRS_ENTRY=y
-CONFIG_CPU_IDLE_GOV_HALTPOLL=y
-CONFIG_CPU_IDLE_GOV_MENU=y
-CONFIG_CPU_IDLE=y
-CONFIG_CPU_ISOLATION=y
-CONFIG_CPU_MITIGATIONS=y
-CONFIG_CPU_RMAP=y
-CONFIG_CPUSETS=y
-CONFIG_CPU_SRSO=y
-CONFIG_CPU_SUP_AMD=y
-CONFIG_CPU_SUP_CENTAUR=y
-CONFIG_CPU_SUP_HYGON=y
-CONFIG_CPU_SUP_INTEL=y
-CONFIG_CPU_SUP_ZHAOXIN=y
-CONFIG_CPU_UNRET_ENTRY=y
-CONFIG_CRASH_CORE=y
-CONFIG_CRASH_DUMP=y
-CONFIG_CRASH_HOTPLUG=y
-CONFIG_CRASH_MAX_MEMORY_RANGES=8192
-CONFIG_CRC16=y
-CONFIG_CRC32_SLICEBY8=y
-CONFIG_CRC32=y
-CONFIG_CRC8=y
-CONFIG_CRC_CCITT=y
-CONFIG_CRC_ITU_T=y
-CONFIG_CROSS_MEMORY_ATTACH=y
-CONFIG_CRYPTO_ACOMP2=y
-CONFIG_CRYPTO_ADIANTUM=y
-CONFIG_CRYPTO_AEAD2=y
-CONFIG_CRYPTO_AEAD=y
-CONFIG_CRYPTO_AES_NI_INTEL=y
-CONFIG_CRYPTO_AES=y
-CONFIG_CRYPTO_AKCIPHER2=y
-CONFIG_CRYPTO_AKCIPHER=y
-CONFIG_CRYPTO_ALGAPI2=y
-CONFIG_CRYPTO_ALGAPI=y
-CONFIG_CRYPTO_ARC4=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
-CONFIG_CRYPTO_AUTHENC=y
-CONFIG_CRYPTO_BLAKE2B=m
-CONFIG_CRYPTO_BLAKE2S_X86=y
-CONFIG_CRYPTO_CBC=y
-CONFIG_CRYPTO_CCM=y
-CONFIG_CRYPTO_CHACHA20_X86_64=y
-CONFIG_CRYPTO_CHACHA20=y
-CONFIG_CRYPTO_CMAC=y
-CONFIG_CRYPTO_CRC32C=y
-CONFIG_CRYPTO_CRC32C_INTEL=y
-CONFIG_CRYPTO_CRC32=y
-CONFIG_CRYPTO_CRYPTD=y
-CONFIG_CRYPTO_CTR=y
-CONFIG_CRYPTO_CURVE25519_X86=y
-CONFIG_CRYPTO_DEFLATE=y
-CONFIG_CRYPTO_DES=y
-CONFIG_CRYPTO_DEV_VIRTIO=y
-CONFIG_CRYPTO_DH_RFC7919_GROUPS=y
-CONFIG_CRYPTO_DH=y
-CONFIG_CRYPTO_DRBG_HMAC=y
-CONFIG_CRYPTO_DRBG_MENU=y
-CONFIG_CRYPTO_DRBG=y
-CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_ECHAINIV=y
-CONFIG_CRYPTO_ENGINE=y
-CONFIG_CRYPTO_ESSIV=y
-CONFIG_CRYPTO_GCM=y
-CONFIG_CRYPTO_GENIV=y
-CONFIG_CRYPTO_GHASH=y
-CONFIG_CRYPTO_HASH2=y
-CONFIG_CRYPTO_HASH_INFO=y
-CONFIG_CRYPTO_HASH=y
-CONFIG_CRYPTO_HMAC=y
-CONFIG_CRYPTO_HW=y
-CONFIG_CRYPTO_JITTERENTROPY=y
-CONFIG_CRYPTO_KPP2=y
-CONFIG_CRYPTO_KPP=y
-CONFIG_CRYPTO_LIB_AES=y
-CONFIG_CRYPTO_LIB_ARC4=y
-CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y
-CONFIG_CRYPTO_LIB_CHACHA20POLY1305=y
-CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y
-CONFIG_CRYPTO_LIB_CHACHA=y
-CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y
-CONFIG_CRYPTO_LIB_CURVE25519=y
-CONFIG_CRYPTO_LIB_DES=y
-CONFIG_CRYPTO_LIB_GF128MUL=y
-CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
-CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
-CONFIG_CRYPTO_LIB_POLY1305=y
-CONFIG_CRYPTO_LIB_SHA1=y
-CONFIG_CRYPTO_LIB_SHA256=y
-CONFIG_CRYPTO_LIB_UTILS=y
-CONFIG_CRYPTO_LZO=y
-CONFIG_CRYPTO_MANAGER2=y
-CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
-CONFIG_CRYPTO_MANAGER=y
-CONFIG_CRYPTO_MD4=y
-CONFIG_CRYPTO_MD5=y
-CONFIG_CRYPTO_NHPOLY1305_AVX2=y
-CONFIG_CRYPTO_NHPOLY1305_SSE2=y
-CONFIG_CRYPTO_NHPOLY1305=y
-CONFIG_CRYPTO_NULL2=y
-CONFIG_CRYPTO_NULL=y
-CONFIG_CRYPTO_POLY1305_X86_64=y
-CONFIG_CRYPTO_RNG2=y
-CONFIG_CRYPTO_RNG_DEFAULT=y
-CONFIG_CRYPTO_RNG=y
-CONFIG_CRYPTO_RSA=y
-CONFIG_CRYPTO_SEQIV=y
-CONFIG_CRYPTO_SHA1=y
-CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA3=y
-CONFIG_CRYPTO_SHA512=y
-CONFIG_CRYPTO_SIG2=y
-CONFIG_CRYPTO_SIG=y
-CONFIG_CRYPTO_SIMD=y
-CONFIG_CRYPTO_SKCIPHER2=y
-CONFIG_CRYPTO_SKCIPHER=y
-CONFIG_CRYPTO_USER_API_AEAD=y
-CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
-CONFIG_CRYPTO_USER_API_HASH=y
-CONFIG_CRYPTO_USER_API_SKCIPHER=y
-CONFIG_CRYPTO_USER_API=y
-CONFIG_CRYPTO_XTS=y
-CONFIG_CRYPTO_XXHASH=m
-CONFIG_CRYPTO=y
-CONFIG_CRYPTO_ZSTD=m
-CONFIG_DAX=y
-CONFIG_DCACHE_WORD_ACCESS=y
-CONFIG_DCA=y
-CONFIG_DCB=y
-CONFIG_DEBUG_BOOT_PARAMS=y
-CONFIG_DEBUG_BUGVERBOSE=y
-CONFIG_DEBUG_ENTRY=y
-CONFIG_DEBUG_FS_ALLOW_ALL=y
-CONFIG_DEBUG_FS=y
-CONFIG_DEBUG_INFO_BTF_MODULES=y
-CONFIG_DEBUG_INFO_BTF=y
-CONFIG_DEBUG_INFO_COMPRESSED_NONE=y
-CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
-CONFIG_DEBUG_INFO=y
-CONFIG_DEBUG_KERNEL=y
-CONFIG_DEBUG_LIST=y
-CONFIG_DEBUG_MISC=y
-CONFIG_DEBUG_WX=y
-CONFIG_DECOMPRESS_BZIP2=y
-CONFIG_DECOMPRESS_GZIP=y
-CONFIG_DECOMPRESS_LZ4=y
-CONFIG_DECOMPRESS_LZMA=y
-CONFIG_DECOMPRESS_LZO=y
-CONFIG_DECOMPRESS_XZ=y
-CONFIG_DECOMPRESS_ZSTD=y
-CONFIG_DEFAULT_CUBIC=y
-CONFIG_DEFAULT_FQ_CODEL=y
-CONFIG_DEFAULT_HOSTNAME="(none)"
-CONFIG_DEFAULT_INIT=""
-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
-CONFIG_DEFAULT_NET_SCH="fq_codel"
-CONFIG_DEFAULT_PFIFO_FAST=y
-CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_DEFAULT_SECURITY_APPARMOR=y
-CONFIG_DEFAULT_TCP_CONG="cubic"
-CONFIG_DEVPORT=y
-CONFIG_DEVTMPFS=y
-CONFIG_DEVTMPFS_MOUNT=y
-CONFIG_DIMLIB=y
-CONFIG_DMA_ACPI=y
-CONFIG_DMADEVICES=y
-CONFIG_DMA_ENGINE_RAID=y
-CONFIG_DMA_ENGINE=y
-CONFIG_DMA_OPS=y
-CONFIG_DMAR_TABLE=y
-CONFIG_DMA_SHARED_BUFFER=y
-CONFIG_DM_AUDIT=y
-CONFIG_DMA_VIRTUAL_CHANNELS=y
-CONFIG_DM_BIO_PRISON=m
-CONFIG_DM_BUFIO=y
-CONFIG_DM_CACHE=m
-CONFIG_DM_CACHE_SMQ=m
-CONFIG_DM_CLONE=m
-CONFIG_DM_CRYPT=y
-CONFIG_DM_DELAY=m
-CONFIG_DM_DUST=m
-CONFIG_DM_EBS=m
-CONFIG_DM_ERA=m
-CONFIG_DM_FLAKEY=m
-CONFIG_DMIID=y
-CONFIG_DM_INTEGRITY=m
-CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
-CONFIG_DMI=y
-CONFIG_DM_LOG_USERSPACE=m
-CONFIG_DM_LOG_WRITES=m
-CONFIG_DM_MIRROR=y
-CONFIG_DM_MULTIPATH_HST=m
-CONFIG_DM_MULTIPATH_IOA=m
-CONFIG_DM_MULTIPATH=m
-CONFIG_DM_MULTIPATH_QL=m
-CONFIG_DM_MULTIPATH_ST=m
-CONFIG_DM_PERSISTENT_DATA=m
-CONFIG_DM_RAID=m
-CONFIG_DM_SNAPSHOT=y
-CONFIG_DM_SWITCH=m
-CONFIG_DM_THIN_PROVISIONING=m
-CONFIG_DM_UNSTRIPED=m
-CONFIG_DM_VDO=m
-CONFIG_DM_VERITY=m
-CONFIG_DM_WRITECACHE=m
-CONFIG_DM_ZERO=y
-CONFIG_DM_ZONED=m
-CONFIG_DNOTIFY=y
-CONFIG_DNS_RESOLVER=y
-CONFIG_DQL=y
-CONFIG_DST_CACHE=y
-CONFIG_DUMMY_CONSOLE_COLUMNS=80
-CONFIG_DUMMY_CONSOLE_ROWS=25
-CONFIG_DUMMY_CONSOLE=y
-CONFIG_DUMMY=y
-CONFIG_DW_DMAC_CORE=y
-CONFIG_DYNAMIC_EVENTS=y
-CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y
-CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
-CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
-CONFIG_DYNAMIC_FTRACE=y
-CONFIG_DYNAMIC_MEMORY_LAYOUT=y
-CONFIG_DYNAMIC_SIGFRAME=y
-CONFIG_E1000E_HWTS=y
-CONFIG_E1000E=m
-CONFIG_E1000=m
-CONFIG_EARLY_PRINTK_DBGP=y
-CONFIG_EARLY_PRINTK_USB=y
-CONFIG_EARLY_PRINTK=y
-CONFIG_ECRYPT_FS=m
-CONFIG_EDAC_ATOMIC_SCRUB=y
-CONFIG_EDAC_DECODE_MCE=y
-CONFIG_EDAC_LEGACY_SYSFS=y
-CONFIG_EDAC_SUPPORT=y
-CONFIG_EDAC=y
-CONFIG_EFI_BOOTLOADER_CONTROL=m
-CONFIG_EFI_CAPSULE_LOADER=m
-CONFIG_EFI_COCO_SECRET=y
-CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
-CONFIG_EFI_DEV_PATH_PARSER=y
-CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
-CONFIG_EFI_EARLYCON=y
-CONFIG_EFI_ESRT=y
-CONFIG_EFI_HANDOVER_PROTOCOL=y
-CONFIG_EFI_MIXED=y
-CONFIG_EFI_PARTITION=y
-CONFIG_EFI_RUNTIME_MAP=y
-CONFIG_EFI_RUNTIME_WRAPPERS=y
-CONFIG_EFI_SECRET=m
-CONFIG_EFI_SOFT_RESERVE=y
-CONFIG_EFI_STUB=y
-CONFIG_EFIVAR_FS=y
-CONFIG_EFI_VARS_PSTORE=m
-CONFIG_EFI=y
-CONFIG_ELF_CORE=y
-CONFIG_ELFCORE=y
-CONFIG_ENA_ETHERNET=y
-CONFIG_ENCLOSURE_SERVICES=y
-CONFIG_ENCRYPTED_KEYS=m
-CONFIG_ENIC=m
-CONFIG_EPOLL=y
-CONFIG_EROFS_FS_POSIX_ACL=y
-CONFIG_EROFS_FS_SECURITY=y
-CONFIG_EROFS_FS_XATTR=y
-CONFIG_EROFS_FS=y
-CONFIG_EROFS_FS_ZIP=y
-CONFIG_EROFS_FS_ZIP_ZSTD=y
-CONFIG_ETHERNET=y
-CONFIG_ETHTOOL_NETLINK=y
-CONFIG_EVENTFD=y
-CONFIG_EVENT_TRACING=y
-CONFIG_EXCLUSIVE_SYSTEM_RAM=y
-CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8"
-CONFIG_EXFAT_FS=m
-CONFIG_EXPERT=y
-CONFIG_EXPORTFS=y
-CONFIG_EXT4_FS_POSIX_ACL=y
-CONFIG_EXT4_FS_SECURITY=y
-CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT2=y
-CONFIG_EXTRA_FIRMWARE=""
-CONFIG_FAILOVER=y
-CONFIG_FAIR_GROUP_SCHED=y
-CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
-CONFIG_FANOTIFY=y
-CONFIG_FAT_DEFAULT_CODEPAGE=437
-CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
-CONFIG_FAT_FS=y
-CONFIG_FHANDLE=y
-CONFIG_FIB_RULES=y
-CONFIG_FILE_LOCKING=y
-CONFIG_FIRMWARE_MEMMAP=y
-CONFIG_FIX_EARLYCON_MEM=y
-CONFIG_FIXED_PHY=y
-CONFIG_FONT_8x16=y
-CONFIG_FONT_SUPPORT=y
-CONFIG_FONTS=y
-CONFIG_FONT_TER16x32=y
-CONFIG_FORCEDETH=y
-CONFIG_FORTIFY_SOURCE=y
-CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
-CONFIG_FRAMEBUFFER_CONSOLE=y
-CONFIG_FRAME_WARN=2048
-CONFIG_FREEZER=y
-CONFIG_FS_ENCRYPTION_ALGS=m
-CONFIG_FS_ENCRYPTION=y
-CONFIG_FS_IOMAP=y
-CONFIG_FS_MBCACHE=y
-CONFIG_FSNOTIFY=y
-CONFIG_FS_POSIX_ACL=y
-CONFIG_FTRACE_MCOUNT_RECORD=y
-CONFIG_FTRACE_MCOUNT_USE_CC=y
-CONFIG_FTRACE_SYSCALLS=y
-CONFIG_FTRACE=y
-CONFIG_FUNCTION_ALIGNMENT=16
-CONFIG_FUNCTION_ALIGNMENT_16B=y
-CONFIG_FUNCTION_ALIGNMENT_4B=y
-CONFIG_FUNCTION_ERROR_INJECTION=y
-CONFIG_FUNCTION_GRAPH_TRACER=y
-CONFIG_FUNCTION_PADDING_BYTES=16
-CONFIG_FUNCTION_PADDING_CFI=11
-CONFIG_FUNCTION_TRACER=y
-CONFIG_FUSE_FS=y
-CONFIG_FUTEX_PI=y
-CONFIG_FUTEX=y
-CONFIG_FW_ATTR_CLASS=m
-CONFIG_FW_CACHE=y
-CONFIG_FW_CFG_SYSFS=m
-CONFIG_FW_CS_DSP=m
-CONFIG_FW_LOADER_COMPRESS=y
-CONFIG_FW_LOADER_COMPRESS_ZSTD=y
-CONFIG_FW_LOADER_DEBUG=y
-CONFIG_FW_LOADER_PAGED_BUF=y
-CONFIG_FW_LOADER_SYSFS=y
-CONFIG_FW_LOADER_USER_HELPER=y
-CONFIG_FW_LOADER=y
-CONFIG_FW_UPLOAD=y
-CONFIG_FWNODE_MDIO=y
-CONFIG_GCC10_NO_ARRAY_BOUNDS=y
-CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y
-CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
-CONFIG_GCC_PLUGIN_STACKLEAK=y
-CONFIG_GCC_PLUGINS=y
-CONFIG_GCC_VERSION=130200
-CONFIG_GENERIC_ALLOCATOR=y
-CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
-CONFIG_GENERIC_BUG=y
-CONFIG_GENERIC_CALIBRATE_DELAY=y
-CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
-CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
-CONFIG_GENERIC_CLOCKEVENTS=y
-CONFIG_GENERIC_CMOS_UPDATE=y
-CONFIG_GENERIC_CPU_AUTOPROBE=y
-CONFIG_GENERIC_CPU_VULNERABILITIES=y
-CONFIG_GENERIC_CPU=y
-CONFIG_GENERIC_EARLY_IOREMAP=y
-CONFIG_GENERIC_ENTRY=y
-CONFIG_GENERIC_GETTIMEOFDAY=y
-CONFIG_GENERIC_IOMAP=y
-CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y
-CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y
-CONFIG_GENERIC_IRQ_MIGRATION=y
-CONFIG_GENERIC_IRQ_PROBE=y
-CONFIG_GENERIC_IRQ_RESERVATION_MODE=y
-CONFIG_GENERIC_IRQ_SHOW=y
-CONFIG_GENERIC_ISA_DMA=y
-CONFIG_GENERIC_MSI_IRQ=y
-CONFIG_GENERIC_NET_UTILS=y
-CONFIG_GENERIC_PCI_IOMAP=y
-CONFIG_GENERIC_PENDING_IRQ=y
-CONFIG_GENERIC_PTDUMP=y
-CONFIG_GENERIC_SMP_IDLE_THREAD=y
-CONFIG_GENERIC_STRNCPY_FROM_USER=y
-CONFIG_GENERIC_STRNLEN_USER=y
-CONFIG_GENERIC_TIME_VSYSCALL=y
-CONFIG_GENERIC_TRACER=y
-CONFIG_GENERIC_VDSO_TIME_NS=y
-CONFIG_GENEVE=y
-CONFIG_GLOB=y
-CONFIG_GRACE_PERIOD=y
-CONFIG_GRO_CELLS=y
-CONFIG_GUEST_PERF_EVENTS=y
-CONFIG_GVE=m
-CONFIG_HALTPOLL_CPUIDLE=y
-CONFIG_HARDENED_USERCOPY=y
-CONFIG_HARDIRQS_SW_RESEND=y
-CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
-CONFIG_HAS_DMA=y
-CONFIG_HAS_IOMEM=y
-CONFIG_HAS_IOPORT_MAP=y
-CONFIG_HAS_IOPORT=y
-CONFIG_HAVE_ACPI_APEI_NMI=y
-CONFIG_HAVE_ACPI_APEI=y
-CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y
-CONFIG_HAVE_ARCH_AUDITSYSCALL=y
-CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y
-CONFIG_HAVE_ARCH_HUGE_VMALLOC=y
-CONFIG_HAVE_ARCH_HUGE_VMAP=y
-CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y
-CONFIG_HAVE_ARCH_JUMP_LABEL=y
-CONFIG_HAVE_ARCH_KASAN_VMALLOC=y
-CONFIG_HAVE_ARCH_KASAN=y
-CONFIG_HAVE_ARCH_KCSAN=y
-CONFIG_HAVE_ARCH_KFENCE=y
-CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_HAVE_ARCH_KMSAN=y
-CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
-CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
-CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y
-CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y
-CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
-CONFIG_HAVE_ARCH_SECCOMP=y
-CONFIG_HAVE_ARCH_SOFT_DIRTY=y
-CONFIG_HAVE_ARCH_STACKLEAK=y
-CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y
-CONFIG_HAVE_ARCH_TRACEHOOK=y
-CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y
-CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
-CONFIG_HAVE_ARCH_VMAP_STACK=y
-CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
-CONFIG_HAVE_ASM_MODVERSIONS=y
-CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y
-CONFIG_HAVE_CALL_THUNKS=y
-CONFIG_HAVE_CLK_PREPARE=y
-CONFIG_HAVE_CLK=y
-CONFIG_HAVE_CMPXCHG_DOUBLE=y
-CONFIG_HAVE_CMPXCHG_LOCAL=y
-CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y
-CONFIG_HAVE_CONTEXT_TRACKING_USER=y
-CONFIG_HAVE_C_RECORDMCOUNT=y
-CONFIG_HAVE_DEBUG_KMEMLEAK=y
-CONFIG_HAVE_DMA_CONTIGUOUS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
-CONFIG_HAVE_DYNAMIC_FTRACE=y
-CONFIG_HAVE_EBPF_JIT=y
-CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
-CONFIG_HAVE_EISA=y
-CONFIG_HAVE_EXIT_THREAD=y
-CONFIG_HAVE_FAST_GUP=y
-CONFIG_HAVE_FENTRY=y
-CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
-CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y
-CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y
-CONFIG_HAVE_FUNCTION_GRAPH_RETVAL=y
-CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
-CONFIG_HAVE_FUNCTION_TRACER=y
-CONFIG_HAVE_GCC_PLUGINS=y
-CONFIG_HAVE_GENERIC_VDSO=y
-CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y
-CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y
-CONFIG_HAVE_HW_BREAKPOINT=y
-CONFIG_HAVE_IMA_KEXEC=y
-CONFIG_HAVE_INTEL_TXT=y
-CONFIG_HAVE_IOREMAP_PROT=y
-CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
-CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
-CONFIG_HAVE_JUMP_LABEL_HACK=y
-CONFIG_HAVE_KCSAN_COMPILER=y
-CONFIG_HAVE_KERNEL_BZIP2=y
-CONFIG_HAVE_KERNEL_GZIP=y
-CONFIG_HAVE_KERNEL_LZ4=y
-CONFIG_HAVE_KERNEL_LZMA=y
-CONFIG_HAVE_KERNEL_LZO=y
-CONFIG_HAVE_KERNEL_XZ=y
-CONFIG_HAVE_KERNEL_ZSTD=y
-CONFIG_HAVE_KPROBES_ON_FTRACE=y
-CONFIG_HAVE_KPROBES=y
-CONFIG_HAVE_KRETPROBES=y
-CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
-CONFIG_HAVE_KVM_DIRTY_RING_ACQ_REL=y
-CONFIG_HAVE_KVM_DIRTY_RING_TSO=y
-CONFIG_HAVE_KVM_DIRTY_RING=y
-CONFIG_HAVE_KVM_EVENTFD=y
-CONFIG_HAVE_KVM_IRQ_BYPASS=y
-CONFIG_HAVE_KVM_IRQCHIP=y
-CONFIG_HAVE_KVM_IRQFD=y
-CONFIG_HAVE_KVM_IRQ_ROUTING=y
-CONFIG_HAVE_KVM_MSI=y
-CONFIG_HAVE_KVM_NO_POLL=y
-CONFIG_HAVE_KVM_PFNCACHE=y
-CONFIG_HAVE_KVM_PM_NOTIFIER=y
-CONFIG_HAVE_KVM=y
-CONFIG_HAVE_LIVEPATCH=y
-CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
-CONFIG_HAVE_MMIOTRACE_SUPPORT=y
-CONFIG_HAVE_MOD_ARCH_SPECIFIC=y
-CONFIG_HAVE_MOVE_PMD=y
-CONFIG_HAVE_MOVE_PUD=y
-CONFIG_HAVE_NMI=y
-CONFIG_HAVE_NOINSTR_HACK=y
-CONFIG_HAVE_NOINSTR_VALIDATION=y
-CONFIG_HAVE_OBJTOOL_MCOUNT=y
-CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y
-CONFIG_HAVE_OBJTOOL=y
-CONFIG_HAVE_OPTPROBES=y
-CONFIG_HAVE_PCI=y
-CONFIG_HAVE_PCSPKR_PLATFORM=y
-CONFIG_HAVE_PERF_EVENTS_NMI=y
-CONFIG_HAVE_PERF_EVENTS=y
-CONFIG_HAVE_PERF_REGS=y
-CONFIG_HAVE_PERF_USER_STACK_DUMP=y
-CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y
-CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y
-CONFIG_HAVE_PREEMPT_DYNAMIC=y
-CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
-CONFIG_HAVE_RELIABLE_STACKTRACE=y
-CONFIG_HAVE_RETHOOK=y
-CONFIG_HAVE_RSEQ=y
-CONFIG_HAVE_RUST=y
-CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y
-CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y
-CONFIG_HAVE_SETUP_PER_CPU_AREA=y
-CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y
-CONFIG_HAVE_STACKPROTECTOR=y
-CONFIG_HAVE_STACK_VALIDATION=y
-CONFIG_HAVE_STATIC_CALL_INLINE=y
-CONFIG_HAVE_STATIC_CALL=y
-CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
-CONFIG_HAVE_UACCESS_VALIDATION=y
-CONFIG_HAVE_UID16=y
-CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
-CONFIG_HAVE_USER_RETURN_NOTIFIER=y
-CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
-CONFIG_HDMI=y
-CONFIG_HIBERNATE_CALLBACKS=y
-CONFIG_HID_A4TECH=m
-CONFIG_HID_APPLE=m
-CONFIG_HID_BELKIN=m
-CONFIG_HID_CHERRY=m
-CONFIG_HID_CHICONY=m
-CONFIG_HID_CORSAIR=m
-CONFIG_HID_CYPRESS=m
-CONFIG_HID_EZKEY=m
-CONFIG_HID_GENERIC=y
-CONFIG_HID_GYRATION=m
-CONFIG_HID_ITE=m
-CONFIG_HID_KENSINGTON=m
-CONFIG_HID_LENOVO=m
-CONFIG_HID_LOGITECH_DJ=m
-CONFIG_HID_LOGITECH_HIDPP=m
-CONFIG_HID_LOGITECH=m
-CONFIG_HID_MICROSOFT=m
-CONFIG_HID_MONTEREY=m
-CONFIG_HID_PANTHERLORD=m
-CONFIG_HID_PETALYNX=m
-CONFIG_HIDRAW=y
-CONFIG_HID_REDRAGON=y
-CONFIG_HID_ROCCAT=y
-CONFIG_HID_SAMSUNG=m
-CONFIG_HID_SUNPLUS=m
-CONFIG_HID_SUPPORT=y
-CONFIG_HID_TOPSEED=m
-CONFIG_HID=y
-CONFIG_HIGH_RES_TIMERS=y
-CONFIG_HMM_MIRROR=y
-CONFIG_HOTPLUG_CORE_SYNC_DEAD=y
-CONFIG_HOTPLUG_CORE_SYNC_FULL=y
-CONFIG_HOTPLUG_CORE_SYNC=y
-CONFIG_HOTPLUG_CPU=y
-CONFIG_HOTPLUG_PARALLEL=y
-CONFIG_HOTPLUG_PCI_ACPI=y
-CONFIG_HOTPLUG_PCI_PCIE=y
-CONFIG_HOTPLUG_PCI=y
-CONFIG_HOTPLUG_SMT=y
-CONFIG_HOTPLUG_SPLIT_STARTUP=y
-CONFIG_HPET_EMULATE_RTC=y
-CONFIG_HPET_TIMER=y
-CONFIG_HPET=y
-CONFIG_HP_ILO=m
-CONFIG_HSA_AMD=y
-CONFIG_HSR=y
-CONFIG_HSU_DMA=y
-CONFIG_HUGETLBFS=y
-CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y
-CONFIG_HUGETLB_PAGE=y
-CONFIG_HVC_DRIVER=y
-CONFIG_HVC_IRQ=y
-CONFIG_HVC_XEN_FRONTEND=y
-CONFIG_HVC_XEN=y
-CONFIG_HW_CONSOLE=y
-CONFIG_HWMON=y
-CONFIG_HW_RANDOM_TPM=y
-CONFIG_HW_RANDOM_VIA=y
-CONFIG_HW_RANDOM_VIRTIO=y
-CONFIG_HW_RANDOM=y
-CONFIG_HYPERV_BALLOON=y
-CONFIG_HYPERV_IOMMU=y
-CONFIG_HYPERVISOR_GUEST=y
-CONFIG_HYPERV_KEYBOARD=y
-CONFIG_HYPERV_NET=y
-CONFIG_HYPERV_STORAGE=y
-CONFIG_HYPERV_TIMER=y
-CONFIG_HYPERV_UTILS=y
-CONFIG_HYPERV_VSOCKETS=y
-CONFIG_HYPERV=y
-CONFIG_HZ=250
-CONFIG_HZ_250=y
-CONFIG_I2C_ALGOBIT=m
-CONFIG_I2C_BOARDINFO=y
-CONFIG_I2C_COMPAT=y
-CONFIG_I2C_HELPER_AUTO=y
-CONFIG_I2C_HID=y
-CONFIG_I2C_I801=m
-CONFIG_I2C_SMBUS=m
-CONFIG_I2C=y
-CONFIG_I40E=m
-CONFIG_I40EVF=m
-CONFIG_I6300ESB_WDT=m
-CONFIG_I8253_LOCK=y
-CONFIG_IA32_EMULATION=y
-CONFIG_IA32_FEAT_CTL=y
-CONFIG_IAVF=m
-CONFIG_ICE_HWTS=y
-CONFIG_ICE=m
-CONFIG_ICE_SWITCHDEV=y
-CONFIG_IGB_DCA=y
-CONFIG_IGB_HWMON=y
-CONFIG_IGB=m
-CONFIG_IGBVF=m
-CONFIG_IGC=m
-CONFIG_IKCONFIG_PROC=y
-CONFIG_IKCONFIG=y
-CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_ARCH_POLICY=y
-CONFIG_IMA_DEFAULT_HASH="sha512"
-CONFIG_IMA_DEFAULT_HASH_SHA512=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-CONFIG_IMA_LSM_RULES=y
-CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
-CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
-CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
-CONFIG_IMA_WRITE_POLICY=y
-CONFIG_IMA=y
-CONFIG_INET6_AH=y
-CONFIG_INET6_ESP_OFFLOAD=y
-CONFIG_INET6_ESP=y
-CONFIG_INET6_IPCOMP=y
-CONFIG_INET6_TUNNEL=y
-CONFIG_INET6_XFRM_TUNNEL=y
-CONFIG_INET_AH=y
-CONFIG_INET_ESP=y
-CONFIG_INET_IPCOMP=y
-CONFIG_INET_TABLE_PERTURB_ORDER=16
-CONFIG_INET_TUNNEL=y
-CONFIG_INET_XFRM_TUNNEL=y
-CONFIG_INET=y
-CONFIG_INFINIBAND_ADDR_TRANS_CONFIGFS=y
-CONFIG_INFINIBAND_ADDR_TRANS=y
-CONFIG_INFINIBAND_IPOIB_DEBUG=y
-CONFIG_INFINIBAND_IPOIB=y
-CONFIG_INFINIBAND_VIRT_DMA=y
-CONFIG_INFINIBAND=y
-CONFIG_INIT_ENV_ARG_LIMIT=32
-CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
-CONFIG_INITRAMFS_PRESERVE_MTIME=y
-CONFIG_INITRAMFS_SOURCE=""
-CONFIG_INIT_STACK_ALL_ZERO=y
-CONFIG_INLINE_READ_UNLOCK_IRQ=y
-CONFIG_INLINE_READ_UNLOCK=y
-CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
-CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
-CONFIG_INLINE_WRITE_UNLOCK=y
-CONFIG_INOTIFY_USER=y
-CONFIG_INPUT_EVDEV=y
-CONFIG_INPUT_FF_MEMLESS=y
-CONFIG_INPUT_JOYSTICK=y
-CONFIG_INPUT_KEYBOARD=y
-CONFIG_INPUT_LEDS=y
-CONFIG_INPUT_MISC=y
-CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
-CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
-CONFIG_INPUT_MOUSEDEV=y
-CONFIG_INPUT_MOUSE=y
-CONFIG_INPUT_SPARSEKMAP=y
-CONFIG_INPUT_TABLET=y
-CONFIG_INPUT_TOUCHSCREEN=y
-CONFIG_INPUT_VIVALDIFMAP=y
-CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y
-CONFIG_INPUT=y
-CONFIG_INSTRUCTION_DECODER=y
-CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-CONFIG_INTEGRITY_AUDIT=y
-CONFIG_INTEGRITY_PLATFORM_KEYRING=y
-CONFIG_INTEGRITY_SIGNATURE=y
-CONFIG_INTEGRITY_TRUSTED_KEYRING=y
-CONFIG_INTEGRITY=y
-CONFIG_INTEL_GTT=y
-CONFIG_INTEL_IDLE=y
-CONFIG_INTEL_IOATDMA=y
-CONFIG_INTEL_IOMMU_DEFAULT_ON=y
-CONFIG_INTEL_IOMMU_FLOPPY_WA=y
-CONFIG_INTEL_IOMMU_PERF_EVENTS=y
-CONFIG_INTEL_IOMMU_SVM=y
-CONFIG_INTEL_IOMMU=y
-CONFIG_INTEL_PMC_CORE=m
-CONFIG_INTEL_TCC=y
-CONFIG_INTERVAL_TREE=y
-CONFIG_IO_DELAY_0X80=y
-CONFIG_IOMMU_API=y
-CONFIG_IOMMU_DEFAULT_DMA_STRICT=y
-CONFIG_IOMMU_DMA=y
-CONFIG_IOMMU_IO_PGTABLE=y
-CONFIG_IOMMU_IOVA=y
-CONFIG_IOMMU_SUPPORT=y
-CONFIG_IOMMU_SVA=y
-CONFIG_IOSCHED_BFQ=y
-CONFIG_IOSF_MBI=y
-CONFIG_IO_URING=y
-CONFIG_IO_WQ=y
-CONFIG_IP6_NF_FILTER=y
-CONFIG_IP6_NF_IPTABLES=y
-CONFIG_IP6_NF_MANGLE=y
-CONFIG_IP6_NF_MATCH_AH=y
-CONFIG_IP6_NF_MATCH_EUI64=y
-CONFIG_IP6_NF_MATCH_FRAG=y
-CONFIG_IP6_NF_MATCH_HL=y
-CONFIG_IP6_NF_MATCH_IPV6HEADER=y
-CONFIG_IP6_NF_MATCH_MH=y
-CONFIG_IP6_NF_MATCH_OPTS=y
-CONFIG_IP6_NF_MATCH_RPFILTER=y
-CONFIG_IP6_NF_MATCH_RT=y
-CONFIG_IP6_NF_NAT=y
-CONFIG_IP6_NF_RAW=y
-CONFIG_IP6_NF_SECURITY=y
-CONFIG_IP6_NF_TARGET_HL=y
-CONFIG_IP6_NF_TARGET_REJECT=y
-CONFIG_IP6_NF_TARGET_SYNPROXY=y
-CONFIG_IP_ADVANCED_ROUTER=y
-CONFIG_IPC_NS=y
-CONFIG_IP_DCCP_CCID3=y
-CONFIG_IP_DCCP_TFRC_LIB=y
-CONFIG_IP_DCCP=y
-CONFIG_IPMI_DEVICE_INTERFACE=y
-CONFIG_IPMI_DMI_DECODE=y
-CONFIG_IPMI_HANDLER=y
-CONFIG_IPMI_PLAT_DATA=y
-CONFIG_IPMI_POWEROFF=y
-CONFIG_IPMI_SI=y
-CONFIG_IPMI_WATCHDOG=m
-CONFIG_IP_MROUTE_COMMON=y
-CONFIG_IP_MROUTE=y
-CONFIG_IP_MULTICAST=y
-CONFIG_IP_MULTIPLE_TABLES=y
-CONFIG_IP_NF_FILTER=y
-CONFIG_IP_NF_IPTABLES=y
-CONFIG_IP_NF_MANGLE=y
-CONFIG_IP_NF_MATCH_RPFILTER=y
-CONFIG_IP_NF_NAT=y
-CONFIG_IP_NF_RAW=y
-CONFIG_IP_NF_TARGET_MASQUERADE=y
-CONFIG_IP_NF_TARGET_NETMAP=y
-CONFIG_IP_NF_TARGET_REDIRECT=y
-CONFIG_IP_NF_TARGET_REJECT=y
-CONFIG_IP_PIMSM_V1=y
-CONFIG_IP_PIMSM_V2=y
-CONFIG_IP_PNP_BOOTP=y
-CONFIG_IP_PNP_DHCP=y
-CONFIG_IP_PNP_RARP=y
-CONFIG_IP_PNP=y
-CONFIG_IP_ROUTE_CLASSID=y
-CONFIG_IP_ROUTE_MULTIPATH=y
-CONFIG_IP_ROUTE_VERBOSE=y
-CONFIG_IP_SCTP=y
-CONFIG_IP_SET_BITMAP_IPMAC=y
-CONFIG_IP_SET_BITMAP_IP=y
-CONFIG_IP_SET_BITMAP_PORT=y
-CONFIG_IP_SET_HASH_IPMAC=y
-CONFIG_IP_SET_HASH_IPMARK=y
-CONFIG_IP_SET_HASH_IPPORTIP=y
-CONFIG_IP_SET_HASH_IPPORTNET=y
-CONFIG_IP_SET_HASH_IPPORT=y
-CONFIG_IP_SET_HASH_IP=y
-CONFIG_IP_SET_HASH_MAC=y
-CONFIG_IP_SET_HASH_NETIFACE=y
-CONFIG_IP_SET_HASH_NETNET=y
-CONFIG_IP_SET_HASH_NETPORTNET=y
-CONFIG_IP_SET_HASH_NETPORT=y
-CONFIG_IP_SET_HASH_NET=y
-CONFIG_IP_SET_LIST_SET=y
-CONFIG_IP_SET_MAX=256
-CONFIG_IP_SET=y
-CONFIG_IPV6_FOU_TUNNEL=y
-CONFIG_IPV6_FOU=y
-CONFIG_IPV6_ILA=y
-CONFIG_IPV6_MIP6=y
-CONFIG_IPV6_MULTIPLE_TABLES=y
-CONFIG_IPV6_NDISC_NODETYPE=y
-CONFIG_IPV6_ROUTE_INFO=y
-CONFIG_IPV6_ROUTER_PREF=y
-CONFIG_IPV6_SIT=y
-CONFIG_IPV6_TUNNEL=y
-CONFIG_IPV6=y
-CONFIG_IPVLAN_L3S=y
-CONFIG_IPVLAN=y
-CONFIG_IP_VS_IPV6=y
-CONFIG_IP_VS_LC=y
-CONFIG_IP_VS_MH_TAB_INDEX=12
-CONFIG_IP_VS_NFCT=y
-CONFIG_IP_VS_PROTO_TCP=y
-CONFIG_IP_VS_PROTO_UDP=y
-CONFIG_IP_VS_RR=y
-CONFIG_IP_VS_SH_TAB_BITS=8
-CONFIG_IP_VS_SH=y
-CONFIG_IP_VS_TAB_BITS=12
-CONFIG_IP_VS_WRR=y
-CONFIG_IP_VS=y
-CONFIG_IRQ_BYPASS_MANAGER=y
-CONFIG_IRQ_DOMAIN_HIERARCHY=y
-CONFIG_IRQ_DOMAIN=y
-CONFIG_IRQ_FORCED_THREADING=y
-CONFIG_IRQ_MSI_IOMMU=y
-CONFIG_IRQ_POLL=y
-CONFIG_IRQ_REMAP=y
-CONFIG_IRQ_WORK=y
-CONFIG_ISA_DMA_API=y
-CONFIG_ISCSI_TCP=y
-CONFIG_ISO9660_FS=y
-CONFIG_ITCO_VENDOR_SUPPORT=y
-CONFIG_ITCO_WDT=m
-CONFIG_IXGBE_DCA=y
-CONFIG_IXGBE_HWMON=y
-CONFIG_IXGBE_IPSEC=y
-CONFIG_IXGBE=m
-CONFIG_IXGBEVF_IPSEC=y
-CONFIG_IXGBEVF=m
-CONFIG_JBD2=y
-CONFIG_JOLIET=y
-CONFIG_JUMP_LABEL=y
-CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
-CONFIG_KALLSYMS_BASE_RELATIVE=y
-CONFIG_KALLSYMS=y
-CONFIG_KARMA_PARTITION=y
-CONFIG_KCMP=y
-CONFIG_KERNEL_ZSTD=y
-CONFIG_KERNFS=y
-CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
-CONFIG_KEXEC_CORE=y
-CONFIG_KEXEC_FILE=y
-CONFIG_KEXEC_SIG=y
-CONFIG_KEYBOARD_ATKBD=y
-CONFIG_KEYS=y
-CONFIG_KFENCE_NUM_OBJECTS=255
-CONFIG_KFENCE_SAMPLE_INTERVAL=100
-CONFIG_KFENCE_STRESS_TEST_FAULTS=0
-CONFIG_KFENCE=y
-CONFIG_KPROBE_EVENTS=y
-CONFIG_KPROBES_ON_FTRACE=y
-CONFIG_KPROBES=y
-CONFIG_KRETPROBE_ON_RETHOOK=y
-CONFIG_KRETPROBES=y
-CONFIG_KVM_AMD=y
-CONFIG_KVM_AMD_SEV=y
-CONFIG_KVM_ASYNC_PF=y
-CONFIG_KVM_COMPAT=y
-CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y
-CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y
-CONFIG_KVM_GUEST=y
-CONFIG_KVM_INTEL=y
-CONFIG_KVM_MMIO=y
-CONFIG_KVM_SMM=y
-CONFIG_KVM_VFIO=y
-CONFIG_KVM_WERROR=y
-CONFIG_KVM_XFER_TO_GUEST_WORK=y
-CONFIG_KVM=y
-CONFIG_L2TP=y
-CONFIG_LAPB=y
-CONFIG_LD_IS_BFD=y
-CONFIG_LD_ORPHAN_WARN_LEVEL="warn"
-CONFIG_LD_ORPHAN_WARN=y
-CONFIG_LD_VERSION=24200
-CONFIG_LEDS_CLASS=y
-CONFIG_LEDS_TRIGGERS=y
-CONFIG_LEGACY_DIRECT_IO=y
-CONFIG_LEGACY_VSYSCALL_NONE=y
-CONFIG_LIBCRC32C=y
-CONFIG_LINEAR_RANGES=y
-CONFIG_LIST_HARDENED=y
-CONFIG_LLC2=y
-CONFIG_LLC=y
-CONFIG_LLD_VERSION=0
-CONFIG_LOAD_UEFI_KEYS=y
-#CONFIG_LOCALVERSION="-patagia"
-CONFIG_LOCK_DEBUGGING_SUPPORT=y
-CONFIG_LOCKDEP_SUPPORT=y
-CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
-CONFIG_LOCKD_V4=y
-CONFIG_LOCKD=y
-CONFIG_LOCK_MM_AND_FIND_VMA=y
-CONFIG_LOCK_SPIN_ON_OWNER=y
-CONFIG_LOG_BUF_SHIFT=18
-CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
-CONFIG_LOGITECH_FF=y
-CONFIG_LOGIWHEELS_FF=y
-CONFIG_LOGO_LINUX_CLUT224=y
-CONFIG_LOGO=y
-CONFIG_LPC_ICH=m
-CONFIG_LRU_CACHE=m
-CONFIG_LRU_GEN_ENABLED=y
-CONFIG_LRU_GEN_WALKS_MMU=y
-CONFIG_LRU_GEN=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity,bpf,apparmor"
-CONFIG_LTO_NONE=y
-CONFIG_LWTUNNEL_BPF=y
-CONFIG_LWTUNNEL=y
-CONFIG_LZ4_COMPRESS=m
-CONFIG_LZ4_DECOMPRESS=y
-CONFIG_LZ4HC_COMPRESS=m
-CONFIG_LZO_COMPRESS=y
-CONFIG_LZO_DECOMPRESS=y
-CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
-CONFIG_MAC_PARTITION=y
-CONFIG_MACVLAN=y
-CONFIG_MACVTAP=y
-CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
-CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE=""
-CONFIG_MAGIC_SYSRQ_SERIAL=y
-CONFIG_MAGIC_SYSRQ=y
-CONFIG_MAILBOX=y
-CONFIG_MARVELL_10G_PHY=y
-CONFIG_MARVELL_PHY=y
-CONFIG_MAX_SKB_FRAGS=17
-CONFIG_MD_AUTODETECT=y
-CONFIG_MD_BITMAP_FILE=y
-CONFIG_MDIO_BUS=y
-CONFIG_MDIO_DEVICE=y
-CONFIG_MDIO_DEVRES=y
-CONFIG_MDIO=m
-CONFIG_MD_RAID0=y
-CONFIG_MD_RAID10=y
-CONFIG_MD_RAID1=y
-CONFIG_MD_RAID456=m
-CONFIG_MD=y
-CONFIG_MEGARAID_SAS=m
-CONFIG_MEMBARRIER=y
-CONFIG_MEMCG_KMEM=y
-CONFIG_MEMCG=y
-CONFIG_MEMFD_CREATE=y
-CONFIG_MEMORY_BALLOON=y
-CONFIG_MEMORY_FAILURE=y
-CONFIG_MEMORY_HOTPLUG=y
-CONFIG_MEMORY_HOTREMOVE=y
-CONFIG_MEMORY_ISOLATION=y
-CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
-CONFIG_MFD_CORE=m
-CONFIG_MFD_INTEL_PMC_BXT=m
-CONFIG_MICROCODE=y
-CONFIG_MIGRATION=y
-CONFIG_MII=m
-CONFIG_MINIX_SUBPARTITION=y
-CONFIG_MISC_FILESYSTEMS=y
-CONFIG_MITIGATION_RFDS=y
-CONFIG_MITIGATION_SPECTRE_BHI=y
-CONFIG_MLX4_CORE_GEN2=y
-CONFIG_MLX4_CORE=m
-CONFIG_MLX4_DEBUG=y
-CONFIG_MLX4_EN_DCB=y
-CONFIG_MLX4_EN=m
-CONFIG_MLX4_INFINIBAND=m
-CONFIG_MLX5_BRIDGE=y
-CONFIG_MLX5_CORE_EN_DCB=y
-CONFIG_MLX5_CORE_EN=y
-CONFIG_MLX5_CORE_IPOIB=y
-CONFIG_MLX5_CORE=m
-CONFIG_MLX5_EN_ARFS=y
-CONFIG_MLX5_EN_RXNFC=y
-CONFIG_MLX5_ESWITCH=y
-CONFIG_MLX5_FPGA=y
-CONFIG_MLX5_INFINIBAND=m
-CONFIG_MLX5_MPFS=y
-CONFIG_MLX5_SW_STEERING=y
-CONFIG_MLXFW=m
-CONFIG_MLXSW_CORE_HWMON=y
-CONFIG_MLXSW_CORE=m
-CONFIG_MLXSW_CORE_THERMAL=y
-CONFIG_MLXSW_I2C=m
-CONFIG_MLXSW_MINIMAL=m
-CONFIG_MLXSW_PCI=m
-CONFIG_MLXSW_SPECTRUM_DCB=y
-CONFIG_MLXSW_SPECTRUM=m
-CONFIG_MMC_BLOCK_MINORS=32
-CONFIG_MMC_BLOCK=y
-CONFIG_MMC_CQHCI=y
-CONFIG_MMCONF_FAM10H=y
-CONFIG_MMC_RICOH_MMC=y
-CONFIG_MMC_SDHCI_ACPI=m
-CONFIG_MMC_SDHCI_F_SDH30=m
-CONFIG_MMC_SDHCI_IO_ACCESSORS=y
-CONFIG_MMC_SDHCI_PCI=m
-CONFIG_MMC_SDHCI_PLTFM=m
-CONFIG_MMC_SDHCI_XENON=m
-CONFIG_MMC_SDHCI=y
-CONFIG_MMC=y
-CONFIG_MMU_GATHER_MERGE_VMAS=y
-CONFIG_MMU_GATHER_RCU_TABLE_FREE=y
-CONFIG_MMU_GATHER_TABLE_FREE=y
-CONFIG_MMU_LAZY_TLB_REFCOUNT=y
-CONFIG_MMU_NOTIFIER=y
-CONFIG_MMU=y
-CONFIG_MODPROBE_PATH="/sbin/modprobe"
-CONFIG_MODULE_COMPRESS_ZSTD=y
-CONFIG_MODULE_FORCE_UNLOAD=y
-CONFIG_MODULE_SIG_ALL=y
-CONFIG_MODULE_SIG_FORCE=y
-CONFIG_MODULE_SIG_FORMAT=y
-CONFIG_MODULE_SIG_HASH="sha512"
-CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
-CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
-CONFIG_MODULE_SIG_SHA512=y
-CONFIG_MODULE_SIG=y
-CONFIG_MODULE_SRCVERSION_ALL=y
-CONFIG_MODULE_UNLOAD=y
-CONFIG_MODULES_TREE_LOOKUP=y
-CONFIG_MODULES_USE_ELF_RELA=y
-CONFIG_MODULES=y
-CONFIG_MODVERSIONS=y
-CONFIG_MPILIB=y
-CONFIG_MPLS=y
-CONFIG_MQ_IOSCHED_DEADLINE=y
-CONFIG_MQ_IOSCHED_KYBER=y
-CONFIG_MSDOS_FS=y
-CONFIG_MSDOS_PARTITION=y
-CONFIG_MTRR=y
-CONFIG_MULTIUSER=y
-CONFIG_MUTEX_SPIN_ON_OWNER=y
-CONFIG_NAMESPACES=y
-CONFIG_NEED_DMA_MAP_STATE=y
-CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
-CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
-CONFIG_NEED_SG_DMA_FLAGS=y
-CONFIG_NEED_SG_DMA_LENGTH=y
-CONFIG_NET_ACT_BPF=y
-CONFIG_NET_ACT_CSUM=y
-CONFIG_NET_ACT_GACT=y
-CONFIG_NET_ACT_IFE=y
-CONFIG_NET_ACT_IPT=y
-CONFIG_NET_ACT_MIRRED=y
-CONFIG_NET_ACT_NAT=y
-CONFIG_NET_ACT_PEDIT=y
-CONFIG_NET_ACT_POLICE=y
-CONFIG_NET_ACT_SAMPLE=y
-CONFIG_NET_ACT_SIMP=y
-CONFIG_NET_ACT_SKBEDIT=y
-CONFIG_NET_ACT_SKBMOD=y
-CONFIG_NET_ACT_TUNNEL_KEY=y
-CONFIG_NET_ACT_VLAN=y
-CONFIG_NET_CLS_ACT=y
-CONFIG_NET_CLS_BASIC=y
-CONFIG_NET_CLS_BPF=y
-CONFIG_NET_CLS_CGROUP=y
-CONFIG_NET_CLS_FLOWER=y
-CONFIG_NET_CLS_FLOW=y
-CONFIG_NET_CLS_FW=y
-CONFIG_NET_CLS_MATCHALL=y
-CONFIG_NET_CLS_ROUTE4=y
-CONFIG_NET_CLS_U32=y
-CONFIG_NET_CLS=y
-CONFIG_NETCONSOLE=y
-CONFIG_NET_CORE=y
-CONFIG_NETDEVICES=y
-CONFIG_NET_DEVLINK=y
-CONFIG_NET_DSA=y
-CONFIG_NET_EGRESS=y
-CONFIG_NET_EMATCH_CMP=y
-CONFIG_NET_EMATCH_IPSET=y
-CONFIG_NET_EMATCH_META=y
-CONFIG_NET_EMATCH_NBYTE=y
-CONFIG_NET_EMATCH_STACK=32
-CONFIG_NET_EMATCH_TEXT=y
-CONFIG_NET_EMATCH_U32=y
-CONFIG_NET_EMATCH=y
-CONFIG_NET_FAILOVER=y
-CONFIG_NETFILTER_ADVANCED=y
-CONFIG_NETFILTER_BPF_LINK=y
-CONFIG_NETFILTER_CONNCOUNT=y
-CONFIG_NETFILTER_EGRESS=y
-CONFIG_NETFILTER_FAMILY_BRIDGE=y
-CONFIG_NETFILTER_INGRESS=y
-CONFIG_NETFILTER_NETLINK_ACCT=y
-CONFIG_NETFILTER_NETLINK_GLUE_CT=y
-CONFIG_NETFILTER_NETLINK_LOG=y
-CONFIG_NETFILTER_NETLINK_OSF=y
-CONFIG_NETFILTER_NETLINK_QUEUE=y
-CONFIG_NETFILTER_NETLINK=y
-CONFIG_NETFILTER_SKIP_EGRESS=y
-CONFIG_NETFILTER_SYNPROXY=y
-CONFIG_NETFILTER_XTABLES_COMPAT=y
-CONFIG_NETFILTER_XTABLES=y
-CONFIG_NETFILTER_XT_CONNMARK=y
-CONFIG_NETFILTER_XT_MARK=y
-CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
-CONFIG_NETFILTER_XT_MATCH_BPF=y
-CONFIG_NETFILTER_XT_MATCH_CGROUP=y
-CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
-CONFIG_NETFILTER_XT_MATCH_COMMENT=y
-CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
-CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
-CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
-CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
-CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
-CONFIG_NETFILTER_XT_MATCH_CPU=y
-CONFIG_NETFILTER_XT_MATCH_DCCP=y
-CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
-CONFIG_NETFILTER_XT_MATCH_DSCP=y
-CONFIG_NETFILTER_XT_MATCH_ECN=y
-CONFIG_NETFILTER_XT_MATCH_ESP=y
-CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
-CONFIG_NETFILTER_XT_MATCH_HELPER=y
-CONFIG_NETFILTER_XT_MATCH_HL=y
-CONFIG_NETFILTER_XT_MATCH_IPCOMP=y
-CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
-CONFIG_NETFILTER_XT_MATCH_IPVS=y
-CONFIG_NETFILTER_XT_MATCH_L2TP=y
-CONFIG_NETFILTER_XT_MATCH_LENGTH=y
-CONFIG_NETFILTER_XT_MATCH_LIMIT=y
-CONFIG_NETFILTER_XT_MATCH_MAC=y
-CONFIG_NETFILTER_XT_MATCH_MARK=y
-CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
-CONFIG_NETFILTER_XT_MATCH_NFACCT=y
-CONFIG_NETFILTER_XT_MATCH_OSF=y
-CONFIG_NETFILTER_XT_MATCH_OWNER=y
-CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
-CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
-CONFIG_NETFILTER_XT_MATCH_POLICY=y
-CONFIG_NETFILTER_XT_MATCH_QUOTA=y
-CONFIG_NETFILTER_XT_MATCH_RATEEST=y
-CONFIG_NETFILTER_XT_MATCH_REALM=y
-CONFIG_NETFILTER_XT_MATCH_RECENT=y
-CONFIG_NETFILTER_XT_MATCH_SCTP=y
-CONFIG_NETFILTER_XT_MATCH_SOCKET=y
-CONFIG_NETFILTER_XT_MATCH_STATE=y
-CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
-CONFIG_NETFILTER_XT_MATCH_STRING=y
-CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
-CONFIG_NETFILTER_XT_MATCH_TIME=y
-CONFIG_NETFILTER_XT_MATCH_U32=y
-CONFIG_NETFILTER_XT_NAT=y
-CONFIG_NETFILTER_XT_SET=y
-CONFIG_NETFILTER_XT_TARGET_AUDIT=y
-CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
-CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
-CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
-CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
-CONFIG_NETFILTER_XT_TARGET_CT=y
-CONFIG_NETFILTER_XT_TARGET_DSCP=y
-CONFIG_NETFILTER_XT_TARGET_HL=y
-CONFIG_NETFILTER_XT_TARGET_HMARK=y
-CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
-CONFIG_NETFILTER_XT_TARGET_LED=y
-CONFIG_NETFILTER_XT_TARGET_LOG=y
-CONFIG_NETFILTER_XT_TARGET_MARK=y
-CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y
-CONFIG_NETFILTER_XT_TARGET_NETMAP=y
-CONFIG_NETFILTER_XT_TARGET_NFLOG=y
-CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
-CONFIG_NETFILTER_XT_TARGET_RATEEST=y
-CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
-CONFIG_NETFILTER_XT_TARGET_SECMARK=y
-CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
-CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y
-CONFIG_NETFILTER_XT_TARGET_TEE=y
-CONFIG_NETFILTER_XT_TARGET_TPROXY=y
-CONFIG_NETFILTER=y
-CONFIG_NET_FLOW_LIMIT=y
-CONFIG_NET_FOU_IP_TUNNELS=y
-CONFIG_NET_FOU=y
-CONFIG_NETFS_SUPPORT=y
-CONFIG_NET_HANDSHAKE=y
-CONFIG_NET_IFE=y
-CONFIG_NET_INGRESS=y
-CONFIG_NET_IPGRE_DEMUX=y
-CONFIG_NET_IPGRE=m
-CONFIG_NET_IPIP=y
-CONFIG_NET_IP_TUNNEL=y
-CONFIG_NET_L3_MASTER_DEV=y
-CONFIG_NETLABEL=y
-CONFIG_NETLINK_DIAG=y
-CONFIG_NET_MPLS_GSO=y
-CONFIG_NET_NCSI=y
-CONFIG_NET_NSH=y
-CONFIG_NET_NS=y
-CONFIG_NET_POLL_CONTROLLER=y
-CONFIG_NETPOLL=y
-CONFIG_NET_PTP_CLASSIFY=y
-CONFIG_NET_RX_BUSY_POLL=y
-CONFIG_NET_SCH_CHOKE=y
-CONFIG_NET_SCH_CODEL=y
-CONFIG_NET_SCH_DEFAULT=y
-CONFIG_NET_SCH_DRR=y
-CONFIG_NET_SCHED=y
-CONFIG_NET_SCH_FIFO=y
-CONFIG_NET_SCH_FQ_CODEL=y
-CONFIG_NET_SCH_FQ=y
-CONFIG_NET_SCH_GRED=y
-CONFIG_NET_SCH_HFSC=y
-CONFIG_NET_SCH_HHF=y
-CONFIG_NET_SCH_HTB=y
-CONFIG_NET_SCH_INGRESS=y
-CONFIG_NET_SCH_MQPRIO_LIB=y
-CONFIG_NET_SCH_MQPRIO=y
-CONFIG_NET_SCH_MULTIQ=y
-CONFIG_NET_SCH_NETEM=y
-CONFIG_NET_SCH_PIE=y
-CONFIG_NET_SCH_PLUG=y
-CONFIG_NET_SCH_PRIO=y
-CONFIG_NET_SCH_QFQ=y
-CONFIG_NET_SCH_RED=y
-CONFIG_NET_SCH_SFB=y
-CONFIG_NET_SCH_SFQ=y
-CONFIG_NET_SCH_TBF=y
-CONFIG_NET_SCH_TEQL=y
-CONFIG_NET_SELFTESTS=y
-CONFIG_NET_SOCK_MSG=y
-CONFIG_NET_SWITCHDEV=y
-CONFIG_NET_TULIP=y
-CONFIG_NET_UDP_TUNNEL=y
-CONFIG_NET_VENDOR_3COM=y
-CONFIG_NET_VENDOR_8390=y
-CONFIG_NET_VENDOR_ADAPTEC=y
-CONFIG_NET_VENDOR_AGERE=y
-CONFIG_NET_VENDOR_ALACRITECH=y
-CONFIG_NET_VENDOR_ALTEON=y
-CONFIG_NET_VENDOR_AMAZON=y
-CONFIG_NET_VENDOR_AMD=y
-CONFIG_NET_VENDOR_AQUANTIA=y
-CONFIG_NET_VENDOR_ARC=y
-CONFIG_NET_VENDOR_ASIX=y
-CONFIG_NET_VENDOR_ATHEROS=y
-CONFIG_NET_VENDOR_BROADCOM=y
-CONFIG_NET_VENDOR_BROCADE=y
-CONFIG_NET_VENDOR_CADENCE=y
-CONFIG_NET_VENDOR_CAVIUM=y
-CONFIG_NET_VENDOR_CHELSIO=y
-CONFIG_NET_VENDOR_CISCO=y
-CONFIG_NET_VENDOR_CORTINA=y
-CONFIG_NET_VENDOR_DAVICOM=y
-CONFIG_NET_VENDOR_DEC=y
-CONFIG_NET_VENDOR_DLINK=y
-CONFIG_NET_VENDOR_EMULEX=y
-CONFIG_NET_VENDOR_ENGLEDER=y
-CONFIG_NET_VENDOR_EZCHIP=y
-CONFIG_NET_VENDOR_FUNGIBLE=y
-CONFIG_NET_VENDOR_GOOGLE=y
-CONFIG_NET_VENDOR_HUAWEI=y
-CONFIG_NET_VENDOR_I825XX=y
-CONFIG_NET_VENDOR_INTEL=y
-CONFIG_NET_VENDOR_LITEX=y
-CONFIG_NET_VENDOR_MARVELL=y
-CONFIG_NET_VENDOR_MELLANOX=y
-CONFIG_NET_VENDOR_MICREL=y
-CONFIG_NET_VENDOR_MICROCHIP=y
-CONFIG_NET_VENDOR_MICROSEMI=y
-CONFIG_NET_VENDOR_MICROSOFT=y
-CONFIG_NET_VENDOR_MYRI=y
-CONFIG_NET_VENDOR_NATSEMI=y
-CONFIG_NET_VENDOR_NETERION=y
-CONFIG_NET_VENDOR_NETRONOME=y
-CONFIG_NET_VENDOR_NI=y
-CONFIG_NET_VENDOR_NVIDIA=y
-CONFIG_NET_VENDOR_OKI=y
-CONFIG_NET_VENDOR_PACKET_ENGINES=y
-CONFIG_NET_VENDOR_PENSANDO=y
-CONFIG_NET_VENDOR_QLOGIC=y
-CONFIG_NET_VENDOR_QUALCOMM=y
-CONFIG_NET_VENDOR_RDC=y
-CONFIG_NET_VENDOR_REALTEK=y
-CONFIG_NET_VENDOR_RENESAS=y
-CONFIG_NET_VENDOR_ROCKER=y
-CONFIG_NET_VENDOR_SAMSUNG=y
-CONFIG_NET_VENDOR_SEEQ=y
-CONFIG_NET_VENDOR_SILAN=y
-CONFIG_NET_VENDOR_SIS=y
-CONFIG_NET_VENDOR_SMSC=y
-CONFIG_NET_VENDOR_SOCIONEXT=y
-CONFIG_NET_VENDOR_SOLARFLARE=y
-CONFIG_NET_VENDOR_STMICRO=y
-CONFIG_NET_VENDOR_SUN=y
-CONFIG_NET_VENDOR_SYNOPSYS=y
-CONFIG_NET_VENDOR_TEHUTI=y
-CONFIG_NET_VENDOR_TI=y
-CONFIG_NET_VENDOR_VERTEXCOM=y
-CONFIG_NET_VENDOR_VIA=y
-CONFIG_NET_VENDOR_WANGXUN=y
-CONFIG_NET_VENDOR_WIZNET=y
-CONFIG_NET_VENDOR_XILINX=y
-CONFIG_NET_VRF=m
-CONFIG_NETWORK_FILESYSTEMS=y
-CONFIG_NETWORK_SECMARK=y
-CONFIG_NETXEN_NIC=m
-CONFIG_NET_XGRESS=y
-CONFIG_NET=y
-CONFIG_NEW_LEDS=y
-CONFIG_NF_CONNTRACK_BROADCAST=y
-CONFIG_NF_CONNTRACK_EVENTS=y
-CONFIG_NF_CONNTRACK_FTP=y
-CONFIG_NF_CONNTRACK_LABELS=y
-CONFIG_NF_CONNTRACK_MARK=y
-CONFIG_NF_CONNTRACK_NETBIOS_NS=y
-CONFIG_NF_CONNTRACK_OVS=y
-CONFIG_NF_CONNTRACK_PPTP=y
-CONFIG_NF_CONNTRACK_PROCFS=y
-CONFIG_NF_CONNTRACK_SANE=y
-CONFIG_NF_CONNTRACK_SECMARK=y
-CONFIG_NF_CONNTRACK_SIP=y
-CONFIG_NF_CONNTRACK_SNMP=y
-CONFIG_NF_CONNTRACK_TFTP=y
-CONFIG_NF_CONNTRACK_TIMEOUT=y
-CONFIG_NF_CONNTRACK_TIMESTAMP=y
-CONFIG_NF_CONNTRACK=y
-CONFIG_NF_CONNTRACK_ZONES=y
-CONFIG_NF_CT_NETLINK=y
-CONFIG_NF_CT_PROTO_GRE=y
-CONFIG_NF_CT_PROTO_SCTP=y
-CONFIG_NF_DEFRAG_IPV4=y
-CONFIG_NF_DEFRAG_IPV6=y
-CONFIG_NF_DUP_IPV4=y
-CONFIG_NF_DUP_IPV6=y
-CONFIG_NF_DUP_NETDEV=y
-CONFIG_NF_LOG_ARP=y
-CONFIG_NF_LOG_IPV4=y
-CONFIG_NF_LOG_IPV6=y
-CONFIG_NF_LOG_SYSLOG=y
-CONFIG_NF_NAT_FTP=y
-CONFIG_NF_NAT_MASQUERADE=y
-CONFIG_NF_NAT_OVS=y
-CONFIG_NF_NAT_PPTP=y
-CONFIG_NF_NAT_REDIRECT=y
-CONFIG_NF_NAT_SIP=y
-CONFIG_NF_NAT_SNMP_BASIC=y
-CONFIG_NF_NAT_TFTP=y
-CONFIG_NF_NAT=y
-CONFIG_NF_REJECT_IPV4=y
-CONFIG_NF_REJECT_IPV6=y
-CONFIG_NFS_ACL_SUPPORT=m
-CONFIG_NFS_COMMON=y
-CONFIG_NFS_DEBUG=y
-CONFIG_NFS_DISABLE_UDP_SUPPORT=y
-CONFIG_NFSD_LEGACY_CLIENT_TRACKING=y
-CONFIG_NFSD=m
-CONFIG_NFSD_V3_ACL=y
-CONFIG_NFSD_V4_SECURITY_LABEL=y
-CONFIG_NFSD_V4=y
-CONFIG_NFS_FSCACHE=y
-CONFIG_NFS_FS=m
-CONFIG_NFS_USE_KERNEL_DNS=y
-CONFIG_NFS_V2=m
-CONFIG_NFS_V3_ACL=y
-CONFIG_NFS_V3=m
-CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org"
-CONFIG_NFS_V4_1=y
-CONFIG_NFS_V4_2_READ_PLUS=y
-CONFIG_NFS_V4_2_SSC_HELPER=y
-CONFIG_NFS_V4_2=y
-CONFIG_NFS_V4=m
-CONFIG_NFS_V4_SECURITY_LABEL=y
-CONFIG_NF_TABLES_INET=y
-CONFIG_NF_TABLES_IPV4=y
-CONFIG_NF_TABLES_IPV6=y
-CONFIG_NF_TABLES_NETDEV=y
-CONFIG_NF_TABLES=y
-CONFIG_NFT_COMPAT=y
-CONFIG_NFT_CT=y
-CONFIG_NFT_DUP_NETDEV=y
-CONFIG_NFT_FIB_INET=y
-CONFIG_NFT_FIB_IPV4=y
-CONFIG_NFT_FIB_IPV6=y
-CONFIG_NFT_FIB=y
-CONFIG_NFT_FWD_NETDEV=y
-CONFIG_NFT_HASH=y
-CONFIG_NFT_LIMIT=y
-CONFIG_NFT_LOG=y
-CONFIG_NFT_MASQ=y
-CONFIG_NFT_NAT=y
-CONFIG_NFT_NUMGEN=y
-CONFIG_NF_TPROXY_IPV4=y
-CONFIG_NF_TPROXY_IPV6=y
-CONFIG_NFT_QUEUE=y
-CONFIG_NFT_QUOTA=y
-CONFIG_NFT_REDIR=y
-CONFIG_NFT_REJECT_INET=y
-CONFIG_NFT_REJECT_IPV4=y
-CONFIG_NFT_REJECT_IPV6=y
-CONFIG_NFT_REJECT=y
-CONFIG_NFT_TPROXY=y
-CONFIG_NITRO_ENCLAVES=y
-CONFIG_NLATTR=y
-CONFIG_NLS_ASCII=y
-CONFIG_NLS_CODEPAGE_437=y
-CONFIG_NLS_DEFAULT="utf8"
-CONFIG_NLS_ISO8859_1=y
-CONFIG_NLS_UCS2_UTILS=y
-CONFIG_NLS_UTF8=y
-CONFIG_NLS=y
-CONFIG_NODES_SHIFT=6
-CONFIG_NO_HZ_COMMON=y
-CONFIG_NO_HZ_IDLE=y
-CONFIG_NO_HZ=y
-CONFIG_NOP_TRACER=y
-CONFIG_NR_CPUS=512
-CONFIG_NR_CPUS_DEFAULT=64
-CONFIG_NR_CPUS_RANGE_BEGIN=2
-CONFIG_NR_CPUS_RANGE_END=512
-CONFIG_NUMA=y
-CONFIG_NVME_AUTH=y
-CONFIG_NVME_COMMON=y
-CONFIG_NVME_CORE=y
-CONFIG_NVME_FABRICS=y
-CONFIG_NVME_FC=y
-CONFIG_NVME_HWMON=y
-CONFIG_NVMEM_SYSFS=y
-CONFIG_NVME_MULTIPATH=y
-CONFIG_NVMEM=y
-CONFIG_NVME_RDMA=m
-CONFIG_NVME_TARGET_AUTH=y
-CONFIG_NVME_TARGET_FC=m
-CONFIG_NVME_TARGET_LOOP=m
-CONFIG_NVME_TARGET=m
-CONFIG_NVME_TARGET_PASSTHRU=y
-CONFIG_NVME_TARGET_RDMA=m
-CONFIG_NVME_TARGET_TCP=m
-CONFIG_NVME_TCP=y
-CONFIG_NVRAM=y
-CONFIG_OBJAGG=m
-CONFIG_OBJTOOL=y
-CONFIG_OID_REGISTRY=y
-CONFIG_OLD_SIGSUSPEND3=y
-CONFIG_OPENVSWITCH_GENEVE=y
-CONFIG_OPENVSWITCH_GRE=m
-CONFIG_OPENVSWITCH_VXLAN=y
-CONFIG_OPENVSWITCH=y
-CONFIG_OPTPROBES=y
-CONFIG_OSF_PARTITION=y
-CONFIG_OUTPUT_FORMAT="elf64-x86-64"
-CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
-CONFIG_OVERLAY_FS=y
-CONFIG_P2SB=y
-CONFIG_PACKET=y
-CONFIG_PAGE_COUNTER=y
-CONFIG_PAGE_POISONING=y
-CONFIG_PAGE_POOL=y
-CONFIG_PAGE_REPORTING=y
-CONFIG_PAGE_SIZE_LESS_THAN_256KB=y
-CONFIG_PAGE_SIZE_LESS_THAN_64KB=y
-CONFIG_PAGE_TABLE_ISOLATION=y
-CONFIG_PAHOLE_HAS_LANG_EXCLUDE=y
-CONFIG_PAHOLE_HAS_SPLIT_BTF=y
-CONFIG_PAHOLE_VERSION=126
-CONFIG_PANIC_ON_OOPS_VALUE=1
-CONFIG_PANIC_ON_OOPS=y
-CONFIG_PANIC_TIMEOUT=-1
-CONFIG_PANTHERLORD_FF=y
-CONFIG_PARAVIRT_CLOCK=y
-CONFIG_PARAVIRT_XXL=y
-CONFIG_PARAVIRT=y
-CONFIG_PARMAN=m
-CONFIG_PARTITION_ADVANCED=y
-CONFIG_PATA_AMD=m
-CONFIG_PATA_MARVELL=m
-CONFIG_PATA_OLDPIIX=m
-CONFIG_PATA_SCH=m
-CONFIG_PATA_TIMINGS=y
-CONFIG_PCC=y
-CONFIG_PCI_ATS=y
-CONFIG_PCI_DIRECT=y
-CONFIG_PCI_DOMAINS=y
-CONFIG_PCIEAER=y
-CONFIG_PCIEASPM_DEFAULT=y
-CONFIG_PCIEASPM=y
-CONFIG_PCIE_BUS_DEFAULT=y
-CONFIG_PCIE_PME=y
-CONFIG_PCIEPORTBUS=y
-CONFIG_PCI_HYPERV_INTERFACE=y
-CONFIG_PCI_HYPERV=y
-CONFIG_PCI_IOV=y
-CONFIG_PCI_LABEL=y
-CONFIG_PCI_LOCKLESS_CONFIG=y
-CONFIG_PCI_MMCONFIG=y
-CONFIG_PCI_MSI=y
-CONFIG_PCI_PASID=y
-CONFIG_PCI_PRI=y
-CONFIG_PCI_QUIRKS=y
-CONFIG_PCI_XEN=y
-CONFIG_PCI=y
-CONFIG_PCPU_DEV_REFCNT=y
-CONFIG_PCSPKR_PLATFORM=y
-CONFIG_PERF_EVENTS_AMD_UNCORE=y
-CONFIG_PERF_EVENTS_INTEL_CSTATE=y
-CONFIG_PERF_EVENTS_INTEL_RAPL=y
-CONFIG_PERF_EVENTS_INTEL_UNCORE=y
-CONFIG_PERF_EVENTS=y
-CONFIG_PER_VMA_LOCK=y
-CONFIG_PGTABLE_LEVELS=4
-CONFIG_PHONET=y
-CONFIG_PHYLIB=y
-CONFIG_PHYLINK=y
-CONFIG_PHYS_ADDR_T_64BIT=y
-CONFIG_PHYSICAL_ALIGN=0x200000
-CONFIG_PHYSICAL_START=0x1000000
-CONFIG_PID_NS=y
-CONFIG_PKCS7_MESSAGE_PARSER=y
-CONFIG_PLDMFW=y
-CONFIG_PM_CLK=y
-CONFIG_PM_DEBUG=y
-CONFIG_PM_SLEEP_DEBUG=y
-CONFIG_PM_SLEEP_SMP=y
-CONFIG_PM_SLEEP=y
-CONFIG_PM_TRACE_RTC=y
-CONFIG_PM_TRACE=y
-CONFIG_PM=y
-CONFIG_PNFS_BLOCK=y
-CONFIG_PNFS_FILE_LAYOUT=y
-CONFIG_PNFS_FLEXFILE_LAYOUT=y
-CONFIG_PNPACPI=y
-CONFIG_PNP_DEBUG_MESSAGES=y
-CONFIG_PNP=y
-CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y
-CONFIG_POSIX_MQUEUE_SYSCTL=y
-CONFIG_POSIX_MQUEUE=y
-CONFIG_POSIX_TIMERS=y
-CONFIG_POWER_SUPPLY_HWMON=y
-CONFIG_POWER_SUPPLY=y
-CONFIG_PPS=y
-CONFIG_PREEMPT_NONE_BUILD=y
-CONFIG_PREEMPT_NONE=y
-CONFIG_PREEMPT_NOTIFIERS=y
-CONFIG_PREFIX_SYMBOLS=y
-CONFIG_PREVENT_FIRMWARE_BUILD=y
-CONFIG_PRINTK_TIME=y
-CONFIG_PRINTK=y
-CONFIG_PROBE_EVENTS_BTF_ARGS=y
-CONFIG_PROBE_EVENTS=y
-CONFIG_PROC_CHILDREN=y
-CONFIG_PROC_EVENTS=y
-CONFIG_PROC_FS=y
-CONFIG_PROC_KCORE=y
-CONFIG_PROC_PAGE_MONITOR=y
-CONFIG_PROC_PID_ARCH_STATUS=y
-CONFIG_PROC_PID_CPUSET=y
-CONFIG_PROC_SYSCTL=y
-CONFIG_PROC_VMCORE=y
-CONFIG_PROFILING=y
-CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
-CONFIG_PSAMPLE=y
-CONFIG_PSI=y
-CONFIG_PTDUMP_CORE=y
-CONFIG_PTP_1588_CLOCK_KVM=y
-CONFIG_PTP_1588_CLOCK_OPTIONAL=y
-CONFIG_PTP_1588_CLOCK=y
-CONFIG_PWM_SYSFS=y
-CONFIG_PWM=y
-CONFIG_QEDE=m
-CONFIG_QED=m
-CONFIG_QED_SRIOV=y
-CONFIG_QFMT_V2=y
-CONFIG_QLCNIC_DCB=y
-CONFIG_QLCNIC_HWMON=y
-CONFIG_QLCNIC=m
-CONFIG_QLCNIC_SRIOV=y
-CONFIG_QUEUED_RWLOCKS=y
-CONFIG_QUEUED_SPINLOCKS=y
-CONFIG_QUOTACTL=y
-CONFIG_QUOTA_NETLINK_INTERFACE=y
-CONFIG_QUOTA_TREE=y
-CONFIG_QUOTA=y
-CONFIG_R8169=m
-CONFIG_RAID6_PQ_BENCHMARK=y
-CONFIG_RAID6_PQ=m
-CONFIG_RAID_ATTRS=y
-CONFIG_RANDOMIZE_BASE=y
-CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
-CONFIG_RANDOMIZE_KSTACK_OFFSET=y
-CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
-CONFIG_RANDOMIZE_MEMORY=y
-CONFIG_RANDSTRUCT_NONE=y
-CONFIG_RAS=y
-CONFIG_RATIONAL=y
-CONFIG_RCU_CPU_STALL_TIMEOUT=21
-CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0
-CONFIG_RCU_NEED_SEGCBLIST=y
-CONFIG_RCU_STALL_COMMON=y
-CONFIG_RDMA_RXE=m
-CONFIG_RDS=y
-CONFIG_RD_XZ=y
-CONFIG_RD_ZSTD=y
-CONFIG_REALTEK_PHY=y
-CONFIG_REGMAP_I2C=y
-CONFIG_REGMAP=y
-CONFIG_REGULATOR_FIXED_VOLTAGE=y
-CONFIG_REGULATOR_MP8859=y
-CONFIG_REGULATOR_PWM=y
-CONFIG_REGULATOR=y
-CONFIG_RELAY=y
-CONFIG_RELOCATABLE=y
-CONFIG_RESET_ATTACK_MITIGATION=y
-CONFIG_RETHOOK=y
-CONFIG_RETHUNK=y
-CONFIG_RETPOLINE=y
-CONFIG_RFS_ACCEL=y
-CONFIG_RING_BUFFER=y
-CONFIG_ROOT_NFS=y
-CONFIG_RPCSEC_GSS_KRB5=y
-CONFIG_RPMSG_NS=y
-CONFIG_RPMSG_VIRTIO=y
-CONFIG_RPMSG=y
-CONFIG_RPS=y
-CONFIG_RSEQ=y
-CONFIG_RTC_CLASS=y
-CONFIG_RTC_DRV_CMOS=y
-CONFIG_RTC_I2C_AND_SPI=y
-CONFIG_RTC_INTF_DEV=y
-CONFIG_RTC_INTF_PROC=y
-CONFIG_RTC_INTF_SYSFS=y
-CONFIG_RTC_LIB=y
-CONFIG_RTC_MC146818_LIB=y
-CONFIG_RTC_NVMEM=y
-CONFIG_RTC_SYSTOHC_DEVICE="rtc0"
-CONFIG_RTC_SYSTOHC=y
-CONFIG_RT_GROUP_SCHED=y
-CONFIG_RT_MUTEXES=y
-CONFIG_RUNTIME_TESTING_MENU=y
-CONFIG_RWSEM_SPIN_ON_OWNER=y
-CONFIG_SATA_AHCI=m
-CONFIG_SATA_HOST=y
-CONFIG_SATA_MOBILE_LPM_POLICY=0
-CONFIG_SATA_NV=m
-CONFIG_SATA_PMP=y
-CONFIG_SATA_SIS=y
-CONFIG_SATA_SVW=m
-CONFIG_SATA_ULI=m
-CONFIG_SATA_VIA=m
-CONFIG_SATA_VITESSE=m
-CONFIG_SBITMAP=y
-CONFIG_SCHED_CLUSTER=y
-CONFIG_SCHED_CORE=y
-CONFIG_SCHED_HRTICK=y
-CONFIG_SCHED_INFO=y
-CONFIG_SCHED_MC_PRIO=y
-CONFIG_SCHED_MC=y
-CONFIG_SCHED_MM_CID=y
-CONFIG_SCHED_OMIT_FRAME_POINTER=y
-CONFIG_SCHED_SMT=y
-CONFIG_SCHED_STACK_END_CHECK=y
-CONFIG_SCHEDSTATS=y
-CONFIG_SCSI_AACRAID=m
-CONFIG_SCSI_COMMON=y
-CONFIG_SCSI_CONSTANTS=y
-CONFIG_SCSI_DMA=y
-CONFIG_SCSI_ENCLOSURE=y
-CONFIG_SCSI_HPSA=m
-CONFIG_SCSI_ISCI=m
-CONFIG_SCSI_ISCSI_ATTRS=y
-CONFIG_SCSI_LOWLEVEL=y
-CONFIG_SCSI_MOD=y
-CONFIG_SCSI_MPT2SAS_MAX_SGE=128
-CONFIG_SCSI_MPT3SAS=m
-CONFIG_SCSI_MPT3SAS_MAX_SGE=128
-CONFIG_SCSI_PMCRAID=m
-CONFIG_SCSI_PROC_FS=y
-CONFIG_SCSI_SAS_ATA=y
-CONFIG_SCSI_SAS_ATTRS=y
-CONFIG_SCSI_SAS_HOST_SMP=y
-CONFIG_SCSI_SAS_LIBSAS=y
-CONFIG_SCSI_SMARTPQI=m
-CONFIG_SCSI_SPI_ATTRS=y
-CONFIG_SCSI_VIRTIO=y
-CONFIG_SCSI=y
-CONFIG_SCTP_COOKIE_HMAC_MD5=y
-CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
-CONFIG_SECCOMP_FILTER=y
-CONFIG_SECCOMP=y
-CONFIG_SECRETMEM=y
-CONFIG_SECTION_MISMATCH_WARN_ONLY=y
-CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y
-CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
-CONFIG_SECURITY_APPARMOR_HASH=y
-CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
-CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_SECURITY_DMESG_RESTRICT=y
-CONFIG_SECURITYFS=y
-CONFIG_SECURITY_LANDLOCK=y
-CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_SECURITY_LOCKDOWN_LSM=y
-CONFIG_SECURITY_NETWORK_XFRM=y
-CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_PATH=y
-CONFIG_SECURITY=y
-CONFIG_SECURITY_YAMA=y
-CONFIG_SENSORS_ACPI_POWER=y
-CONFIG_SENSORS_CORETEMP=y
-CONFIG_SENSORS_DRIVETEMP=y
-CONFIG_SENSORS_FAM15H_POWER=m
-CONFIG_SENSORS_I5500=m
-CONFIG_SENSORS_I5K_AMB=m
-CONFIG_SENSORS_K10TEMP=m
-CONFIG_SENSORS_K8TEMP=m
-CONFIG_SENSORS_NCT6683=y
-CONFIG_SERIAL_8250_CONSOLE=y
-CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y
-CONFIG_SERIAL_8250_DETECT_IRQ=y
-CONFIG_SERIAL_8250_DMA=y
-CONFIG_SERIAL_8250_DWLIB=y
-CONFIG_SERIAL_8250_EXAR=y
-CONFIG_SERIAL_8250_EXTENDED=y
-CONFIG_SERIAL_8250_LPSS=y
-CONFIG_SERIAL_8250_MANY_PORTS=y
-CONFIG_SERIAL_8250_MID=y
-CONFIG_SERIAL_8250_NR_UARTS=32
-CONFIG_SERIAL_8250_PCILIB=y
-CONFIG_SERIAL_8250_PCI=y
-CONFIG_SERIAL_8250_PERICOM=y
-CONFIG_SERIAL_8250_PNP=y
-CONFIG_SERIAL_8250_RSA=y
-CONFIG_SERIAL_8250_RUNTIME_UARTS=4
-CONFIG_SERIAL_8250_SHARE_IRQ=y
-CONFIG_SERIAL_8250=y
-CONFIG_SERIAL_CORE_CONSOLE=y
-CONFIG_SERIAL_CORE=y
-CONFIG_SERIAL_EARLYCON=y
-CONFIG_SERIAL_NONSTANDARD=y
-CONFIG_SERIO_I8042=y
-CONFIG_SERIO_LIBPS2=y
-CONFIG_SERIO_PCIPS2=m
-CONFIG_SERIO_SERPORT=y
-CONFIG_SERIO=y
-CONFIG_SFC=m
-CONFIG_SFC_MCDI_LOGGING=y
-CONFIG_SFC_MCDI_MON=y
-CONFIG_SFC_SIENA=m
-CONFIG_SFC_SIENA_MCDI_LOGGING=y
-CONFIG_SFC_SIENA_MCDI_MON=y
-CONFIG_SFC_SIENA_SRIOV=y
-CONFIG_SFC_SRIOV=y
-CONFIG_SGETMASK_SYSCALL=y
-CONFIG_SGI_PARTITION=y
-CONFIG_SGL_ALLOC=y
-CONFIG_SG_POOL=y
-CONFIG_SHMEM=y
-CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
-CONFIG_SIGNALFD=y
-CONFIG_SIGNATURE=y
-CONFIG_SIGNED_PE_FILE_VERIFICATION=y
-CONFIG_SKB_EXTENSIONS=y
-CONFIG_SKY2=m
-CONFIG_SLAB_FREELIST_HARDENED=y
-CONFIG_SLAB_FREELIST_RANDOM=y
-CONFIG_SLAB_MERGE_DEFAULT=y
-CONFIG_SLS=y
-CONFIG_SLUB_CPU_PARTIAL=y
-CONFIG_SLUB_DEBUG=y
-CONFIG_SLUB=y
-CONFIG_SMBFS=y
-CONFIG_SMP=y
-CONFIG_SMSC_PHY=m
-CONFIG_SOCK_CGROUP_DATA=y
-CONFIG_SOCK_RX_QUEUE_MAPPING=y
-CONFIG_SOFTIRQ_ON_OWN_STACK=y
-CONFIG_SOLARIS_X86_PARTITION=y
-CONFIG_SP5100_TCO=m
-CONFIG_SPARSE_IRQ=y
-CONFIG_SPARSEMEM_EXTREME=y
-CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
-CONFIG_SPARSEMEM_VMEMMAP=y
-CONFIG_SPARSEMEM=y
-CONFIG_SPLIT_PTLOCK_CPUS=4
-CONFIG_SQUASHFS_COMPILE_DECOMP_SINGLE=y
-CONFIG_SQUASHFS_DECOMP_SINGLE=y
-CONFIG_SQUASHFS_FILE_DIRECT=y
-CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
-CONFIG_SQUASHFS_XATTR=y
-CONFIG_SQUASHFS_XZ=y
-CONFIG_SQUASHFS=y
-CONFIG_SQUASHFS_ZSTD=y
-CONFIG_SSB_POSSIBLE=y
-CONFIG_STACKDEPOT=y
-CONFIG_STACKLEAK_TRACK_MIN_SIZE=100
-CONFIG_STACKPROTECTOR_STRONG=y
-CONFIG_STACKPROTECTOR=y
-CONFIG_STACKTRACE_SUPPORT=y
-CONFIG_STACKTRACE=y
-CONFIG_STANDALONE=y
-CONFIG_STP=y
-CONFIG_STREAM_PARSER=y
-CONFIG_STRICT_KERNEL_RWX=y
-CONFIG_STRICT_MODULE_RWX=y
-CONFIG_SUN_PARTITION=y
-CONFIG_SUNRPC_BACKCHANNEL=y
-CONFIG_SUNRPC_GSS=y
-CONFIG_SUNRPC_XPRT_RDMA=y
-CONFIG_SUNRPC=y
-CONFIG_SURFACE_PLATFORMS=y
-CONFIG_SUSPEND_FREEZER=y
-CONFIG_SUSPEND=y
-CONFIG_SWAP=y
-CONFIG_SWIOTLB_XEN=y
-CONFIG_SWIOTLB=y
-CONFIG_SWPHY=y
-CONFIG_SYMBOLIC_ERRNAME=y
-CONFIG_SYNC_FILE=y
-CONFIG_SYN_COOKIES=y
-CONFIG_SYSCTL_EXCEPTION_TRACE=y
-CONFIG_SYSCTL=y
-CONFIG_SYSFB=y
-CONFIG_SYSFS_SYSCALL=y
-CONFIG_SYSFS=y
-CONFIG_SYS_HYPERVISOR=y
-CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
-CONFIG_SYSTEM_BLACKLIST_KEYRING=y
-CONFIG_SYSTEM_DATA_VERIFICATION=y
-CONFIG_SYSTEM_TRUSTED_KEYRING=y
-CONFIG_SYSTEM_TRUSTED_KEYS=""
-CONFIG_SYSVIPC_COMPAT=y
-CONFIG_SYSVIPC_SYSCTL=y
-CONFIG_SYSVIPC=y
-CONFIG_TAP=y
-CONFIG_TASK_DELAY_ACCT=y
-CONFIG_TASK_IO_ACCOUNTING=y
-CONFIG_TASKS_RCU_GENERIC=y
-CONFIG_TASKS_RUDE_RCU=y
-CONFIG_TASKSTATS=y
-CONFIG_TASKS_TRACE_RCU=y
-CONFIG_TASK_XACCT=y
-CONFIG_TCG_CRB=y
-CONFIG_TCG_TIS_CORE=y
-CONFIG_TCG_TIS=y
-CONFIG_TCG_TPM=y
-CONFIG_TCP_CONG_ADVANCED=y
-CONFIG_TCP_CONG_BBR=y
-CONFIG_TCP_CONG_CUBIC=y
-CONFIG_TCP_MD5SIG=y
-CONFIG_TEXTSEARCH_BM=y
-CONFIG_TEXTSEARCH_FSM=y
-CONFIG_TEXTSEARCH_KMP=y
-CONFIG_TEXTSEARCH=y
-CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
-CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
-CONFIG_THERMAL_GOV_STEP_WISE=y
-CONFIG_THERMAL_GOV_USER_SPACE=y
-CONFIG_THERMAL_HWMON=y
-CONFIG_THERMAL_WRITABLE_TRIPS=y
-CONFIG_THERMAL=y
-CONFIG_THREAD_INFO_IN_TASK=y
-CONFIG_TICK_CPU_ACCOUNTING=y
-CONFIG_TICK_ONESHOT=y
-CONFIG_TIGON3_HWMON=y
-CONFIG_TIGON3=m
-CONFIG_TIME_NS=y
-CONFIG_TIMERFD=y
-CONFIG_TLS=m
-CONFIG_TMPFS_POSIX_ACL=y
-CONFIG_TMPFS_XATTR=y
-CONFIG_TMPFS=y
-CONFIG_TOOLS_SUPPORT_RELR=y
-CONFIG_TRACE_CLOCK=y
-CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y
-CONFIG_TRACE_IRQFLAGS_SUPPORT=y
-CONFIG_TRACEPOINTS=y
-CONFIG_TRACING_SUPPORT=y
-CONFIG_TRACING=y
-CONFIG_TREE_RCU=y
-CONFIG_TREE_SRCU=y
-CONFIG_TTY=y
-CONFIG_TTY_PRINTK_LEVEL=6
-CONFIG_TTY_PRINTK=m
-CONFIG_TUN=y
-CONFIG_UBSAN_BOOL=y
-CONFIG_UBSAN_BOUNDS_STRICT=y
-CONFIG_UBSAN_BOUNDS=y
-CONFIG_UBSAN_ENUM=y
-CONFIG_UBSAN_SANITIZE_ALL=y
-CONFIG_UBSAN_SHIFT=y
-CONFIG_UBSAN=y
-CONFIG_UCS2_STRING=y
-CONFIG_UDF_FS=y
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-CONFIG_UEVENT_HELPER=y
-CONFIG_UID16=y
-CONFIG_UNIX98_PTYS=y
-CONFIG_UNIX_SCM=y
-CONFIG_UNIXWARE_DISKLABEL=y
-CONFIG_UNIX=y
-CONFIG_UNWINDER_ORC=y
-CONFIG_UPROBE_EVENTS=y
-CONFIG_UPROBES=y
-CONFIG_USB4=m
-CONFIG_USB4_NET=m
-CONFIG_USB_ACM=y
-CONFIG_USB_ALI_M5632=y
-CONFIG_USB_AN2720=y
-CONFIG_USB_ARCH_HAS_HCD=y
-CONFIG_USB_ARMLINUX=y
-CONFIG_USB_AUTOSUSPEND_DELAY=2
-CONFIG_USB_BELKIN=y
-CONFIG_USB_CDC_PHONET=m
-CONFIG_USB_COMMON=y
-CONFIG_USB_DEFAULT_PERSIST=y
-CONFIG_USB_EHCI_HCD=y
-CONFIG_USB_EHCI_PCI=y
-CONFIG_USB_EHCI_TT_NEWSCHED=y
-CONFIG_USB_HID=y
-CONFIG_USB_KC2190=y
-CONFIG_USB_NET_AQC111=m
-CONFIG_USB_NET_AX88179_178A=m
-CONFIG_USB_NET_AX8817X=m
-CONFIG_USB_NET_CDC_EEM=m
-CONFIG_USB_NET_CDCETHER=m
-CONFIG_USB_NET_CDC_MBIM=m
-CONFIG_USB_NET_CDC_NCM=m
-CONFIG_USB_NET_CDC_SUBSET_ENABLE=m
-CONFIG_USB_NET_CDC_SUBSET=m
-CONFIG_USB_NET_CX82310_ETH=m
-CONFIG_USB_NET_DM9601=m
-CONFIG_USB_NET_DRIVERS=y
-CONFIG_USB_NET_GL620A=m
-CONFIG_USB_NET_HUAWEI_CDC_NCM=m
-CONFIG_USB_NET_INT51X1=m
-CONFIG_USB_NET_KALMIA=m
-CONFIG_USB_NET_MCS7830=m
-CONFIG_USB_NET_NET1080=m
-CONFIG_USB_NET_PLUSB=m
-CONFIG_USB_NET_QMI_WWAN=m
-CONFIG_USB_NET_RNDIS_HOST=m
-CONFIG_USB_NET_SMSC75XX=m
-CONFIG_USB_NET_SMSC95XX=m
-CONFIG_USB_NET_SR9700=m
-CONFIG_USB_NET_SR9800=m
-CONFIG_USB_NET_ZAURUS=m
-CONFIG_USB_OHCI_HCD=m
-CONFIG_USB_OHCI_HCD_PCI=m
-CONFIG_USB_OHCI_HCD_PLATFORM=m
-CONFIG_USB_OHCI_LITTLE_ENDIAN=y
-CONFIG_USB_PCI=y
-CONFIG_USB_RTL8152=m
-CONFIG_USB_RTL8153_ECM=m
-CONFIG_USB_SERIAL_CH341=m
-CONFIG_USB_SERIAL_CONSOLE=y
-CONFIG_USB_SERIAL_CP210X=m
-CONFIG_USB_SERIAL_FTDI_SIO=m
-CONFIG_USB_SERIAL_GENERIC=y
-CONFIG_USB_SERIAL_OPTION=m
-CONFIG_USB_SERIAL_PL2303=m
-CONFIG_USB_SERIAL_WWAN=m
-CONFIG_USB_SERIAL=y
-CONFIG_USB_SIERRA_NET=m
-CONFIG_USB_STORAGE=y
-CONFIG_USB_SUPPORT=y
-CONFIG_USB_UAS=y
-CONFIG_USB_UHCI_HCD=m
-CONFIG_USB_USBNET=m
-CONFIG_USB_VL600=m
-CONFIG_USB_WDM=m
-CONFIG_USB_XHCI_HCD=y
-CONFIG_USB_XHCI_PCI=y
-CONFIG_USB_XHCI_PLATFORM=y
-CONFIG_USB=y
-CONFIG_USELIB=y
-CONFIG_USE_PERCPU_NUMA_NODE_ID=y
-CONFIG_USER_NS=y
-CONFIG_USER_RETURN_NOTIFIER=y
-CONFIG_USER_STACKTRACE_SUPPORT=y
-CONFIG_UTS_NS=y
-CONFIG_UVC_COMMON=m
-CONFIG_VETH=y
-CONFIG_VFAT_FS=y
-CONFIG_VFIO_CONTAINER=y
-CONFIG_VFIO_GROUP=y
-CONFIG_VFIO_IOMMU_TYPE1=m
-CONFIG_VFIO=m
-CONFIG_VFIO_MDEV=m
-CONFIG_VFIO_PCI_CORE=m
-CONFIG_VFIO_PCI_IGD=y
-CONFIG_VFIO_PCI_INTX=y
-CONFIG_VFIO_PCI=m
-CONFIG_VFIO_PCI_MMAP=y
-CONFIG_VFIO_PCI_VGA=y
-CONFIG_VFIO_VIRQFD=y
-CONFIG_VGA_ARB_MAX_GPUS=16
-CONFIG_VGA_ARB=y
-CONFIG_VGA_CONSOLE=y
-CONFIG_VGASTATE=y
-CONFIG_VHOST_IOTLB=y
-CONFIG_VHOST_MENU=y
-CONFIG_VHOST_NET=y
-CONFIG_VHOST_TASK=y
-CONFIG_VHOST_VSOCK=y
-CONFIG_VHOST=y
-CONFIG_VIRT_DRIVERS=y
-CONFIG_VIRTIO_ANCHOR=y
-CONFIG_VIRTIO_BALLOON=m
-CONFIG_VIRTIO_BLK=y
-CONFIG_VIRTIO_CONSOLE=y
-CONFIG_VIRTIO_DMA_SHARED_BUFFER=y
-CONFIG_VIRTIO_FS=y
-CONFIG_VIRTIO_INPUT=m
-CONFIG_VIRTIO_MENU=y
-CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y
-CONFIG_VIRTIO_MMIO=m
-CONFIG_VIRTIO_NET=y
-CONFIG_VIRTIO_PCI_LEGACY=y
-CONFIG_VIRTIO_PCI_LIB_LEGACY=m
-CONFIG_VIRTIO_PCI_LIB=m
-CONFIG_VIRTIO_PCI=m
-CONFIG_VIRTIO_VSOCKETS_COMMON=y
-CONFIG_VIRTIO_VSOCKETS=y
-CONFIG_VIRTIO=y
-CONFIG_VIRTUALIZATION=y
-CONFIG_VLAN_8021Q=y
-CONFIG_VMAP_PFN=y
-CONFIG_VMAP_STACK=y
-CONFIG_VMD=y
-CONFIG_VM_EVENT_COUNTERS=y
-CONFIG_VMGENID=y
-CONFIG_VSOCKETS_DIAG=y
-CONFIG_VSOCKETS_LOOPBACK=y
-CONFIG_VSOCKETS=y
-CONFIG_VT_CONSOLE_SLEEP=y
-CONFIG_VT_CONSOLE=y
-CONFIG_VT_HW_CONSOLE_BINDING=y
-CONFIG_VT=y
-CONFIG_VXLAN=y
-CONFIG_WATCHDOG_CORE=m
-CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y
-CONFIG_WATCHDOG_OPEN_TIMEOUT=0
-CONFIG_WATCHDOG_SYSFS=y
-CONFIG_WATCHDOG=y
-CONFIG_WDAT_WDT=m
-CONFIG_WIREGUARD=y
-CONFIG_WIRELESS=y
-CONFIG_WMI_BMOF=y
-CONFIG_X509_CERTIFICATE_PARSER=y
-CONFIG_X86_64_ACPI_NUMA=y
-CONFIG_X86_64_SMP=y
-CONFIG_X86_64=y
-CONFIG_X86_ACPI_CPUFREQ_CPB=y
-CONFIG_X86_ACPI_CPUFREQ=y
-CONFIG_X86_AMD_PSTATE_DEFAULT_MODE=3
-CONFIG_X86_AMD_PSTATE=y
-CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
-CONFIG_X86_CET=y
-CONFIG_X86_CHECK_BIOS_CORRUPTION=y
-CONFIG_X86_CMOV=y
-CONFIG_X86_CMPXCHG64=y
-CONFIG_X86_CPUID=y
-CONFIG_X86_DEBUGCTLMSR=y
-CONFIG_X86_DEBUG_FPU=y
-CONFIG_X86_DIRECT_GBPAGES=y
-CONFIG_X86_EXTENDED_PLATFORM=y
-CONFIG_X86_HV_CALLBACK_VECTOR=y
-CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
-CONFIG_X86_INTEL_PSTATE=y
-CONFIG_X86_INTEL_TSX_MODE_OFF=y
-CONFIG_X86_INTERNODE_CACHE_SHIFT=6
-CONFIG_X86_IO_APIC=y
-CONFIG_X86_IOPL_IOPERM=y
-CONFIG_X86_KERNEL_IBT=y
-CONFIG_X86_L1_CACHE_SHIFT=6
-CONFIG_X86_LOCAL_APIC=y
-CONFIG_X86_MCE_AMD=y
-CONFIG_X86_MCE_INTEL=y
-CONFIG_X86_MCE_THRESHOLD=y
-CONFIG_X86_MCE=y
-CONFIG_X86_MEM_ENCRYPT=y
-CONFIG_X86_MINIMUM_CPU_FAMILY=64
-CONFIG_X86_MPPARSE=y
-CONFIG_X86_NEED_RELOCS=y
-CONFIG_X86_PAT=y
-CONFIG_X86_PCC_CPUFREQ=m
-CONFIG_X86_PKG_TEMP_THERMAL=y
-CONFIG_X86_PLATFORM_DEVICES=y
-CONFIG_X86_PM_TIMER=y
-CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
-CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
-CONFIG_X86_THERMAL_VECTOR=y
-CONFIG_X86_TSC=y
-CONFIG_X86_UMIP=y
-CONFIG_X86_VERBOSE_BOOTUP=y
-CONFIG_X86_VMX_FEATURE_NAMES=y
-CONFIG_X86_VSYSCALL_EMULATION=y
-CONFIG_X86_X2APIC=y
-CONFIG_X86=y
-CONFIG_XDP_SOCKETS=y
-CONFIG_XFRM_AH=y
-CONFIG_XFRM_ALGO=y
-CONFIG_XFRM_ESP=y
-CONFIG_XFRM_IPCOMP=y
-CONFIG_XFRM_OFFLOAD=y
-CONFIG_XFRM_USER=y
-CONFIG_XFRM=y
-CONFIG_XFS_DRAIN_INTENTS=y
-CONFIG_XFS_FS=m
-CONFIG_XFS_LIVE_HOOKS=y
-CONFIG_XFS_MEMORY_BUFS=y
-CONFIG_XFS_ONLINE_SCRUB_STATS=y
-CONFIG_XFS_ONLINE_SCRUB=y
-CONFIG_XFS_POSIX_ACL=y
-CONFIG_XFS_QUOTA=y
-CONFIG_XFS_RT=y
-CONFIG_XFS_SUPPORT_ASCII_CI=y
-CONFIG_XFS_SUPPORT_V4=y
-CONFIG_XOR_BLOCKS=m
-CONFIG_XPS=y
-CONFIG_XXHASH=y
-CONFIG_XZ_DEC_ARMTHUMB=y
-CONFIG_XZ_DEC_ARM=y
-CONFIG_XZ_DEC_BCJ=y
-CONFIG_XZ_DEC_IA64=y
-CONFIG_XZ_DEC_POWERPC=y
-CONFIG_XZ_DEC_X86=y
-CONFIG_XZ_DEC=y
-CONFIG_ZISOFS=y
-CONFIG_ZLIB_DEFLATE=y
-CONFIG_ZLIB_INFLATE=y
-CONFIG_ZONE_DEVICE=y
-CONFIG_ZONE_DMA32=y
-CONFIG_ZONE_DMA=y
-CONFIG_ZONEFS_FS=m
-CONFIG_ZRAM_DEF_COMP="zstd"
-CONFIG_ZRAM_DEF_COMP_ZSTD=y
-CONFIG_ZRAM=m
-CONFIG_ZRAM_MULTI_COMP=y
-CONFIG_ZRAM_WRITEBACK=y
-CONFIG_ZSTD_COMMON=y
-CONFIG_ZSTD_COMPRESS=y
-CONFIG_ZSTD_DECOMPRESS=y
diff --git a/modules/minimize.nix b/modules/minimize.nix
deleted file mode 100644
index e679396..0000000
--- a/modules/minimize.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ modulesPath, ... }:
-{
- imports = [
- "${modulesPath}/profiles/minimal.nix"
- ];
-
- nix.enable = false;
- system.disableInstallerTools = true;
- system.etc.overlay.enable = true;
- systemd.sysusers.enable = true;
-
- programs.less.lessopen = null;
- programs.command-not-found.enable = false;
-
- environment.defaultPackages = [ ];
-
- security.sudo.enable = false;
-}
diff --git a/modules/network.nix b/modules/network.nix
deleted file mode 100644
index 2c91f1a..0000000
--- a/modules/network.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, ... }:
-{
- networking = {
- useNetworkd = true;
- hostName = "";
-
- # Easy debugging.
- firewall.enable = false;
- };
-
- services.resolved = {
- fallbackDns = [ ]; # Disable fallback DNS. DNS will fail if resolvers are unconfigured
- };
-
- # Faster boot.
- systemd.network.wait-online.enable = false;
-}
diff --git a/modules/partitions.nix b/modules/partitions.nix
deleted file mode 100644
index b53513e..0000000
--- a/modules/partitions.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{
- config,
- pkgs,
- lib,
- modulesPath,
- ...
-}:
-{
-
- imports = [
- "${modulesPath}/image/repart.nix"
- ];
-
- image.repart =
- let
- efiArch = pkgs.stdenv.hostPlatform.efiArch;
- in
- {
- name = config.boot.uki.name;
- split = true;
-
- mkfsOptions = {
- erofs = [
- # "-zzstd,6" # Zstd compression
- # "-zlz4hc,12"
- "-T0" # Fixed timestamp for all files
- "-C262144" # 256 KiB cluster size
- # "-C65536" # 64 KiB cluster size
- # "-C1048576" # 1 MiB cluster size
- "-Efragments,dedupe,ztailpacking" # Extra features
- ];
- };
-
- partitions = {
- "esp" = {
- contents = {
- "/EFI/BOOT/BOOT${lib.toUpper efiArch}.EFI".source = "${pkgs.systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
- "/EFI/Linux/${config.system.boot.loader.ukiFile}".source = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
-
- # systemd-boot configuration
- "/loader/loader.conf".source = (
- pkgs.writeText "$out" ''
- timeout 0
- ''
- # FIXME: should not be 0 in prod
- );
- };
- repartConfig = {
- Type = "esp";
- UUID = "c12a7328-f81f-11d2-ba4b-00a0c93ec93b"; # Well known
- Format = "vfat";
- SizeMinBytes = "256M";
- SplitName = "-";
- };
- };
- "store" = {
- storePaths = [ config.system.build.toplevel ];
- stripNixStorePrefix = true;
- repartConfig = {
- Type = "linux-generic";
- Label = "${config.boot.uki.name}_${config.system.image.version}";
- Format = "erofs";
- Minimize = "best";
- ReadOnly = "yes";
- SizeMinBytes = "1G";
- SizeMaxBytes = "1G";
- SplitName = "store";
- };
- };
-
- # Placeholder for the second installed Nix store.
- "store-empty" = {
- repartConfig = {
- Type = "linux-generic";
- Label = "_empty";
- Minimize = "off";
- SizeMinBytes = "1G";
- SizeMaxBytes = "1G";
- SplitName = "-";
- };
- };
-
- # Persistent storage
- "var" = {
- repartConfig = {
- Type = "var";
- UUID = "4d21b016-b534-45c2-a9fb-5c16e091fd2d"; # Well known
- Format = "xfs";
- Label = "nixos-persistent";
- Minimize = "off";
-
- # Has to be large enough to hold update files.
- SizeMinBytes = "2G";
- SizeMaxBytes = "2G";
- SplitName = "-";
-
- # Wiping this gives us a clean state.
- FactoryReset = "yes";
- };
- };
- };
- };
-}
diff --git a/modules/patagia-agent.nix b/modules/patagia-agent.nix
deleted file mode 100644
index 17d7a62..0000000
--- a/modules/patagia-agent.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- pkgs,
- utils,
- ...
-}:
-
-{
-
- environment.etc."sysupdate.patagia-agent.d".source =
- let
- format = pkgs.formats.ini { listToValue = toString; };
- in
- utils.systemdUtils.lib.definitions "sysupdate.patagia-agent.d" format {
- "10-image.conf" = {
- Source = {
- MatchPattern = "patagia-agent_@v.raw";
- Path = "https://images.dl.patagia.dev/patagia-agent/";
- Type = "url-file";
- };
-
- Target = {
- InstancesMax = 2;
- Path = "/var/lib/extensions";
- CurrentSymlink = "/etc/systemd/extensions/patagia-agent.raw";
- Type = "regular-file";
- MatchPattern = "patagia-agent_@v.raw";
- };
-
- Transfer = {
- Verify = "no"; # FIXME: verify
- };
- };
- };
-}
diff --git a/modules/profiles/base.nix b/modules/profiles/base.nix
new file mode 100644
index 0000000..5cb46f5
--- /dev/null
+++ b/modules/profiles/base.nix
@@ -0,0 +1,86 @@
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
+{
+ imports = [
+ (modulesPath + "/profiles/image-based-appliance.nix")
+ (modulesPath + "/profiles/perlless.nix")
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ # system.forbiddenDependenciesRegexes = lib.mkForce [ ];
+
+ nixpkgs.flake.setNixPath = false;
+ nixpkgs.flake.setFlakeRegistry = false;
+
+ networking.hostName = "patos";
+
+ boot.kernelModules = [
+ "zram"
+ "usb_storage"
+ "uas"
+ "sd_mod"
+ "r8169"
+ "ehci-hcd"
+ "ehci-pci"
+ "xhci-hcd"
+ "xhci-pci"
+ "xhci-pci-renesas"
+ "nvme"
+ "virtio_net"
+ ];
+
+ system.etc.overlay.mutable = lib.mkDefault false;
+ users.mutableUsers = lib.mkDefault false;
+
+
+ systemd.watchdog = lib.mkDefault {
+ runtimeTime = "10s";
+ rebootTime = "30s";
+ };
+
+ zramSwap.enable = true;
+
+ services.openssh.settings.PasswordAuthentication = lib.mkDefault false;
+
+ users.allowNoPasswordLogin = true;
+ security.sudo.enable = lib.mkDefault false;
+
+ security.polkit = {
+ enable = true;
+ extraConfig =''
+ polkit.addRule(function(action, subject) {
+ if (subject.isInGroup("wheel")) {
+ return polkit.Result.YES;
+ }
+ });
+ '';
+ };
+
+ i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+
+ systemd.enableEmergencyMode = false;
+ console.enable = false;
+ systemd.services."getty@tty1".enable = lib.mkDefault false;
+ systemd.services."autovt@".enable = lib.mkDefault false;
+
+ boot.tmp.useTmpfs = true;
+ boot.consoleLogLevel = lib.mkDefault 1;
+ boot.kernelParams = [
+ "panic=1"
+ "boot.panic_on_fail"
+ "nomodeset"
+ ];
+
+ # This is vi country
+ programs.nano.enable = false;
+ programs.vim.enable = true;
+ programs.vim.defaultEditor = lib.mkDefault true;
+
+ # Logging
+ services.journald.storage = "volatile";
+}
diff --git a/modules/profiles/network.nix b/modules/profiles/network.nix
new file mode 100644
index 0000000..d090994
--- /dev/null
+++ b/modules/profiles/network.nix
@@ -0,0 +1,56 @@
+{ lib, ... }:
+{
+ # Use TCP BBR
+ boot.kernel.sysctl = {
+ "net.core.default_qdisc" = "fq";
+ "net.ipv4.tcp_congestion_control" = "bbr";
+ };
+
+ services.resolved.extraConfig = ''
+ DNSStubListener=no
+ '';
+
+ networking.firewall.enable = false;
+
+ networking.nftables.enable = lib.mkDefault true;
+
+ networking.useNetworkd = true;
+ systemd.network.wait-online.enable = true;
+
+ # Explicitly load networking modules
+ boot.kernelModules = [
+ "ip_tables"
+ "x_tables"
+ "nf_tables"
+ "nft_ct"
+ "nft_log"
+ "nf_log_syslog"
+ "nft_fib"
+ "nft_fib_inet"
+ "nft_compat"
+ "nft_nat"
+ "nft_chain_nat"
+ "nft_masq"
+ "nfnetlink"
+ "xt_conntrack"
+ "nf_conntrack"
+ "nf_log_syslog"
+ "nf_nat"
+ "af_packet"
+ "bridge"
+ "veth"
+ "tcp_bbr"
+ "sch_fq_codel"
+ "ipt_rpfilter"
+ "ip6t_rpfilter"
+ "sch_fq"
+ "tun"
+ "tap"
+ "xt_MASQUERADE"
+ "xt_mark"
+ "xt_comment"
+ "xt_multiport"
+ "xt_addrtype"
+ ];
+
+}
diff --git a/modules/profiles/server.nix b/modules/profiles/server.nix
new file mode 100644
index 0000000..7a828f3
--- /dev/null
+++ b/modules/profiles/server.nix
@@ -0,0 +1,43 @@
+{
+ modulesPath,
+ ...
+}:
+{
+
+ imports = [
+ (modulesPath + "/profiles/minimal.nix")
+ ./network.nix
+ ];
+
+ boot.kernel.sysctl = {
+ "net.ipv4.ip_unprivileged_port_start" = 0;
+ };
+
+ users.users."admin" = {
+ isNormalUser = true;
+ linger = true;
+ extraGroups = [ "wheel" ];
+ };
+
+ environment.etc = {
+ subuid = {
+ text = "admin:100000:65536";
+ mode = "0644";
+ };
+
+ subgid = {
+ text = "admin:100000:65536";
+ mode = "0644";
+ };
+ };
+
+ services.openssh.enable = true;
+ system.image.sshKeys.enable = true;
+ system.image.sshKeys.keys = [
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln1"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln2"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDx+7ZEJi7lUCAtoHRRIduJzH3hrpx4YS1f0ZxrJ+uW dln3"
+ ];
+
+ virtualisation.podman.enable = true;
+}
diff --git a/modules/sysext.nix b/modules/sysext.nix
deleted file mode 100644
index ce0e181..0000000
--- a/modules/sysext.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
-{
- system.activationScripts.sysext = ''
- mkdir -p /var/lib/confexts
- mkdir -p /var/lib/extensions
- mkdir -p /etc/systemd/extensions
- '';
-
- systemd.additionalUpstreamSystemUnits = [
- "systemd-confext.service"
- "systemd-sysext.service"
- ];
-
- systemd.services."systemd-confext" = {
- enable = true;
- wantedBy = [ "multi-user.target" ];
- };
-
- systemd.services."systemd-sysext.service" = {
- enable = true;
- wantedBy = [ "multi-user.target" ];
- };
-}
diff --git a/modules/system_overrides.nix b/modules/system_overrides.nix
deleted file mode 100644
index 1627d28..0000000
--- a/modules/system_overrides.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ lib, options, ... }: {
- # This fields is immutable by default, but can be overridden.
- options.system.nixos.codeName = lib.mkOption { readOnly = false; };
- options.system.nixos.release = lib.mkOption { readOnly = false; };
-}
diff --git a/modules/sysupdate.nix b/modules/sysupdate.nix
deleted file mode 100644
index 8d05b14..0000000
--- a/modules/sysupdate.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-{ config, pkgs, ... }:
-let
- gpgPubKeyStaging = ''
- -----BEGIN PGP PUBLIC KEY BLOCK-----
-
- mDMEZvb3mhYJKwYBBAHaRw8BAQdAvyH7AMLukMEF/1as7auAh757//LlO/kBG8pm
- zhOlTj20LFBhdGFnaWEgU3RhZ2luZyA8bm9yZXBseStzdGFnaW5nQHBhdGFnaWEu
- aW8+iJQEExYKADwWIQTjWE8tGxWc+3+vxyy1R4V5MjgMzAUCZvb3mgIbAwUJBaOa
- gAQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQtUeFeTI4DMwDWAEAlMAhSZh086Ux
- OfLBR1QYgHtXmk6tObJurWkZq6cGICwA/2fBOtZcLfAPRWYPLHAtsqtFrO6CIyQG
- H6n4Iv3D5ZsCuDgEZvb3mhIKKwYBBAGXVQEFAQEHQPKKcltfHlELIHf0AYcd0nOe
- GaWcAnoW4o3zLZUVNnlpAwEIB4h+BBgWCgAmFiEE41hPLRsVnPt/r8cstUeFeTI4
- DMwFAmb295oCGwwFCQWjmoAACgkQtUeFeTI4DMzuegEA62XIq4Ir+4DWdTql58bA
- +0Vr89dMQsAxwVzGGzl8D8wBAMuPY6/2SwbA7KwWuz8L/cTPQVLBt+TSdYeuCBps
- e5UE
- =m2st
- -----END PGP PUBLIC KEY BLOCK-----
- '';
- gpgKeyring = pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
- mkdir -p $out
- export GNUPGHOME=$out
- gpg --no-default-keyring --keyring=$out/import-pubring.gpg --fingerprint
- gpg --no-default-keyring --keyring=$out/import-pubring.gpg --import <<< '${gpgPubKeyStaging}'
- rm $out/S.scdaemon $out/S.gpg-agent $out/S.gpg-agent.*
- '';
-in
-{
- environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/import-pubring.gpg";
-
- systemd.sysupdate = {
- enable = true;
-
- transfers = {
- "10-uki" = {
- Source = {
- MatchPattern = [
- "${config.boot.uki.name}_@v.efi.xz"
- ];
-
- Path = "https://images.dl.patagia.dev/patos/";
- Type = "url-file";
- };
- Target = {
- InstancesMax = 2;
- MatchPattern = [
- "${config.boot.uki.name}_@v.efi"
- ];
-
- Mode = "0444";
- Path = "/EFI/Linux";
- PathRelativeTo = "boot";
-
- Type = "regular-file";
- };
- Transfer = {
- ProtectVersion = "%A";
- Verify = "no";
- };
- };
-
- "20-store" = {
- Source = {
- MatchPattern = [
- "${config.boot.uki.name}_@v.img.xz"
- ];
- Path = "https://images.dl.patagia.dev/patos/";
- Type = "url-file";
- };
-
- Target = {
- InstancesMax = 2;
-
- # This doesn't work, because / is a tmpfs and the heuristic is not that smart.
- #
- # Path = "auto";
- Path = "/dev/sda";
-
- MatchPattern = "${config.boot.uki.name}_@v";
-
- Type = "partition";
- ReadOnly = "yes";
- };
- Transfer = {
- Verify = "no";
- };
- };
-
- };
- };
-}
diff --git a/modules/utils.nix b/modules/utils.nix
deleted file mode 100644
index befd4bf..0000000
--- a/modules/utils.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-let
- script = pkgs.writeShellScriptBin "patos-upgrade.sh" ''
- systemd-sysupdate --verify=no
- systemd-sysupdate --verify=no update --reboot
- '';
-
- patos-install = pkgs.writeShellApplication {
- name = "patos-install";
- text = ''
- set -xeuo pipefail
- curl -s https://images.dl.patagia.dev/patos/patos_0.0.1.raw.zst |
- zstdcat |
- dd of=/dev/sdb status=progress bs=4M
- '';
- };
-in
-{
- environment.systemPackages = [
- # pkgs.ncdu
- patos-install
- script
- ];
-}
diff --git a/pkgs/composefs.nix b/pkgs/composefs.nix
new file mode 100644
index 0000000..91e8443
--- /dev/null
+++ b/pkgs/composefs.nix
@@ -0,0 +1,5 @@
+{ prev, ... }:
+
+prev.composefs.overrideAttrs (final: prev: {
+ doCheck = false;
+})
diff --git a/pkgs/linux-firmware.nix b/pkgs/linux-firmware.nix
new file mode 100644
index 0000000..8f03d8c
--- /dev/null
+++ b/pkgs/linux-firmware.nix
@@ -0,0 +1,12 @@
+{ stdenv, lib
+, linux-firmware
+, fwDirs
+}: stdenv.mkDerivation {
+ pname = "linux-firmware-minimal";
+ version = linux-firmware.version;
+ buildCommand = lib.concatStringsSep "\n" (
+ [''mkdir -p "$out/lib/firmware"'']
+ ++ (map (name: ''
+ cp -r "${linux-firmware}/lib/firmware/${name}" "$out/lib/firmware/${name}"
+ '') fwDirs));
+}
diff --git a/pkgs/openssh.nix b/pkgs/openssh.nix
new file mode 100644
index 0000000..91de381
--- /dev/null
+++ b/pkgs/openssh.nix
@@ -0,0 +1,7 @@
+{ prev, ... }:
+
+prev.openssh.overrideAttrs (final: prev: {
+ doCheck = false;
+ doInstallCheck = false;
+ dontCheck = true;
+})
diff --git a/pkgs/qemu.nix b/pkgs/qemu.nix
new file mode 100644
index 0000000..93e67dd
--- /dev/null
+++ b/pkgs/qemu.nix
@@ -0,0 +1,30 @@
+{ prev, pkgs, ... }:
+
+(prev.qemu_test.override {
+ enableDocs = false;
+ capstoneSupport = false;
+ guestAgentSupport = false;
+ tpmSupport = false;
+ libiscsiSupport = false;
+ usbredirSupport = false;
+ canokeySupport = false;
+ hostCpuTargets = [ "x86_64-softmmu" ];
+}).overrideDerivation (old: {
+ postFixup = ''
+ rm -r "$out/share/icons"
+ cp "${pkgs.OVMF.fd + "/FV/OVMF.fd"}" "$out/share/qemu/"
+ '';
+ configureFlags = old.configureFlags ++ [
+ "--disable-tcg"
+ "--disable-tcg-interpreter"
+ "--disable-docs"
+ "--disable-install-blobs"
+ "--disable-slirp"
+ "--disable-virtfs"
+ "--disable-virtfs-proxy-helper"
+ "--disable-vhost-user-blk-server"
+ "--without-default-features"
+ "--enable-kvm"
+ "--disable-tools"
+ ];
+})
diff --git a/pkgs/systemd-ukify.nix b/pkgs/systemd-ukify.nix
new file mode 100644
index 0000000..b8e9d55
--- /dev/null
+++ b/pkgs/systemd-ukify.nix
@@ -0,0 +1,48 @@
+{ prev, ... }:
+
+prev.systemd.override {
+ withAcl = false;
+ withAnalyze = false;
+ withApparmor = false;
+ withAudit = false;
+ withEfi = true;
+ withCompression = false;
+ withCoredump = false;
+ withCryptsetup = false;
+ withRepart = false;
+ withDocumentation = false;
+ withFido2 = false;
+ withFirstboot = false;
+ withHomed = false;
+ withHostnamed = false;
+ withHwdb = false;
+ withImportd = false;
+ withIptables = false;
+ withKmod = false;
+ withLibBPF = false;
+ withLibidn2 = false;
+ withLocaled = false;
+ withLogind = false;
+ withMachined = false;
+ withNetworkd = false;
+ withNss = false;
+ withOomd = false;
+ withPam = false;
+ withPasswordQuality = false;
+ withPCRE2 = false;
+ withPolkit = false;
+ withPortabled = false;
+ withQrencode = false;
+ withRemote = false;
+ withResolved = false;
+ withShellCompletions = false;
+ withSysusers = false;
+ withSysupdate = false;
+ withTimedated = false;
+ withTimesyncd = false;
+ withTpm2Tss = false;
+ withUkify = true;
+ withUserDb = false;
+ withUtmp = false;
+ withVmspawn = false;
+}
diff --git a/pkgs/systemd.nix b/pkgs/systemd.nix
new file mode 100644
index 0000000..2d52e9a
--- /dev/null
+++ b/pkgs/systemd.nix
@@ -0,0 +1,10 @@
+{ prev, ... }:
+
+prev.systemd.override {
+ withAcl = false;
+ withApparmor = false;
+ withDocumentation = false;
+ withRemote = false;
+ withShellCompletions = false;
+ withVmspawn = false;
+}
diff --git a/tests/common.nix b/tests/common.nix
new file mode 100644
index 0000000..934b020
--- /dev/null
+++ b/tests/common.nix
@@ -0,0 +1,111 @@
+{ self, lib, pkgs, ... }:
+
+with import (pkgs.path + "/nixos/lib/testing-python.nix") { inherit pkgs; inherit (pkgs.hostPlatform) system; };
+
+let
+
+ nixos-lib = import (pkgs.path + "/nixos/lib") {};
+ qemu-common = import (pkgs.path + "/nixos/lib/qemu-common.nix") { inherit lib pkgs; };
+
+in rec {
+
+ makeSystem = extraConfig:
+ (import (pkgs.path + "/nixos/lib/eval-config.nix")) {
+ inherit pkgs lib;
+ system = null;
+ modules = [
+ {
+ nixpkgs.hostPlatform = pkgs.hostPlatform;
+ }
+ {
+ users.allowNoPasswordLogin = true;
+ system.stateVersion = lib.versions.majorMinor lib.version;
+ system.image.id = lib.mkDefault "test";
+ system.image.version = lib.mkDefault "1";
+ networking.hosts."10.0.2.1" = [ "server.test" ];
+ }
+ {
+ boot.kernelParams = [ "console=ttyS0,115200n8" "systemd.journald.forward_to_console=1" ];
+ image.compress = false;
+ boot.initrd.compressor = lib.mkForce "zstd";
+ boot.initrd.compressorArgs = lib.mkForce [ "-8" ];
+ }
+ (pkgs.path + "/nixos/modules/testing/test-instrumentation.nix")
+ self.nixosModules.server
+ self.nixosModules.image
+ extraConfig
+ ];
+ };
+
+ makeImage = extraConfig: let
+ system = makeSystem extraConfig;
+ in "${system.config.system.build.image}/${system.config.system.build.image.imageFile}";
+
+ makeUpdatePackage = extraConfig: let
+ system = makeSystem extraConfig;
+ in "${system.config.system.build.updatePackage}";
+
+ makeImageTest = { name, image, script, httpRoot ? null }: let
+ qemu = qemu-common.qemuBinary pkgs.qemu_test;
+ flags = [
+ "-m" "512M"
+ "-drive" "if=pflash,format=raw,unit=0,readonly=on,file=${pkgs.OVMF.firmware}"
+ "-drive" "if=pflash,format=raw,unit=1,readonly=on,file=${pkgs.OVMF.variables}"
+ "-drive" "if=virtio,file=${mutableImage}"
+ "-chardev" "socket,id=chrtpm,path=${tpmFolder}/swtpm-sock"
+ "-tpmdev" "emulator,id=tpm0,chardev=chrtpm"
+ "-device" "tpm-tis,tpmdev=tpm0"
+ "-netdev" ("'user,id=net0" + (lib.optionalString (httpRoot != null) ",guestfwd=tcp:10.0.2.1:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${httpRoot}") + "'")
+ "-device" "virtio-net-pci,netdev=net0"
+ ];
+ flagsStr = lib.concatStringsSep " " flags;
+ startCommand = "${qemu} ${flagsStr}";
+ mutableImage = "/tmp/linked-image.qcow2";
+ tpmFolder = "/tmp/emulated_tpm";
+ indentLines = str: lib.concatLines (map (s: " " + s) (lib.splitString "\n" str));
+ in makeTest {
+ inherit name;
+ nodes = { };
+ testScript = ''
+ import os
+ import subprocess
+
+ subprocess.check_call(
+ [
+ "qemu-img",
+ "create",
+ "-f",
+ "qcow2",
+ "-F",
+ "raw",
+ "-b",
+ "${image}",
+ "${mutableImage}",
+ ]
+ )
+ subprocess.check_call(["qemu-img", "resize", "${mutableImage}", "4G"])
+
+ os.mkdir("${tpmFolder}")
+ os.mkdir("${tpmFolder}/swtpm")
+
+ def start_tpm():
+ subprocess.Popen(
+ [
+ "${pkgs.swtpm}/bin/swtpm",
+ "socket",
+ "--tpmstate", "dir=${tpmFolder}/swtpm",
+ "--ctrl", "type=unixio,path=${tpmFolder}/swtpm-sock",
+ "--tpm2"
+ ]
+ )
+
+ machine = create_machine("${startCommand}")
+
+ try:
+ '' + indentLines script + ''
+ finally:
+ machine.shutdown()
+ '';
+ };
+
+}
diff --git a/tests/lib.nix b/tests/lib.nix
new file mode 100644
index 0000000..4b905fa
--- /dev/null
+++ b/tests/lib.nix
@@ -0,0 +1,9 @@
+test:
+{ pkgs, self }:
+ let nixos-lib = import (pkgs.path + "/nixos/lib") {};
+in (nixos-lib.runTest {
+ hostPkgs = pkgs;
+ defaults.documentation.enable = false;
+ node.specialArgs = { inherit self; };
+ imports = [ test ];
+}).config.result
diff --git a/tests/podman.nix b/tests/podman.nix
new file mode 100644
index 0000000..0a3747f
--- /dev/null
+++ b/tests/podman.nix
@@ -0,0 +1,22 @@
+{ pkgs, self }: let
+
+ lib = pkgs.lib;
+ test-common = import ./common.nix { inherit self lib pkgs; };
+
+ image = test-common.makeImage { };
+
+in test-common.makeImageTest {
+ name = "podman";
+ inherit image;
+ script = ''
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+ machine.wait_for_unit("network-online.target")
+
+ machine.succeed("tar cv --files-from /dev/null | su admin -l -c 'podman import - scratchimg'")
+
+ machine.succeed("su admin -l -c 'podman run --rm -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg true'")
+ '';
+}
diff --git a/tests/ssh-preseed.nix b/tests/ssh-preseed.nix
new file mode 100644
index 0000000..b67681c
--- /dev/null
+++ b/tests/ssh-preseed.nix
@@ -0,0 +1,37 @@
+{ pkgs, self }:
+let
+ lib = pkgs.lib;
+ test-common = import ./common.nix { inherit self lib pkgs; };
+ sshKeys = import (pkgs.path + "/nixos/tests/ssh-keys.nix") pkgs;
+
+ image = test-common.makeImage {
+ system.image.sshKeys.keys = [ sshKeys.snakeOilPublicKey ];
+ system.extraDependencies = [ sshKeys.snakeOilPrivateKey ];
+ };
+
+in
+test-common.makeImageTest {
+ name = "ssh-preseed";
+ inherit image;
+ script = ''
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+
+ machine.succeed("[ -e /efi/default-ssh-authorized-keys.txt ]")
+ machine.succeed("[ -e /home/admin/.ssh/authorized_keys ]")
+
+ machine.wait_for_open_port(22)
+
+ machine.succeed(
+ "cat ${sshKeys.snakeOilPrivateKey} > privkey.snakeoil"
+ )
+ machine.succeed("chmod 600 privkey.snakeoil")
+
+ machine.succeed(
+ "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil admin@127.0.0.1 true",
+ timeout=30
+ )
+ '';
+}
diff --git a/tests/system-update.nix b/tests/system-update.nix
new file mode 100644
index 0000000..26f793e
--- /dev/null
+++ b/tests/system-update.nix
@@ -0,0 +1,45 @@
+{ pkgs, self }: let
+
+ lib = pkgs.lib;
+ test-common = import ./common.nix { inherit self lib pkgs; };
+
+ initialImage = test-common.makeImage {
+ system.image.version = "1";
+ system.image.updates.url = "http://server.test/";
+ # The default root-b is too small for uncompressed test images
+ systemd.repart.partitions."32-root-b" = {
+ SizeMinBytes = lib.mkForce "1G";
+ SizeMaxBytes = lib.mkForce "1G";
+ };
+ };
+
+ updatePackage = test-common.makeUpdatePackage {
+ system.image.version = "2";
+ system.image.updates.url = "http://server.test/";
+ };
+
+in test-common.makeImageTest {
+ name = "system-update";
+ image = initialImage;
+ httpRoot = updatePackage;
+ script = ''
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+ machine.wait_for_unit("network-online.target")
+
+ machine.succeed("/run/current-system/sw/lib/systemd/systemd-sysupdate update")
+
+ machine.shutdown()
+
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+
+ machine.succeed('. /etc/os-release; [ "$IMAGE_VERSION" == "2" ]')
+
+ machine.wait_for_unit("systemd-bless-boot.service")
+ '';
+}
diff --git a/utils/qemu-uefi-tpm.nix b/utils/qemu-uefi-tpm.nix
new file mode 100644
index 0000000..7cc36c7
--- /dev/null
+++ b/utils/qemu-uefi-tpm.nix
@@ -0,0 +1,49 @@
+{
+ config,
+ pkgs,
+ ...
+}:
+pkgs.writeShellApplication {
+ name = "qemu-uefi-tpm";
+
+ runtimeInputs = with pkgs; [
+ qemu
+ swtpm
+ ];
+
+ text =
+ let
+ tpmOVMF = pkgs.OVMF.override { tpmSupport = true; };
+ in
+ ''
+ set -ex
+ state="/tmp/patos-qemu-$USER"
+ rm -rf "$state"
+ mkdir -m 700 "$state"
+ qemu-img create -f qcow2 -F raw -b "$(readlink -e "$1")" "$state/disk.qcow2" 10G
+
+ swtpm socket -d --tpmstate dir="$state" \
+ --ctrl type=unixio,path="$state/swtpm-sock" \
+ --tpm2 \
+ --log level=20
+
+ qemu-system-x86_64 \
+ -enable-kvm \
+ -machine q35,accel=kvm \
+ -cpu host \
+ -smp 8 \
+ -m 4G \
+ -display none \
+ -chardev "stdio,id=char0,mux=on,logfile=$state/console.log,signal=off" \
+ -serial chardev:char0 \
+ -mon chardev=char0 \
+ -drive "if=pflash,format=raw,unit=0,readonly=on,file=${tpmOVMF.firmware}" \
+ -drive "if=pflash,format=raw,unit=1,readonly=on,file=${tpmOVMF.variables}" \
+ -chardev socket,id=chrtpm,path="$state/swtpm-sock" \
+ -tpmdev emulator,id=tpm0,chardev=chrtpm \
+ -device tpm-tis,tpmdev=tpm0 \
+ -netdev id=net00,type=user,hostfwd=tcp::2222-:22 \
+ -device virtio-net-pci,netdev=net00 \
+ -drive "format=qcow2,file=$state/disk.qcow2"
+ '';
+}
From a1763b981c0afcc50b0c5dbdb3f5de992f7c8dee Mon Sep 17 00:00:00 2001
From: Daniel Lundin <dln@arity.se>
Date: Mon, 11 Nov 2024 23:02:38 +0100
Subject: [PATCH 2/2] WIP: next step on image build
---
flake.lock | 157 +-
flake.nix | 191 +--
justfile | 8 +-
modules/config/minimal-modules.nix | 15 +
modules/config/minimal-system.nix | 26 +
modules/default.nix | 6 +
modules/filesystems.nix | 44 -
modules/generic.nix | 71 -
modules/image/disk/:w | 128 ++
modules/image/disk/builder.nix | 167 ++
modules/image/disk/default.nix | 128 ++
modules/image/disk/ssh.nix | 40 +
modules/image/disk/updater.nix | 86 +
modules/image/disk/veritysetup.nix | 39 +
modules/kernel/default.nix | 24 -
modules/kernel/generic.config | 2521 ----------------------------
modules/minimize.nix | 18 -
modules/network.nix | 17 -
modules/partitions.nix | 103 --
modules/patagia-agent.nix | 34 -
modules/profiles/base.nix | 86 +
modules/profiles/network.nix | 56 +
modules/profiles/server.nix | 43 +
modules/sysext.nix | 23 -
modules/system_overrides.nix | 5 -
modules/sysupdate.nix | 90 -
modules/utils.nix | 29 -
pkgs/composefs.nix | 5 +
pkgs/linux-firmware.nix | 12 +
pkgs/openssh.nix | 7 +
pkgs/qemu.nix | 30 +
pkgs/systemd-ukify.nix | 48 +
pkgs/systemd.nix | 10 +
tests/common.nix | 154 ++
tests/lib.nix | 9 +
tests/podman.nix | 22 +
tests/ssh-preseed.nix | 37 +
tests/system-update.nix | 45 +
utils/qemu-uefi-tpm.nix | 49 +
39 files changed, 1311 insertions(+), 3272 deletions(-)
create mode 100644 modules/config/minimal-modules.nix
create mode 100644 modules/config/minimal-system.nix
create mode 100644 modules/default.nix
delete mode 100644 modules/filesystems.nix
delete mode 100644 modules/generic.nix
create mode 100644 modules/image/disk/:w
create mode 100644 modules/image/disk/builder.nix
create mode 100644 modules/image/disk/default.nix
create mode 100644 modules/image/disk/ssh.nix
create mode 100644 modules/image/disk/updater.nix
create mode 100644 modules/image/disk/veritysetup.nix
delete mode 100644 modules/kernel/default.nix
delete mode 100644 modules/kernel/generic.config
delete mode 100644 modules/minimize.nix
delete mode 100644 modules/network.nix
delete mode 100644 modules/partitions.nix
delete mode 100644 modules/patagia-agent.nix
create mode 100644 modules/profiles/base.nix
create mode 100644 modules/profiles/network.nix
create mode 100644 modules/profiles/server.nix
delete mode 100644 modules/sysext.nix
delete mode 100644 modules/system_overrides.nix
delete mode 100644 modules/sysupdate.nix
delete mode 100644 modules/utils.nix
create mode 100644 pkgs/composefs.nix
create mode 100644 pkgs/linux-firmware.nix
create mode 100644 pkgs/openssh.nix
create mode 100644 pkgs/qemu.nix
create mode 100644 pkgs/systemd-ukify.nix
create mode 100644 pkgs/systemd.nix
create mode 100644 tests/common.nix
create mode 100644 tests/lib.nix
create mode 100644 tests/podman.nix
create mode 100644 tests/ssh-preseed.nix
create mode 100644 tests/system-update.nix
create mode 100644 utils/qemu-uefi-tpm.nix
diff --git a/flake.lock b/flake.lock
index e774dca..2f5f887 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,169 +1,24 @@
{
"nodes": {
- "advisory-db": {
- "flake": false,
- "locked": {
- "lastModified": 1727353582,
- "narHash": "sha256-2csMEEOZhvowVKZNBHk1kMJqk72ZMrPj9LQYCzP6EKs=",
- "owner": "rustsec",
- "repo": "advisory-db",
- "rev": "cb905e6e405834bdff1eb1e20c9b10edb5403889",
- "type": "github"
- },
- "original": {
- "owner": "rustsec",
- "repo": "advisory-db",
- "type": "github"
- }
- },
- "crane": {
- "locked": {
- "lastModified": 1727316705,
- "narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "repo": "crane",
- "type": "github"
- }
- },
- "flake-utils": {
- "inputs": {
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_2": {
- "inputs": {
- "systems": "systems_2"
- },
- "locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
"nixpkgs": {
"locked": {
- "lastModified": 1730785428,
- "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
- "owner": "nixos",
+ "lastModified": 1731139594,
+ "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
+ "owner": "NixOS",
"repo": "nixpkgs",
- "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
+ "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
"type": "github"
},
"original": {
- "owner": "nixos",
+ "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
- "patagia-agent": {
- "inputs": {
- "advisory-db": "advisory-db",
- "crane": "crane",
- "flake-utils": "flake-utils_2",
- "nixpkgs": [
- "nixpkgs"
- ],
- "rust-overlay": "rust-overlay"
- },
- "locked": {
- "lastModified": 1729636943,
- "narHash": "sha256-uEvMiMcKyAZ30ZZZuirCu9jM6DwEbNV2olsmSwLkmtg=",
- "ref": "main",
- "rev": "9ec0cf1dd5dc1bd64073b58681a8637c21b979c3",
- "revCount": 10,
- "type": "git",
- "url": "ssh://git@patagia.dev/patagia/patagia-agent"
- },
- "original": {
- "ref": "main",
- "type": "git",
- "url": "ssh://git@patagia.dev/patagia/patagia-agent"
- }
- },
"root": {
"inputs": {
- "flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs",
- "patagia-agent": "patagia-agent"
- }
- },
- "rust-overlay": {
- "inputs": {
- "nixpkgs": [
- "patagia-agent",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1727490462,
- "narHash": "sha256-OrrPiNBiikv9BR464XTT75FzOq7tKAvMbMi7YOKVIeg=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "11a13e50debafae4ae802f1d6b8585101516dd93",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "systems": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
- "systems_2": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
+ "nixpkgs": "nixpkgs"
}
}
},
diff --git a/flake.nix b/flake.nix
index 429ff87..f616a01 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,151 +2,70 @@
description = "PatOS is a minimal, immutable Linux distribution specialized for the Patagia Platform.";
inputs = {
- flake-utils.url = "github:numtide/flake-utils";
- nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
- patagia-agent.url = "git+ssh://git@patagia.dev/patagia/patagia-agent?ref=main";
- patagia-agent.inputs.nixpkgs.follows = "nixpkgs";
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs =
+ { self, nixpkgs }:
+ let
+ releaseVersion = "0.0.1";
+ system = "x86_64-linux";
+ updateUrl = "https://images.dl.patagia.dev/patos/";
+ pkgs = import nixpkgs { inherit system; };
+ in
{
- self,
- flake-utils,
- nixpkgs,
- patagia-agent,
- }:
- flake-utils.lib.eachDefaultSystem (
- system:
- let
+ nixosModules.server.imports = [
+ ./modules/profiles/server.nix
+ ];
- pkgs = import nixpkgs {
- inherit system;
- overlays = [
- (import ./overlays)
- ];
- };
+ nixosModules.image.imports = [
+ ./modules
+ ./modules/profiles/base.nix
+ ./modules/image/disk
+ ];
- # Prepare an update package for the system.
- mkUpdate =
- nixos:
- let
- config = nixos.config;
- in
- pkgs.runCommand "update-${config.system.image.version}"
- {
- nativeBuildInputs = with pkgs; [
- erofs-utils
- zstd
- ];
- }
- ''
- mkdir -p $out
- cp ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.store.raw $out/
-
- zstd -9 ${config.system.build.uki}/${config.system.boot.loader.ukiFile} \
- -o $out/${config.system.boot.loader.ukiFile}.zst
-
- zstd -9 ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.store.raw \
- -o $out/${config.boot.uki.name}_${config.system.image.version}.img.zst
- '';
-
- # Prepare a ready-to-boot disk image.
- mkInstallImage =
- nixos:
- let
- config = nixos.config;
- in
- pkgs.runCommand "update-${config.system.image.version}"
- {
- nativeBuildInputs = with pkgs; [
- qemu
- zstd
- ];
- }
- ''
- mkdir -p $out
- cp ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.raw $out/
- qemu-img convert -f raw -O qcow2 -C ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.raw $out/disk.qcow2
-
- zstd -9 ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.store.raw \
- -o $out/${config.boot.uki.name}_${config.system.image.version}.img.zst
-
- zstd -9 ${config.system.build.uki}/${config.system.boot.loader.ukiFile} \
- -o $out/${config.system.boot.loader.ukiFile}.zst
- '';
- in
- {
- devShells.${system}.default = pkgs.mkShell {
- packages = with pkgs; [
- erofs-utils
- just
- self.packages.${system}.qemu-efi
- squashfs-tools-ng
- ];
- };
-
- packages = {
- default = self.packages.${system}.patos_image;
- patos_image = mkInstallImage self.nixosConfigurations.${system}.patos;
- patos_update = mkUpdate self.nixosConfigurations.${system}.patos;
-
- image = system.build;
-
- # FIXME: only do for x86_64
- # A helper script to run the disk images above.
- qemu-efi = pkgs.writeShellApplication {
- name = "qemu-efi";
-
- runtimeInputs = [ pkgs.qemu_kvm ];
-
- text = ''
- set -ex
- state="/tmp/qemu-$USER"
- mkdir -p "$state"
- chmod 700 "$state"
- qemu-system-x86_64 \
- -cpu host \
- -machine q35,accel=kvm \
- -m 4G \
- -smp 8 \
- -display none \
- -chardev "stdio,id=char0,mux=on,logfile=$state/serial.log,signal=off" \
- -serial chardev:char0 \
- -mon chardev=char0 \
- -drive "if=pflash,format=raw,unit=0,readonly=on,file=${pkgs.OVMF.firmware}" \
- -drive "if=pflash,format=raw,unit=1,readonly=on,file=${pkgs.OVMF.variables}" \
- -netdev id=net00,type=user,hostfwd=tcp::2222-:22 \
- -device virtio-net-pci,netdev=net00 \
- "$@"
- '';
- };
- };
-
- nixosConfigurations = rec {
- patos = nixpkgs.lib.nixosSystem {
- specialArgs.pkgs = pkgs;
- system = system;
+ packages.${system} = {
+ patos =
+ (nixpkgs.lib.nixosSystem {
modules = [
+ (
+ { lib, ... }:
+ {
+ nixpkgs.hostPlatform = system;
+ system.stateVersion = "24.05";
+ }
+ )
{
- _module.args = {
- inherit patagia-agent;
- };
+ boot.kernelParams = [
+ "console=ttyS0"
+ "systemd.journald.forward_to_console"
+ ];
+ system.image.updates.url = "${updateUrl}";
+ system.image.id = "patos";
+ system.image.version = releaseVersion;
}
- ./modules/kernel
- ./modules/filesystems.nix
- ./modules/generic.nix
- ./modules/minimize.nix
- ./modules/network.nix
- # ./modules/patagia-agent.nix
- ./modules/partitions.nix
- ./modules/system_overrides.nix
- ./modules/sysext.nix
- ./modules/sysupdate.nix
- ./modules/utils.nix
+ self.nixosModules.image
+ self.nixosModules.server
];
- };
- };
+ }).config.system.build.updatePackage;
- }
- );
+ qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { inherit pkgs; };
+ };
+
+ checks.${system} = {
+ ssh-preseed = import ./tests/ssh-preseed.nix { inherit pkgs self; };
+ podman = import ./tests/podman.nix { inherit pkgs self; };
+ system-update = import ./tests/system-update.nix { inherit pkgs self; };
+ };
+
+ devShells.${system}.default = pkgs.mkShell {
+ buildInputs = with pkgs; [
+ erofs-utils
+ just
+ self.packages.${system}.qemu-uefi-tpm
+ squashfs-tools-ng
+ ];
+ };
+
+ };
}
diff --git a/justfile b/justfile
index 8f3d12b..dfb84a2 100644
--- a/justfile
+++ b/justfile
@@ -13,11 +13,7 @@ build: build-image
# Build PatOS image
build-image:
- nix build .#patos_image
-
-# Build PatOS update image
-build-update:
- nix build .#patos_update
+ nix build .#patos
run: build-image
- qemu-efi -snapshot ./result/disk.qcow2
+ qemu-uefi-tpm ./result/*.img
diff --git a/modules/config/minimal-modules.nix b/modules/config/minimal-modules.nix
new file mode 100644
index 0000000..45bdb1f
--- /dev/null
+++ b/modules/config/minimal-modules.nix
@@ -0,0 +1,15 @@
+{ config, ... }:
+{
+ boot = {
+ bootspec.enable = false;
+ initrd.kernelModules = config.boot.kernelModules;
+ kernel.enable = false; # No kernel or modules in the rootfs
+ modprobeConfig.enable = false;
+ };
+
+ system.build = {
+ inherit (config.boot.kernelPackages) kernel;
+ };
+
+ system.modulesTree = [ config.boot.kernelPackages.kernel ] ++ config.boot.extraModulePackages;
+}
diff --git a/modules/config/minimal-system.nix b/modules/config/minimal-system.nix
new file mode 100644
index 0000000..e77476b
--- /dev/null
+++ b/modules/config/minimal-system.nix
@@ -0,0 +1,26 @@
+{ ... }:
+{
+
+ nixpkgs.overlays = [
+ (final: prev: {
+
+ composefs = final.callPackage ../../pkgs/composefs.nix { inherit prev; };
+ qemu_tiny = final.callPackage ../../pkgs/qemu.nix { inherit prev; };
+ systemdUkify = final.callPackage ../../pkgs/systemd-ukify.nix { inherit prev; };
+
+ # # FIXME: Revisit + refine these below in a future image minimization effort
+ #
+ # util-linux = prev.util-linux.override {
+ # ncursesSupport = false;
+ # nlsSupport = false;
+ # };
+ #
+ # dbus = prev.dbus.override {
+ # enableSystemd = false;
+ # x11Support = false;
+ # };
+
+ })
+ ];
+
+}
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..0a1a5e0
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./config/minimal-modules.nix
+ ./config/minimal-system.nix
+ ];
+}
diff --git a/modules/filesystems.nix b/modules/filesystems.nix
deleted file mode 100644
index 01753be..0000000
--- a/modules/filesystems.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, ... }: {
-
- zramSwap = {
- enable = true;
- algorithm = "zstd";
- memoryPercent = 20;
- };
-
- fileSystems = {
- "/" = {
- fsType = "tmpfs";
- options = [
- "size=20%"
- ];
- };
-
- "/var" =
- let
- partConf = config.image.repart.partitions."var".repartConfig;
- in
- {
- device = "/dev/disk/by-partuuid/${partConf.UUID}";
- fsType = partConf.Format;
- };
-
- "/boot" =
- let
- partConf = config.image.repart.partitions."esp".repartConfig;
- in
- {
- device = "/dev/disk/by-partuuid/${partConf.UUID}";
- fsType = partConf.Format;
- };
-
- "/nix/store" =
- let
- partConf = config.image.repart.partitions."store".repartConfig;
- in
- {
- device = "/dev/disk/by-partlabel/${partConf.Label}";
- fsType = partConf.Format;
- };
- };
-}
diff --git a/modules/generic.nix b/modules/generic.nix
deleted file mode 100644
index 2214f00..0000000
--- a/modules/generic.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{
- pkgs,
- config,
- lib,
- ...
-}:
-{
-
- boot = {
- enableContainers = false;
- initrd.systemd.enable = true;
- initrd.compressor = "zstd";
-
- # FIXME: Add debug/devel option to switch default kernel params
- kernelParams = [
- # "quiet"
- "console=tty1"
- "console=ttyS0,38400"
- "systemd.log_level=info"
- "systemd.log_target=console"
- ];
- loader.efi.canTouchEfiVariables = true;
- loader.grub.enable = false;
- loader.systemd-boot.enable = true;
- uki.name = "patos";
- };
-
- system.image.version = "0.0.1"; # FIXME: Use epoch version.
-
- system.nixos = {
- codeName = "Finn";
- distroId = "patos";
- distroName = "PatOS";
- release = "2024-09";
- };
-
- system.switch.enable = false;
-
- # Make the current system version visible in the prompt.
- programs.bash.promptInit = ''
- export PS1="\u@\h (version ${config.system.image.version}) \w $ "
- '';
-
- # Not compatible with system.etc.overlay.enable yet.
- # users.mutableUsers = false;
-
- services.getty.autologinUser = "root";
-
- # Temporary files
- boot.tmp.cleanOnBoot = true;
- boot.tmp.useTmpfs = true;
- systemd.services.nix-daemon = {
- environment.TMPDIR = "/var/tmp";
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=10M
- '';
-
- services.fstrim.enable = true;
-
- # Debugging
- environment.systemPackages = with pkgs; [
- (runCommand "systemd-sysupdate" { } ''
- mkdir -p $out/bin
- ln -s ${config.systemd.package}/lib/systemd/systemd-sysupdate $out/bin
- '')
- ];
-
- system.stateVersion = "24.11";
-}
diff --git a/modules/image/disk/:w b/modules/image/disk/:w
new file mode 100644
index 0000000..2862e18
--- /dev/null
+++ b/modules/image/disk/:w
@@ -0,0 +1,128 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+
+ imports = [
+ ./updater.nix
+ ./ssh.nix
+ ./builder.nix
+ ./veritysetup.nix
+ ];
+
+ system.build.updatePackage = pkgs.runCommand "update-package" { } ''
+ mkdir "$out"
+ cd "$out"
+ cp "${config.system.build.image}"/* .
+ ${pkgs.coreutils}/bin/sha256sum * > SHA256SUMS
+ '';
+
+ boot.initrd.systemd.enable = true;
+
+ boot.initrd.systemd.repart.enable = true;
+ systemd.repart.partitions = {
+ "10-esp" = {
+ Type = "esp";
+ Format = "vfat";
+ SizeMinBytes = "96M";
+ SizeMaxBytes = "96M";
+ };
+ "20-root-verity-a" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ };
+ "22-root-a" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ };
+ "30-root-verity-b" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "32-root-b" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "40-home" = {
+ Type = "home";
+ Format = "btrfs";
+ SizeMinBytes = "512M";
+ Encrypt = "tpm2";
+ };
+ };
+
+ boot.initrd.compressor = "zstd";
+ boot.initrd.compressorArgs = [ "-8" ];
+
+ boot.loader.grub.enable = false;
+
+ boot.initrd.luks.forceLuksSupportInInitrd = true;
+ boot.initrd.kernelModules = [
+ "dm_mod"
+ "dm_crypt"
+ ] ++ config.boot.initrd.luks.cryptoModules;
+
+ boot.initrd.supportedFilesystems = {
+ btrfs = true;
+ erofs = true;
+ };
+
+ system.etc.overlay.mutable = false;
+ users.mutableUsers = false;
+
+ boot.initrd.systemd.services.systemd-repart.after = lib.mkForce [ "sysroot.mount" ];
+ boot.initrd.systemd.services.systemd-repart.requires = [ "sysroot.mount" ];
+
+ boot.kernelParams = [
+ "rootfstype=erofs"
+ "rootflags=ro"
+ "roothash=${config.system.build.verityRootHash}"
+ ];
+
+ fileSystems."/var" = {
+ fsType = "tmpfs";
+ options = [ "mode=0755" ];
+ };
+
+ # Required to mount the efi partition
+ boot.kernelModules = [
+ "vfat"
+ "nls_cp437"
+ "nls_iso8859-1"
+ ];
+
+ # Store SSH host keys on /home since /etc is read-only
+ services.openssh.hostKeys = [
+ {
+ path = "/home/.ssh/ssh_host_ed25519_key";
+ type = "ed25519";
+ }
+ ];
+
+ environment.etc."machine-id" = {
+ text = "";
+ mode = "0755";
+ };
+
+ boot.initrd.systemd.services.systemd-repart.serviceConfig.Environment = [
+ "SYSTEMD_REPART_MKFS_OPTIONS_BTRFS=--nodiscard"
+ ];
+
+ # Refuse to boot on mount failure
+ systemd.targets."sysinit".requires = [ "local-fs.target" ];
+
+ # Make sure home gets mounted
+ systemd.targets."local-fs".requires = [ "home.mount" ];
+
+}
diff --git a/modules/image/disk/builder.nix b/modules/image/disk/builder.nix
new file mode 100644
index 0000000..39f321c
--- /dev/null
+++ b/modules/image/disk/builder.nix
@@ -0,0 +1,167 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ inherit (pkgs.stdenv.hostPlatform) efiArch;
+
+ initialPartitions = {
+ "10-root" = {
+ storePaths = [ config.system.build.toplevel ];
+ repartConfig = {
+ Type = "root";
+ Minimize = "best";
+ Format = "erofs";
+ MakeDirectories = "/home /root /etc /dev /sys /bin /var /proc /run /usr /srv /tmp /mnt /lib /efi";
+ Verity = "data";
+ VerityMatchKey = "root";
+ SplitName = "root";
+ };
+ };
+
+ "20-root-verity" = {
+ repartConfig = {
+ Type = "root-verity";
+ Minimize = "best";
+ Verity = "hash";
+ VerityMatchKey = "root";
+ SplitName = "verity";
+ };
+ };
+ };
+
+ # TODO: We don't need a combined image here - add dry-run flag to repart invocation
+ verityRepart = import (pkgs.path + "/nixos/lib/eval-config.nix") {
+ inherit lib pkgs;
+ system = null;
+ modules = [
+ (
+ { modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/image/repart.nix") ];
+ image.repart = {
+ name = "verity";
+ split = true;
+ mkfsOptions = lib.mkIf config.image.compress {
+ erofs = [
+ "-zlz4hc,level=12"
+ "-Efragments,dedupe,ztailpacking"
+ ];
+ };
+ partitions = initialPartitions;
+ };
+ }
+ )
+ ];
+ };
+
+ rootPart = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.root.raw";
+ verityPart = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.verity.raw";
+
+ verityImgAttrs = builtins.fromJSON (
+ builtins.readFile "${verityRepart.config.system.build.image}/repart-output.json"
+ );
+ rootAttrs = builtins.elemAt verityImgAttrs 0;
+ verityAttrs = builtins.elemAt verityImgAttrs 1;
+
+ rootUuid = rootAttrs.uuid;
+ verityUuid = verityAttrs.uuid;
+ verityRootHash = rootAttrs.roothash;
+
+ finalPartitions = {
+ "10-esp" = {
+ contents = {
+ "/EFI/BOOT/BOOT${lib.toUpper efiArch}.EFI".source = "${pkgs.systemdUkify}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
+ "/EFI/Linux/${config.system.boot.loader.ukiFile}".source = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
+ "/default-ssh-authorized-keys.txt" = lib.mkIf config.system.image.sshKeys.enable {
+ source = pkgs.writeText "ssh-keys" (lib.concatStringsSep "\n" config.system.image.sshKeys.keys);
+ };
+ };
+ repartConfig = {
+ Type = "esp";
+ Format = "vfat";
+ SizeMinBytes = "96M";
+ SizeMaxBytes = "96M";
+ SplitName = "-";
+ };
+ };
+ "20-root-verity-a" = {
+ repartConfig = {
+ Type = "root-verity";
+ Label = "verity-${config.system.image.version}";
+ CopyBlocks = "${verityPart}";
+ SplitName = "-";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ UUID = "${verityUuid}";
+ ReadOnly = 1;
+ };
+ };
+ # TODO: Add signature partition for systemd-nspawn
+ "22-root-a" = {
+ repartConfig = {
+ Type = "root";
+ Label = "root-${config.system.image.version}";
+ CopyBlocks = "${rootPart}";
+ SplitName = "-";
+ UUID = "${rootUuid}";
+ ReadOnly = 1;
+ };
+ };
+ };
+
+ finalRepart = import (pkgs.path + "/nixos/lib/eval-config.nix") {
+ inherit lib pkgs;
+ system = null;
+ modules = [
+ (
+ { modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/image/repart.nix") ];
+ image.repart = {
+ name = "${config.system.image.id}";
+ partitions = finalPartitions;
+ };
+ }
+ )
+ ];
+ };
+
+in
+{
+
+ options.image.compress = lib.mkEnableOption "image compression" // {
+ default = true;
+ };
+
+ config.system.build = {
+ inherit verityRootHash;
+
+ image =
+ (pkgs.linkFarm "image-release" [
+ {
+ name = "${config.system.image.id}_${config.system.image.version}.efi";
+ path = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
+ }
+ {
+ name = "${config.system.image.id}_${config.system.image.version}_${verityUuid}.verity";
+ path = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.verity.raw";
+ }
+ {
+ name = "${config.system.image.id}_${config.system.image.version}_${rootUuid}.root";
+ path = "${verityRepart.config.system.build.image}/${verityRepart.config.image.repart.imageFileBasename}.root.raw";
+ }
+ {
+ name = "${config.system.image.id}_${config.system.image.version}.img";
+ path = "${finalRepart.config.system.build.image}/${finalRepart.config.image.repart.imageFileBasename}.raw";
+ }
+ ])
+ // {
+ imageFile = "${config.system.image.id}_${config.system.image.version}.img";
+ };
+
+ };
+
+}
diff --git a/modules/image/disk/default.nix b/modules/image/disk/default.nix
new file mode 100644
index 0000000..2862e18
--- /dev/null
+++ b/modules/image/disk/default.nix
@@ -0,0 +1,128 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+
+ imports = [
+ ./updater.nix
+ ./ssh.nix
+ ./builder.nix
+ ./veritysetup.nix
+ ];
+
+ system.build.updatePackage = pkgs.runCommand "update-package" { } ''
+ mkdir "$out"
+ cd "$out"
+ cp "${config.system.build.image}"/* .
+ ${pkgs.coreutils}/bin/sha256sum * > SHA256SUMS
+ '';
+
+ boot.initrd.systemd.enable = true;
+
+ boot.initrd.systemd.repart.enable = true;
+ systemd.repart.partitions = {
+ "10-esp" = {
+ Type = "esp";
+ Format = "vfat";
+ SizeMinBytes = "96M";
+ SizeMaxBytes = "96M";
+ };
+ "20-root-verity-a" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ };
+ "22-root-a" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ };
+ "30-root-verity-b" = {
+ Type = "root-verity";
+ SizeMinBytes = "64M";
+ SizeMaxBytes = "64M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "32-root-b" = {
+ Type = "root";
+ SizeMinBytes = "512M";
+ SizeMaxBytes = "512M";
+ Label = "_empty";
+ ReadOnly = 1;
+ };
+ "40-home" = {
+ Type = "home";
+ Format = "btrfs";
+ SizeMinBytes = "512M";
+ Encrypt = "tpm2";
+ };
+ };
+
+ boot.initrd.compressor = "zstd";
+ boot.initrd.compressorArgs = [ "-8" ];
+
+ boot.loader.grub.enable = false;
+
+ boot.initrd.luks.forceLuksSupportInInitrd = true;
+ boot.initrd.kernelModules = [
+ "dm_mod"
+ "dm_crypt"
+ ] ++ config.boot.initrd.luks.cryptoModules;
+
+ boot.initrd.supportedFilesystems = {
+ btrfs = true;
+ erofs = true;
+ };
+
+ system.etc.overlay.mutable = false;
+ users.mutableUsers = false;
+
+ boot.initrd.systemd.services.systemd-repart.after = lib.mkForce [ "sysroot.mount" ];
+ boot.initrd.systemd.services.systemd-repart.requires = [ "sysroot.mount" ];
+
+ boot.kernelParams = [
+ "rootfstype=erofs"
+ "rootflags=ro"
+ "roothash=${config.system.build.verityRootHash}"
+ ];
+
+ fileSystems."/var" = {
+ fsType = "tmpfs";
+ options = [ "mode=0755" ];
+ };
+
+ # Required to mount the efi partition
+ boot.kernelModules = [
+ "vfat"
+ "nls_cp437"
+ "nls_iso8859-1"
+ ];
+
+ # Store SSH host keys on /home since /etc is read-only
+ services.openssh.hostKeys = [
+ {
+ path = "/home/.ssh/ssh_host_ed25519_key";
+ type = "ed25519";
+ }
+ ];
+
+ environment.etc."machine-id" = {
+ text = "";
+ mode = "0755";
+ };
+
+ boot.initrd.systemd.services.systemd-repart.serviceConfig.Environment = [
+ "SYSTEMD_REPART_MKFS_OPTIONS_BTRFS=--nodiscard"
+ ];
+
+ # Refuse to boot on mount failure
+ systemd.targets."sysinit".requires = [ "local-fs.target" ];
+
+ # Make sure home gets mounted
+ systemd.targets."local-fs".requires = [ "home.mount" ];
+
+}
diff --git a/modules/image/disk/ssh.nix b/modules/image/disk/ssh.nix
new file mode 100644
index 0000000..3f6b3c4
--- /dev/null
+++ b/modules/image/disk/ssh.nix
@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+{
+ options.system.image.sshKeys = {
+ enable = lib.mkEnableOption "provisioning of default SSH keys from ESP";
+ keys = lib.mkOption {
+ type = lib.types.listOf lib.types.singleLineStr;
+ default = [ ];
+ };
+ };
+
+ config = lib.mkIf config.system.image.sshKeys.enable {
+
+ assertions = [
+ {
+ assertion = config.services.openssh.enable;
+ message = "OpenSSH must be enabled to preseed authorized keys";
+ }
+ ];
+
+ systemd.services."default-ssh-keys" = {
+ script = ''
+ mkdir -p /home/admin/.ssh/
+ cat /efi/default-ssh-authorized-keys.txt >> /home/admin/.ssh/authorized_keys
+ '';
+ wantedBy = [
+ "sshd.service"
+ "sshd.socket"
+ ];
+ unitConfig = {
+ ConditionPathExists = [
+ "/home/admin"
+ "!/home/admin/.ssh/authorized_keys"
+ "/efi/default-ssh-authorized-keys.txt"
+ ];
+ };
+ };
+
+ };
+
+}
diff --git a/modules/image/disk/updater.nix b/modules/image/disk/updater.nix
new file mode 100644
index 0000000..adce617
--- /dev/null
+++ b/modules/image/disk/updater.nix
@@ -0,0 +1,86 @@
+{ config, lib, ... }: {
+
+ options.system.image.updates = {
+ enable = lib.mkEnableOption "system updates via systemd-sysupdate" // {
+ default = config.system.image.updates.url != null;
+ };
+ url = lib.mkOption {
+ type = lib.types.nullOr lib.types.str;
+ default = null;
+ };
+ };
+
+ config = lib.mkIf config.system.image.updates.enable {
+
+ assertions = [
+ { assertion = config.system.image.updates.url != null; }
+ ];
+
+ systemd.sysupdate.enable = true;
+ systemd.sysupdate.reboot.enable = lib.mkDefault true;
+
+ systemd.sysupdate.transfers = {
+ "10-uki" = {
+ Transfer = {
+ Verify = "no";
+ };
+ Source = {
+ Type = "url-file";
+ Path = "${config.system.image.updates.url}";
+ MatchPattern = "${config.boot.uki.name}_@v.efi";
+ };
+ Target = {
+ Type = "regular-file";
+ Path = "/EFI/Linux";
+ PathRelativeTo = "esp";
+ MatchPattern = "${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi";
+ Mode = "0444";
+ TriesLeft = 3;
+ TriesDone = 0;
+ InstancesMax = 2;
+ };
+ };
+ "20-root-verity" = {
+ Transfer = {
+ Verify = "no";
+ };
+ Source = {
+ Type = "url-file";
+ Path = "${config.system.image.updates.url}";
+ MatchPattern = "${config.system.image.id}_@v_@u.verity";
+ };
+ Target = {
+ Type = "partition";
+ Path = "auto";
+ MatchPattern = "verity-@v";
+ MatchPartitionType = "root-verity";
+ ReadOnly = 1;
+ };
+ };
+ "22-root" = {
+ Transfer = {
+ Verify = "no";
+ };
+ Source = {
+ Type = "url-file";
+ Path = "${config.system.image.updates.url}";
+ MatchPattern = "${config.system.image.id}_@v_@u.root";
+ };
+ Target = {
+ Type = "partition";
+ Path = "auto";
+ MatchPattern = "root-@v";
+ MatchPartitionType = "root";
+ ReadOnly = 1;
+ };
+ };
+ };
+
+ systemd.additionalUpstreamSystemUnits = [
+ "systemd-bless-boot.service"
+ "boot-complete.target"
+ ];
+
+ };
+
+}
diff --git a/modules/image/disk/veritysetup.nix b/modules/image/disk/veritysetup.nix
new file mode 100644
index 0000000..1505b45
--- /dev/null
+++ b/modules/image/disk/veritysetup.nix
@@ -0,0 +1,39 @@
+{ config, lib, ... }:
+{
+
+ options.boot.initrd.systemd.root = lib.mkOption {
+ type = lib.types.enum [
+ "fstab"
+ "gpt-auto"
+ ""
+ ];
+ };
+
+ config.boot.initrd = {
+
+ kernelModules = [
+ "dm_mod"
+ "dm_verity"
+ ];
+
+ systemd = {
+
+ # Required to activate systemd-fstab-generator
+ root = "";
+
+ additionalUpstreamUnits = [
+ "veritysetup-pre.target"
+ "veritysetup.target"
+ "remote-veritysetup.target"
+ ];
+
+ storePaths = [
+ "${config.boot.initrd.systemd.package}/lib/systemd/systemd-veritysetup"
+ "${config.boot.initrd.systemd.package}/lib/systemd/system-generators/systemd-veritysetup-generator"
+ ];
+
+ };
+
+ };
+
+}
diff --git a/modules/kernel/default.nix b/modules/kernel/default.nix
deleted file mode 100644
index f41ee79..0000000
--- a/modules/kernel/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-{
- boot.kernelPackages =
- let
- version = "6.11.2";
- in
- pkgs.linuxPackagesFor (
- pkgs.linuxManualConfig {
- version = "${version}-patos1";
- modDirVersion = version;
- src = pkgs.fetchurl {
- url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${version}.tar.xz";
- sha256 = "ec9ef7a0b9cebb55940e1ef87a1f9e1004b10456a119dc386bb3e565b0d39c42";
- };
- configfile = ./generic.config;
- allowImportFromDerivation = true;
- }
- );
-}
diff --git a/modules/kernel/generic.config b/modules/kernel/generic.config
deleted file mode 100644
index 2073cdf..0000000
--- a/modules/kernel/generic.config
+++ /dev/null
@@ -1,2521 +0,0 @@
-CONFIG_64BIT=y
-CONFIG_ACPI_AC=y
-CONFIG_ACPI_BATTERY=y
-CONFIG_ACPI_BUTTON=y
-CONFIG_ACPI_CONTAINER=y
-CONFIG_ACPI_CPPC_LIB=y
-CONFIG_ACPI_CPU_FREQ_PSS=y
-CONFIG_ACPI_FAN=y
-CONFIG_ACPI_HOTPLUG_CPU=y
-CONFIG_ACPI_HOTPLUG_IOAPIC=y
-CONFIG_ACPI_I2C_OPREGION=y
-CONFIG_ACPI_IPMI=y
-CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
-CONFIG_ACPI_LPIT=y
-CONFIG_ACPI_MDIO=y
-CONFIG_ACPI_NUMA=y
-CONFIG_ACPI_PCC=y
-CONFIG_ACPI_PRMT=y
-CONFIG_ACPI_PROCESSOR_CSTATE=y
-CONFIG_ACPI_PROCESSOR_IDLE=y
-CONFIG_ACPI_PROCESSOR=y
-CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
-CONFIG_ACPI_SLEEP=y
-CONFIG_ACPI_SPCR_TABLE=y
-CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
-CONFIG_ACPI_TABLE_UPGRADE=y
-CONFIG_ACPI_THERMAL=y
-CONFIG_ACPI_VIDEO=y
-CONFIG_ACPI_WATCHDOG=y
-CONFIG_ACPI_WMI=y
-CONFIG_ACPI=y
-CONFIG_ADDRESS_MASKING=y
-CONFIG_ADVISE_SYSCALLS=y
-CONFIG_AF_UNIX_OOB=y
-CONFIG_AIO=y
-CONFIG_ALLOW_DEV_COREDUMP=y
-CONFIG_ALX=m
-CONFIG_AMD_IOMMU_V2=y
-CONFIG_AMD_IOMMU=y
-CONFIG_AMD_NB=y
-CONFIG_AMD_NUMA=y
-CONFIG_AMD_PMC=m
-CONFIG_APERTURE_HELPERS=y
-CONFIG_AQTION=m
-CONFIG_ARCH_CLOCKSOURCE_INIT=y
-CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y
-CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y
-CONFIG_ARCH_CPUIDLE_HALTPOLL=y
-CONFIG_ARCH_DMA_ADDR_T_64BIT=y
-CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y
-CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
-CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
-CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y
-CONFIG_ARCH_HAS_ADD_PAGES=y
-CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
-CONFIG_ARCH_HAS_COPY_MC=y
-CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y
-CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y
-CONFIG_ARCH_HAS_CPU_RELAX=y
-CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y
-CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
-CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y
-CONFIG_ARCH_HAS_DEBUG_WX=y
-CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
-CONFIG_ARCH_HAS_ELFCORE_COMPAT=y
-CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
-CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
-CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
-CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
-CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
-CONFIG_ARCH_HAS_KCOV=y
-CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
-CONFIG_ARCH_HAS_MEM_ENCRYPT=y
-CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y
-CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y
-CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y
-CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y
-CONFIG_ARCH_HAS_PKEYS=y
-CONFIG_ARCH_HAS_PMEM_API=y
-CONFIG_ARCH_HAS_PTE_DEVMAP=y
-CONFIG_ARCH_HAS_PTE_SPECIAL=y
-CONFIG_ARCH_HAS_SET_DIRECT_MAP=y
-CONFIG_ARCH_HAS_SET_MEMORY=y
-CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
-CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
-CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y
-CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y
-CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
-CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
-CONFIG_ARCH_HAS_ZONE_DMA_SET=y
-CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
-CONFIG_ARCH_HIBERNATION_POSSIBLE=y
-CONFIG_ARCH_MAY_HAVE_PC_FDC=y
-CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y
-CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
-CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
-CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
-CONFIG_ARCH_MMAP_RND_BITS=28
-CONFIG_ARCH_MMAP_RND_BITS_MAX=32
-CONFIG_ARCH_MMAP_RND_BITS_MIN=28
-CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8
-CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
-CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
-CONFIG_ARCH_SELECTS_KEXEC_FILE=y
-CONFIG_ARCH_SPARSEMEM_DEFAULT=y
-CONFIG_ARCH_SPARSEMEM_ENABLE=y
-CONFIG_ARCH_STACKWALK=y
-CONFIG_ARCH_SUPPORTS_ACPI=y
-CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
-CONFIG_ARCH_SUPPORTS_CFI_CLANG=y
-CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y
-CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y
-CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
-CONFIG_ARCH_SUPPORTS_INT128=y
-CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y
-CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y
-CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y
-CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y
-CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y
-CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y
-CONFIG_ARCH_SUPPORTS_KEXEC=y
-CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
-CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y
-CONFIG_ARCH_SUPPORTS_LTO_CLANG=y
-CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
-CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
-CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y
-CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y
-CONFIG_ARCH_SUPPORTS_UPROBES=y
-CONFIG_ARCH_SUSPEND_POSSIBLE=y
-CONFIG_ARCH_USE_BUILTIN_BSWAP=y
-CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
-CONFIG_ARCH_USE_MEMREMAP_PROT=y
-CONFIG_ARCH_USE_MEMTEST=y
-CONFIG_ARCH_USE_QUEUED_RWLOCKS=y
-CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y
-CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
-CONFIG_ARCH_USES_PG_UNCACHED=y
-CONFIG_ARCH_USE_SYM_ANNOTATIONS=y
-CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
-CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
-CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
-CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
-CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
-CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y
-CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
-CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y
-CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y
-CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
-CONFIG_ARCH_WANTS_NO_INSTR=y
-CONFIG_ARCH_WANTS_THP_SWAP=y
-CONFIG_AS_AVX512=y
-CONFIG_AS_GFNI=y
-CONFIG_AS_HAS_NON_CONST_LEB128=y
-CONFIG_AS_IS_GNU=y
-CONFIG_ASM_MODVERSIONS=y
-CONFIG_ASN1=y
-CONFIG_AS_SHA1_NI=y
-CONFIG_AS_SHA256_NI=y
-CONFIG_ASSOCIATIVE_ARRAY=y
-CONFIG_AS_TPAUSE=y
-CONFIG_AS_VERSION=24200
-CONFIG_AS_WRUSS=y
-CONFIG_ASYMMETRIC_KEY_TYPE=y
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
-CONFIG_ASYNC_CORE=m
-CONFIG_ASYNC_MEMCPY=m
-CONFIG_ASYNC_PQ=m
-CONFIG_ASYNC_RAID6_RECOV=m
-CONFIG_ASYNC_XOR=m
-CONFIG_ATA_ACPI=y
-CONFIG_ATA_BMDMA=y
-CONFIG_ATA_FORCE=y
-CONFIG_ATA_PIIX=y
-CONFIG_ATA_SFF=y
-CONFIG_ATA_VERBOSE_ERROR=y
-CONFIG_ATA=y
-CONFIG_ATM_DRIVERS=y
-CONFIG_ATM=y
-CONFIG_AUDIT_ARCH=y
-CONFIG_AUDITSYSCALL=y
-CONFIG_AUDIT=y
-CONFIG_AUTOFS_FS=y
-CONFIG_AUXILIARY_BUS=y
-CONFIG_AX88796B_PHY=m
-CONFIG_BACKLIGHT_CLASS_DEVICE=y
-CONFIG_BALLOON_COMPACTION=y
-CONFIG_BASE_FULL=y
-CONFIG_BASE_SMALL=0
-CONFIG_BCMA_POSSIBLE=y
-CONFIG_BE2NET_BE2=y
-CONFIG_BE2NET_BE3=y
-CONFIG_BE2NET_HWMON=y
-CONFIG_BE2NET_LANCER=y
-CONFIG_BE2NET=m
-CONFIG_BE2NET_SKYHAWK=y
-CONFIG_BFQ_GROUP_IOSCHED=y
-CONFIG_BINARY_PRINTF=y
-CONFIG_BINFMT_ELF=y
-CONFIG_BINFMT_MISC=m
-CONFIG_BINFMT_SCRIPT=y
-CONFIG_BITREVERSE=y
-CONFIG_BLK_CGROUP_PUNT_BIO=y
-CONFIG_BLK_CGROUP_RWSTAT=y
-CONFIG_BLK_CGROUP=y
-CONFIG_BLK_DEBUG_FS=y
-CONFIG_BLK_DEV_BSG_COMMON=y
-CONFIG_BLK_DEV_BSGLIB=y
-CONFIG_BLK_DEV_BSG=y
-CONFIG_BLK_DEV_DM_BUILTIN=y
-CONFIG_BLK_DEV_DM=y
-CONFIG_BLK_DEV_INITRD=y
-CONFIG_BLK_DEV_IO_TRACE=y
-CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
-CONFIG_BLK_DEV_LOOP=y
-CONFIG_BLK_DEV_MD=y
-CONFIG_BLK_DEV_NBD=m
-CONFIG_BLK_DEV_NVME=m
-CONFIG_BLK_DEV_RBD=y
-CONFIG_BLK_DEV_SD=y
-CONFIG_BLK_DEV_SR=y
-CONFIG_BLK_DEV_THROTTLING=y
-CONFIG_BLK_DEV=y
-CONFIG_BLK_ICQ=y
-CONFIG_BLK_MQ_PCI=y
-CONFIG_BLK_MQ_STACKING=y
-CONFIG_BLK_MQ_VIRTIO=y
-CONFIG_BLK_PM=y
-CONFIG_BLOCK_HOLDER_DEPRECATED=y
-CONFIG_BLOCK_LEGACY_AUTOLOAD=y
-CONFIG_BLOCK=y
-CONFIG_BNX2=m
-CONFIG_BNX2X=m
-CONFIG_BNX2X_SRIOV=y
-CONFIG_BNXT_FLOWER_OFFLOAD=y
-CONFIG_BNXT_HWMON=y
-CONFIG_BNXT=m
-CONFIG_BNXT_SRIOV=y
-CONFIG_BONDING=y
-CONFIG_BOOT_VESA_SUPPORT=y
-CONFIG_BPF_EVENTS=y
-CONFIG_BPF_JIT_ALWAYS_ON=y
-CONFIG_BPF_JIT_DEFAULT_ON=y
-CONFIG_BPF_JIT=y
-CONFIG_BPF_LSM=y
-CONFIG_BPF_STREAM_PARSER=y
-CONFIG_BPF_SYSCALL=y
-CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
-CONFIG_BPF=y
-CONFIG_BQL=y
-CONFIG_BRANCH_PROFILE_NONE=y
-CONFIG_BRIDGE_EBT_802_3=y
-CONFIG_BRIDGE_EBT_AMONG=y
-CONFIG_BRIDGE_EBT_ARPREPLY=y
-CONFIG_BRIDGE_EBT_ARP=y
-CONFIG_BRIDGE_EBT_BROUTE=y
-CONFIG_BRIDGE_EBT_DNAT=y
-CONFIG_BRIDGE_EBT_IP6=y
-CONFIG_BRIDGE_EBT_IP=y
-CONFIG_BRIDGE_EBT_LIMIT=y
-CONFIG_BRIDGE_EBT_LOG=y
-CONFIG_BRIDGE_EBT_MARK_T=y
-CONFIG_BRIDGE_EBT_MARK=y
-CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BRIDGE_EBT_PKTTYPE=y
-CONFIG_BRIDGE_EBT_REDIRECT=y
-CONFIG_BRIDGE_EBT_SNAT=y
-CONFIG_BRIDGE_EBT_STP=y
-CONFIG_BRIDGE_EBT_T_FILTER=y
-CONFIG_BRIDGE_EBT_T_NAT=y
-CONFIG_BRIDGE_EBT_VLAN=y
-CONFIG_BRIDGE_IGMP_SNOOPING=y
-CONFIG_BRIDGE_NETFILTER=y
-CONFIG_BRIDGE_NF_EBTABLES=y
-CONFIG_BRIDGE_VLAN_FILTERING=y
-CONFIG_BRIDGE=y
-CONFIG_BSD_DISKLABEL=y
-CONFIG_BSD_PROCESS_ACCT=y
-CONFIG_BTRFS_FS=m
-CONFIG_BTRFS_FS_POSIX_ACL=y
-CONFIG_BUFFER_HEAD=y
-CONFIG_BUG_ON_DATA_CORRUPTION=y
-CONFIG_BUG=y
-CONFIG_BUILD_SALT=""
-CONFIG_BUILDTIME_MCOUNT_SORT=y
-CONFIG_BUILDTIME_TABLE_SORT=y
-CONFIG_CACHESTAT_SYSCALL=y
-CONFIG_CALL_DEPTH_TRACKING=y
-CONFIG_CALL_PADDING=y
-CONFIG_CALL_THUNKS=y
-CONFIG_CAVIUM_PTP=m
-CONFIG_CC10001_ADC=m
-CONFIG_CC_CAN_LINK=y
-CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
-CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
-CONFIG_CC_HAS_ASM_INLINE=y
-CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
-CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y
-CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y
-CONFIG_CC_HAS_ENTRY_PADDING=y
-CONFIG_CC_HAS_IBT=y
-CONFIG_CC_HAS_INT128=y
-CONFIG_CC_HAS_KASAN_GENERIC=y
-CONFIG_CC_HAS_NAMED_AS_FIXED_SANITIZERS=y
-CONFIG_CC_HAS_NAMED_AS=y
-CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
-CONFIG_CC_HAS_RETURN_THUNK=y
-CONFIG_CC_HAS_SANCOV_TRACE_PC=y
-CONFIG_CC_HAS_SANE_STACKPROTECTOR=y
-CONFIG_CC_HAS_SLS=y
-CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
-CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y
-CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
-CONFIG_CC_IS_GCC=y
-CONFIG_CC_NO_ARRAY_BOUNDS=y
-CONFIG_CC_NO_STRINGOP_OVERFLOW=y
-CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
-CONFIG_CCS811=m
-CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.3.0"
-CONFIG_CDROM=y
-CONFIG_CEPH_FS_POSIX_ACL=y
-CONFIG_CEPH_FS=y
-CONFIG_CEPH_LIB=y
-CONFIG_CFS_BANDWIDTH=y
-CONFIG_CGROUP_BPF=y
-CONFIG_CGROUP_CPUACCT=y
-CONFIG_CGROUP_DEVICE=y
-CONFIG_CGROUP_FREEZER=y
-CONFIG_CGROUP_HUGETLB=y
-CONFIG_CGROUP_MISC=y
-CONFIG_CGROUP_NET_CLASSID=y
-CONFIG_CGROUP_NET_PRIO=y
-CONFIG_CGROUP_PERF=y
-CONFIG_CGROUP_PIDS=y
-CONFIG_CGROUP_SCHED=y
-CONFIG_CGROUPS=y
-CONFIG_CGROUP_WRITEBACK=y
-CONFIG_CHECK_SIGNATURE=y
-CONFIG_CHELSIO_INLINE_CRYPTO=y
-CONFIG_CHELSIO_IPSEC_INLINE=m
-CONFIG_CHELSIO_T1=m
-CONFIG_CHELSIO_T3=m
-CONFIG_CHELSIO_T4=m
-CONFIG_CHELSIO_T4VF=m
-CONFIG_CHR_DEV_SG=y
-CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
-CONFIG_CIFS_DEBUG=y
-CONFIG_CIFS_DFS_UPCALL=y
-CONFIG_CIFS_UPCALL=y
-CONFIG_CIFS_XATTR=y
-CONFIG_CIFS=y
-CONFIG_CLANG_VERSION=0
-CONFIG_CLKBLD_I8253=y
-CONFIG_CLKEVT_I8253=y
-CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
-CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100
-CONFIG_CLOCKSOURCE_WATCHDOG=y
-CONFIG_CLZ_TAB=y
-CONFIG_COMMON_CLK=y
-CONFIG_COMPACTION=y
-CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1
-CONFIG_COMPAT_32BIT_TIME=y
-CONFIG_COMPAT_32=y
-CONFIG_COMPAT_BINFMT_ELF=y
-CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
-CONFIG_COMPAT_OLD_SIGACTION=y
-CONFIG_COMPAT=y
-CONFIG_CONFIGFS_FS=y
-CONFIG_CONNECTOR=y
-CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7
-CONFIG_CONSOLE_LOGLEVEL_QUIET=4
-CONFIG_CONSOLE_TRANSLATIONS=y
-CONFIG_CONTEXT_SWITCH_TRACER=y
-CONFIG_CONTEXT_TRACKING_IDLE=y
-CONFIG_CONTEXT_TRACKING=y
-CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
-CONFIG_COREDUMP=y
-CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL=y
-CONFIG_CPU_FREQ_GOV_ATTR_SET=y
-CONFIG_CPU_FREQ_GOV_COMMON=y
-CONFIG_CPU_FREQ_GOV_ONDEMAND=y
-CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
-CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y
-CONFIG_CPU_FREQ_GOV_USERSPACE=y
-CONFIG_CPU_FREQ=y
-CONFIG_CPU_IBPB_ENTRY=y
-CONFIG_CPU_IBRS_ENTRY=y
-CONFIG_CPU_IDLE_GOV_HALTPOLL=y
-CONFIG_CPU_IDLE_GOV_MENU=y
-CONFIG_CPU_IDLE=y
-CONFIG_CPU_ISOLATION=y
-CONFIG_CPU_MITIGATIONS=y
-CONFIG_CPU_RMAP=y
-CONFIG_CPUSETS=y
-CONFIG_CPU_SRSO=y
-CONFIG_CPU_SUP_AMD=y
-CONFIG_CPU_SUP_CENTAUR=y
-CONFIG_CPU_SUP_HYGON=y
-CONFIG_CPU_SUP_INTEL=y
-CONFIG_CPU_SUP_ZHAOXIN=y
-CONFIG_CPU_UNRET_ENTRY=y
-CONFIG_CRASH_CORE=y
-CONFIG_CRASH_DUMP=y
-CONFIG_CRASH_HOTPLUG=y
-CONFIG_CRASH_MAX_MEMORY_RANGES=8192
-CONFIG_CRC16=y
-CONFIG_CRC32_SLICEBY8=y
-CONFIG_CRC32=y
-CONFIG_CRC8=y
-CONFIG_CRC_CCITT=y
-CONFIG_CRC_ITU_T=y
-CONFIG_CROSS_MEMORY_ATTACH=y
-CONFIG_CRYPTO_ACOMP2=y
-CONFIG_CRYPTO_ADIANTUM=y
-CONFIG_CRYPTO_AEAD2=y
-CONFIG_CRYPTO_AEAD=y
-CONFIG_CRYPTO_AES_NI_INTEL=y
-CONFIG_CRYPTO_AES=y
-CONFIG_CRYPTO_AKCIPHER2=y
-CONFIG_CRYPTO_AKCIPHER=y
-CONFIG_CRYPTO_ALGAPI2=y
-CONFIG_CRYPTO_ALGAPI=y
-CONFIG_CRYPTO_ARC4=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
-CONFIG_CRYPTO_AUTHENC=y
-CONFIG_CRYPTO_BLAKE2B=m
-CONFIG_CRYPTO_BLAKE2S_X86=y
-CONFIG_CRYPTO_CBC=y
-CONFIG_CRYPTO_CCM=y
-CONFIG_CRYPTO_CHACHA20_X86_64=y
-CONFIG_CRYPTO_CHACHA20=y
-CONFIG_CRYPTO_CMAC=y
-CONFIG_CRYPTO_CRC32C=y
-CONFIG_CRYPTO_CRC32C_INTEL=y
-CONFIG_CRYPTO_CRC32=y
-CONFIG_CRYPTO_CRYPTD=y
-CONFIG_CRYPTO_CTR=y
-CONFIG_CRYPTO_CURVE25519_X86=y
-CONFIG_CRYPTO_DEFLATE=y
-CONFIG_CRYPTO_DES=y
-CONFIG_CRYPTO_DEV_VIRTIO=y
-CONFIG_CRYPTO_DH_RFC7919_GROUPS=y
-CONFIG_CRYPTO_DH=y
-CONFIG_CRYPTO_DRBG_HMAC=y
-CONFIG_CRYPTO_DRBG_MENU=y
-CONFIG_CRYPTO_DRBG=y
-CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_ECHAINIV=y
-CONFIG_CRYPTO_ENGINE=y
-CONFIG_CRYPTO_ESSIV=y
-CONFIG_CRYPTO_GCM=y
-CONFIG_CRYPTO_GENIV=y
-CONFIG_CRYPTO_GHASH=y
-CONFIG_CRYPTO_HASH2=y
-CONFIG_CRYPTO_HASH_INFO=y
-CONFIG_CRYPTO_HASH=y
-CONFIG_CRYPTO_HMAC=y
-CONFIG_CRYPTO_HW=y
-CONFIG_CRYPTO_JITTERENTROPY=y
-CONFIG_CRYPTO_KPP2=y
-CONFIG_CRYPTO_KPP=y
-CONFIG_CRYPTO_LIB_AES=y
-CONFIG_CRYPTO_LIB_ARC4=y
-CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y
-CONFIG_CRYPTO_LIB_CHACHA20POLY1305=y
-CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y
-CONFIG_CRYPTO_LIB_CHACHA=y
-CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y
-CONFIG_CRYPTO_LIB_CURVE25519=y
-CONFIG_CRYPTO_LIB_DES=y
-CONFIG_CRYPTO_LIB_GF128MUL=y
-CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
-CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
-CONFIG_CRYPTO_LIB_POLY1305=y
-CONFIG_CRYPTO_LIB_SHA1=y
-CONFIG_CRYPTO_LIB_SHA256=y
-CONFIG_CRYPTO_LIB_UTILS=y
-CONFIG_CRYPTO_LZO=y
-CONFIG_CRYPTO_MANAGER2=y
-CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
-CONFIG_CRYPTO_MANAGER=y
-CONFIG_CRYPTO_MD4=y
-CONFIG_CRYPTO_MD5=y
-CONFIG_CRYPTO_NHPOLY1305_AVX2=y
-CONFIG_CRYPTO_NHPOLY1305_SSE2=y
-CONFIG_CRYPTO_NHPOLY1305=y
-CONFIG_CRYPTO_NULL2=y
-CONFIG_CRYPTO_NULL=y
-CONFIG_CRYPTO_POLY1305_X86_64=y
-CONFIG_CRYPTO_RNG2=y
-CONFIG_CRYPTO_RNG_DEFAULT=y
-CONFIG_CRYPTO_RNG=y
-CONFIG_CRYPTO_RSA=y
-CONFIG_CRYPTO_SEQIV=y
-CONFIG_CRYPTO_SHA1=y
-CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA3=y
-CONFIG_CRYPTO_SHA512=y
-CONFIG_CRYPTO_SIG2=y
-CONFIG_CRYPTO_SIG=y
-CONFIG_CRYPTO_SIMD=y
-CONFIG_CRYPTO_SKCIPHER2=y
-CONFIG_CRYPTO_SKCIPHER=y
-CONFIG_CRYPTO_USER_API_AEAD=y
-CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
-CONFIG_CRYPTO_USER_API_HASH=y
-CONFIG_CRYPTO_USER_API_SKCIPHER=y
-CONFIG_CRYPTO_USER_API=y
-CONFIG_CRYPTO_XTS=y
-CONFIG_CRYPTO_XXHASH=m
-CONFIG_CRYPTO=y
-CONFIG_CRYPTO_ZSTD=m
-CONFIG_DAX=y
-CONFIG_DCACHE_WORD_ACCESS=y
-CONFIG_DCA=y
-CONFIG_DCB=y
-CONFIG_DEBUG_BOOT_PARAMS=y
-CONFIG_DEBUG_BUGVERBOSE=y
-CONFIG_DEBUG_ENTRY=y
-CONFIG_DEBUG_FS_ALLOW_ALL=y
-CONFIG_DEBUG_FS=y
-CONFIG_DEBUG_INFO_BTF_MODULES=y
-CONFIG_DEBUG_INFO_BTF=y
-CONFIG_DEBUG_INFO_COMPRESSED_NONE=y
-CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
-CONFIG_DEBUG_INFO=y
-CONFIG_DEBUG_KERNEL=y
-CONFIG_DEBUG_LIST=y
-CONFIG_DEBUG_MISC=y
-CONFIG_DEBUG_WX=y
-CONFIG_DECOMPRESS_BZIP2=y
-CONFIG_DECOMPRESS_GZIP=y
-CONFIG_DECOMPRESS_LZ4=y
-CONFIG_DECOMPRESS_LZMA=y
-CONFIG_DECOMPRESS_LZO=y
-CONFIG_DECOMPRESS_XZ=y
-CONFIG_DECOMPRESS_ZSTD=y
-CONFIG_DEFAULT_CUBIC=y
-CONFIG_DEFAULT_FQ_CODEL=y
-CONFIG_DEFAULT_HOSTNAME="(none)"
-CONFIG_DEFAULT_INIT=""
-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
-CONFIG_DEFAULT_NET_SCH="fq_codel"
-CONFIG_DEFAULT_PFIFO_FAST=y
-CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_DEFAULT_SECURITY_APPARMOR=y
-CONFIG_DEFAULT_TCP_CONG="cubic"
-CONFIG_DEVPORT=y
-CONFIG_DEVTMPFS=y
-CONFIG_DEVTMPFS_MOUNT=y
-CONFIG_DIMLIB=y
-CONFIG_DMA_ACPI=y
-CONFIG_DMADEVICES=y
-CONFIG_DMA_ENGINE_RAID=y
-CONFIG_DMA_ENGINE=y
-CONFIG_DMA_OPS=y
-CONFIG_DMAR_TABLE=y
-CONFIG_DMA_SHARED_BUFFER=y
-CONFIG_DM_AUDIT=y
-CONFIG_DMA_VIRTUAL_CHANNELS=y
-CONFIG_DM_BIO_PRISON=m
-CONFIG_DM_BUFIO=y
-CONFIG_DM_CACHE=m
-CONFIG_DM_CACHE_SMQ=m
-CONFIG_DM_CLONE=m
-CONFIG_DM_CRYPT=y
-CONFIG_DM_DELAY=m
-CONFIG_DM_DUST=m
-CONFIG_DM_EBS=m
-CONFIG_DM_ERA=m
-CONFIG_DM_FLAKEY=m
-CONFIG_DMIID=y
-CONFIG_DM_INTEGRITY=m
-CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
-CONFIG_DMI=y
-CONFIG_DM_LOG_USERSPACE=m
-CONFIG_DM_LOG_WRITES=m
-CONFIG_DM_MIRROR=y
-CONFIG_DM_MULTIPATH_HST=m
-CONFIG_DM_MULTIPATH_IOA=m
-CONFIG_DM_MULTIPATH=m
-CONFIG_DM_MULTIPATH_QL=m
-CONFIG_DM_MULTIPATH_ST=m
-CONFIG_DM_PERSISTENT_DATA=m
-CONFIG_DM_RAID=m
-CONFIG_DM_SNAPSHOT=y
-CONFIG_DM_SWITCH=m
-CONFIG_DM_THIN_PROVISIONING=m
-CONFIG_DM_UNSTRIPED=m
-CONFIG_DM_VDO=m
-CONFIG_DM_VERITY=m
-CONFIG_DM_WRITECACHE=m
-CONFIG_DM_ZERO=y
-CONFIG_DM_ZONED=m
-CONFIG_DNOTIFY=y
-CONFIG_DNS_RESOLVER=y
-CONFIG_DQL=y
-CONFIG_DST_CACHE=y
-CONFIG_DUMMY_CONSOLE_COLUMNS=80
-CONFIG_DUMMY_CONSOLE_ROWS=25
-CONFIG_DUMMY_CONSOLE=y
-CONFIG_DUMMY=y
-CONFIG_DW_DMAC_CORE=y
-CONFIG_DYNAMIC_EVENTS=y
-CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y
-CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
-CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
-CONFIG_DYNAMIC_FTRACE=y
-CONFIG_DYNAMIC_MEMORY_LAYOUT=y
-CONFIG_DYNAMIC_SIGFRAME=y
-CONFIG_E1000E_HWTS=y
-CONFIG_E1000E=m
-CONFIG_E1000=m
-CONFIG_EARLY_PRINTK_DBGP=y
-CONFIG_EARLY_PRINTK_USB=y
-CONFIG_EARLY_PRINTK=y
-CONFIG_ECRYPT_FS=m
-CONFIG_EDAC_ATOMIC_SCRUB=y
-CONFIG_EDAC_DECODE_MCE=y
-CONFIG_EDAC_LEGACY_SYSFS=y
-CONFIG_EDAC_SUPPORT=y
-CONFIG_EDAC=y
-CONFIG_EFI_BOOTLOADER_CONTROL=m
-CONFIG_EFI_CAPSULE_LOADER=m
-CONFIG_EFI_COCO_SECRET=y
-CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
-CONFIG_EFI_DEV_PATH_PARSER=y
-CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
-CONFIG_EFI_EARLYCON=y
-CONFIG_EFI_ESRT=y
-CONFIG_EFI_HANDOVER_PROTOCOL=y
-CONFIG_EFI_MIXED=y
-CONFIG_EFI_PARTITION=y
-CONFIG_EFI_RUNTIME_MAP=y
-CONFIG_EFI_RUNTIME_WRAPPERS=y
-CONFIG_EFI_SECRET=m
-CONFIG_EFI_SOFT_RESERVE=y
-CONFIG_EFI_STUB=y
-CONFIG_EFIVAR_FS=y
-CONFIG_EFI_VARS_PSTORE=m
-CONFIG_EFI=y
-CONFIG_ELF_CORE=y
-CONFIG_ELFCORE=y
-CONFIG_ENA_ETHERNET=y
-CONFIG_ENCLOSURE_SERVICES=y
-CONFIG_ENCRYPTED_KEYS=m
-CONFIG_ENIC=m
-CONFIG_EPOLL=y
-CONFIG_EROFS_FS_POSIX_ACL=y
-CONFIG_EROFS_FS_SECURITY=y
-CONFIG_EROFS_FS_XATTR=y
-CONFIG_EROFS_FS=y
-CONFIG_EROFS_FS_ZIP=y
-CONFIG_EROFS_FS_ZIP_ZSTD=y
-CONFIG_ETHERNET=y
-CONFIG_ETHTOOL_NETLINK=y
-CONFIG_EVENTFD=y
-CONFIG_EVENT_TRACING=y
-CONFIG_EXCLUSIVE_SYSTEM_RAM=y
-CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8"
-CONFIG_EXFAT_FS=m
-CONFIG_EXPERT=y
-CONFIG_EXPORTFS=y
-CONFIG_EXT4_FS_POSIX_ACL=y
-CONFIG_EXT4_FS_SECURITY=y
-CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT2=y
-CONFIG_EXTRA_FIRMWARE=""
-CONFIG_FAILOVER=y
-CONFIG_FAIR_GROUP_SCHED=y
-CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
-CONFIG_FANOTIFY=y
-CONFIG_FAT_DEFAULT_CODEPAGE=437
-CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
-CONFIG_FAT_FS=y
-CONFIG_FHANDLE=y
-CONFIG_FIB_RULES=y
-CONFIG_FILE_LOCKING=y
-CONFIG_FIRMWARE_MEMMAP=y
-CONFIG_FIX_EARLYCON_MEM=y
-CONFIG_FIXED_PHY=y
-CONFIG_FONT_8x16=y
-CONFIG_FONT_SUPPORT=y
-CONFIG_FONTS=y
-CONFIG_FONT_TER16x32=y
-CONFIG_FORCEDETH=y
-CONFIG_FORTIFY_SOURCE=y
-CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
-CONFIG_FRAMEBUFFER_CONSOLE=y
-CONFIG_FRAME_WARN=2048
-CONFIG_FREEZER=y
-CONFIG_FS_ENCRYPTION_ALGS=m
-CONFIG_FS_ENCRYPTION=y
-CONFIG_FS_IOMAP=y
-CONFIG_FS_MBCACHE=y
-CONFIG_FSNOTIFY=y
-CONFIG_FS_POSIX_ACL=y
-CONFIG_FTRACE_MCOUNT_RECORD=y
-CONFIG_FTRACE_MCOUNT_USE_CC=y
-CONFIG_FTRACE_SYSCALLS=y
-CONFIG_FTRACE=y
-CONFIG_FUNCTION_ALIGNMENT=16
-CONFIG_FUNCTION_ALIGNMENT_16B=y
-CONFIG_FUNCTION_ALIGNMENT_4B=y
-CONFIG_FUNCTION_ERROR_INJECTION=y
-CONFIG_FUNCTION_GRAPH_TRACER=y
-CONFIG_FUNCTION_PADDING_BYTES=16
-CONFIG_FUNCTION_PADDING_CFI=11
-CONFIG_FUNCTION_TRACER=y
-CONFIG_FUSE_FS=y
-CONFIG_FUTEX_PI=y
-CONFIG_FUTEX=y
-CONFIG_FW_ATTR_CLASS=m
-CONFIG_FW_CACHE=y
-CONFIG_FW_CFG_SYSFS=m
-CONFIG_FW_CS_DSP=m
-CONFIG_FW_LOADER_COMPRESS=y
-CONFIG_FW_LOADER_COMPRESS_ZSTD=y
-CONFIG_FW_LOADER_DEBUG=y
-CONFIG_FW_LOADER_PAGED_BUF=y
-CONFIG_FW_LOADER_SYSFS=y
-CONFIG_FW_LOADER_USER_HELPER=y
-CONFIG_FW_LOADER=y
-CONFIG_FW_UPLOAD=y
-CONFIG_FWNODE_MDIO=y
-CONFIG_GCC10_NO_ARRAY_BOUNDS=y
-CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y
-CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
-CONFIG_GCC_PLUGIN_STACKLEAK=y
-CONFIG_GCC_PLUGINS=y
-CONFIG_GCC_VERSION=130200
-CONFIG_GENERIC_ALLOCATOR=y
-CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
-CONFIG_GENERIC_BUG=y
-CONFIG_GENERIC_CALIBRATE_DELAY=y
-CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
-CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
-CONFIG_GENERIC_CLOCKEVENTS=y
-CONFIG_GENERIC_CMOS_UPDATE=y
-CONFIG_GENERIC_CPU_AUTOPROBE=y
-CONFIG_GENERIC_CPU_VULNERABILITIES=y
-CONFIG_GENERIC_CPU=y
-CONFIG_GENERIC_EARLY_IOREMAP=y
-CONFIG_GENERIC_ENTRY=y
-CONFIG_GENERIC_GETTIMEOFDAY=y
-CONFIG_GENERIC_IOMAP=y
-CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y
-CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y
-CONFIG_GENERIC_IRQ_MIGRATION=y
-CONFIG_GENERIC_IRQ_PROBE=y
-CONFIG_GENERIC_IRQ_RESERVATION_MODE=y
-CONFIG_GENERIC_IRQ_SHOW=y
-CONFIG_GENERIC_ISA_DMA=y
-CONFIG_GENERIC_MSI_IRQ=y
-CONFIG_GENERIC_NET_UTILS=y
-CONFIG_GENERIC_PCI_IOMAP=y
-CONFIG_GENERIC_PENDING_IRQ=y
-CONFIG_GENERIC_PTDUMP=y
-CONFIG_GENERIC_SMP_IDLE_THREAD=y
-CONFIG_GENERIC_STRNCPY_FROM_USER=y
-CONFIG_GENERIC_STRNLEN_USER=y
-CONFIG_GENERIC_TIME_VSYSCALL=y
-CONFIG_GENERIC_TRACER=y
-CONFIG_GENERIC_VDSO_TIME_NS=y
-CONFIG_GENEVE=y
-CONFIG_GLOB=y
-CONFIG_GRACE_PERIOD=y
-CONFIG_GRO_CELLS=y
-CONFIG_GUEST_PERF_EVENTS=y
-CONFIG_GVE=m
-CONFIG_HALTPOLL_CPUIDLE=y
-CONFIG_HARDENED_USERCOPY=y
-CONFIG_HARDIRQS_SW_RESEND=y
-CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
-CONFIG_HAS_DMA=y
-CONFIG_HAS_IOMEM=y
-CONFIG_HAS_IOPORT_MAP=y
-CONFIG_HAS_IOPORT=y
-CONFIG_HAVE_ACPI_APEI_NMI=y
-CONFIG_HAVE_ACPI_APEI=y
-CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y
-CONFIG_HAVE_ARCH_AUDITSYSCALL=y
-CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y
-CONFIG_HAVE_ARCH_HUGE_VMALLOC=y
-CONFIG_HAVE_ARCH_HUGE_VMAP=y
-CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y
-CONFIG_HAVE_ARCH_JUMP_LABEL=y
-CONFIG_HAVE_ARCH_KASAN_VMALLOC=y
-CONFIG_HAVE_ARCH_KASAN=y
-CONFIG_HAVE_ARCH_KCSAN=y
-CONFIG_HAVE_ARCH_KFENCE=y
-CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_HAVE_ARCH_KMSAN=y
-CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
-CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
-CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y
-CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y
-CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
-CONFIG_HAVE_ARCH_SECCOMP=y
-CONFIG_HAVE_ARCH_SOFT_DIRTY=y
-CONFIG_HAVE_ARCH_STACKLEAK=y
-CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y
-CONFIG_HAVE_ARCH_TRACEHOOK=y
-CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y
-CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
-CONFIG_HAVE_ARCH_VMAP_STACK=y
-CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
-CONFIG_HAVE_ASM_MODVERSIONS=y
-CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y
-CONFIG_HAVE_CALL_THUNKS=y
-CONFIG_HAVE_CLK_PREPARE=y
-CONFIG_HAVE_CLK=y
-CONFIG_HAVE_CMPXCHG_DOUBLE=y
-CONFIG_HAVE_CMPXCHG_LOCAL=y
-CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y
-CONFIG_HAVE_CONTEXT_TRACKING_USER=y
-CONFIG_HAVE_C_RECORDMCOUNT=y
-CONFIG_HAVE_DEBUG_KMEMLEAK=y
-CONFIG_HAVE_DMA_CONTIGUOUS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
-CONFIG_HAVE_DYNAMIC_FTRACE=y
-CONFIG_HAVE_EBPF_JIT=y
-CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
-CONFIG_HAVE_EISA=y
-CONFIG_HAVE_EXIT_THREAD=y
-CONFIG_HAVE_FAST_GUP=y
-CONFIG_HAVE_FENTRY=y
-CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
-CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y
-CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y
-CONFIG_HAVE_FUNCTION_GRAPH_RETVAL=y
-CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
-CONFIG_HAVE_FUNCTION_TRACER=y
-CONFIG_HAVE_GCC_PLUGINS=y
-CONFIG_HAVE_GENERIC_VDSO=y
-CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y
-CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y
-CONFIG_HAVE_HW_BREAKPOINT=y
-CONFIG_HAVE_IMA_KEXEC=y
-CONFIG_HAVE_INTEL_TXT=y
-CONFIG_HAVE_IOREMAP_PROT=y
-CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
-CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
-CONFIG_HAVE_JUMP_LABEL_HACK=y
-CONFIG_HAVE_KCSAN_COMPILER=y
-CONFIG_HAVE_KERNEL_BZIP2=y
-CONFIG_HAVE_KERNEL_GZIP=y
-CONFIG_HAVE_KERNEL_LZ4=y
-CONFIG_HAVE_KERNEL_LZMA=y
-CONFIG_HAVE_KERNEL_LZO=y
-CONFIG_HAVE_KERNEL_XZ=y
-CONFIG_HAVE_KERNEL_ZSTD=y
-CONFIG_HAVE_KPROBES_ON_FTRACE=y
-CONFIG_HAVE_KPROBES=y
-CONFIG_HAVE_KRETPROBES=y
-CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
-CONFIG_HAVE_KVM_DIRTY_RING_ACQ_REL=y
-CONFIG_HAVE_KVM_DIRTY_RING_TSO=y
-CONFIG_HAVE_KVM_DIRTY_RING=y
-CONFIG_HAVE_KVM_EVENTFD=y
-CONFIG_HAVE_KVM_IRQ_BYPASS=y
-CONFIG_HAVE_KVM_IRQCHIP=y
-CONFIG_HAVE_KVM_IRQFD=y
-CONFIG_HAVE_KVM_IRQ_ROUTING=y
-CONFIG_HAVE_KVM_MSI=y
-CONFIG_HAVE_KVM_NO_POLL=y
-CONFIG_HAVE_KVM_PFNCACHE=y
-CONFIG_HAVE_KVM_PM_NOTIFIER=y
-CONFIG_HAVE_KVM=y
-CONFIG_HAVE_LIVEPATCH=y
-CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
-CONFIG_HAVE_MMIOTRACE_SUPPORT=y
-CONFIG_HAVE_MOD_ARCH_SPECIFIC=y
-CONFIG_HAVE_MOVE_PMD=y
-CONFIG_HAVE_MOVE_PUD=y
-CONFIG_HAVE_NMI=y
-CONFIG_HAVE_NOINSTR_HACK=y
-CONFIG_HAVE_NOINSTR_VALIDATION=y
-CONFIG_HAVE_OBJTOOL_MCOUNT=y
-CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y
-CONFIG_HAVE_OBJTOOL=y
-CONFIG_HAVE_OPTPROBES=y
-CONFIG_HAVE_PCI=y
-CONFIG_HAVE_PCSPKR_PLATFORM=y
-CONFIG_HAVE_PERF_EVENTS_NMI=y
-CONFIG_HAVE_PERF_EVENTS=y
-CONFIG_HAVE_PERF_REGS=y
-CONFIG_HAVE_PERF_USER_STACK_DUMP=y
-CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y
-CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y
-CONFIG_HAVE_PREEMPT_DYNAMIC=y
-CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
-CONFIG_HAVE_RELIABLE_STACKTRACE=y
-CONFIG_HAVE_RETHOOK=y
-CONFIG_HAVE_RSEQ=y
-CONFIG_HAVE_RUST=y
-CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y
-CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y
-CONFIG_HAVE_SETUP_PER_CPU_AREA=y
-CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y
-CONFIG_HAVE_STACKPROTECTOR=y
-CONFIG_HAVE_STACK_VALIDATION=y
-CONFIG_HAVE_STATIC_CALL_INLINE=y
-CONFIG_HAVE_STATIC_CALL=y
-CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
-CONFIG_HAVE_UACCESS_VALIDATION=y
-CONFIG_HAVE_UID16=y
-CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
-CONFIG_HAVE_USER_RETURN_NOTIFIER=y
-CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
-CONFIG_HDMI=y
-CONFIG_HIBERNATE_CALLBACKS=y
-CONFIG_HID_A4TECH=m
-CONFIG_HID_APPLE=m
-CONFIG_HID_BELKIN=m
-CONFIG_HID_CHERRY=m
-CONFIG_HID_CHICONY=m
-CONFIG_HID_CORSAIR=m
-CONFIG_HID_CYPRESS=m
-CONFIG_HID_EZKEY=m
-CONFIG_HID_GENERIC=y
-CONFIG_HID_GYRATION=m
-CONFIG_HID_ITE=m
-CONFIG_HID_KENSINGTON=m
-CONFIG_HID_LENOVO=m
-CONFIG_HID_LOGITECH_DJ=m
-CONFIG_HID_LOGITECH_HIDPP=m
-CONFIG_HID_LOGITECH=m
-CONFIG_HID_MICROSOFT=m
-CONFIG_HID_MONTEREY=m
-CONFIG_HID_PANTHERLORD=m
-CONFIG_HID_PETALYNX=m
-CONFIG_HIDRAW=y
-CONFIG_HID_REDRAGON=y
-CONFIG_HID_ROCCAT=y
-CONFIG_HID_SAMSUNG=m
-CONFIG_HID_SUNPLUS=m
-CONFIG_HID_SUPPORT=y
-CONFIG_HID_TOPSEED=m
-CONFIG_HID=y
-CONFIG_HIGH_RES_TIMERS=y
-CONFIG_HMM_MIRROR=y
-CONFIG_HOTPLUG_CORE_SYNC_DEAD=y
-CONFIG_HOTPLUG_CORE_SYNC_FULL=y
-CONFIG_HOTPLUG_CORE_SYNC=y
-CONFIG_HOTPLUG_CPU=y
-CONFIG_HOTPLUG_PARALLEL=y
-CONFIG_HOTPLUG_PCI_ACPI=y
-CONFIG_HOTPLUG_PCI_PCIE=y
-CONFIG_HOTPLUG_PCI=y
-CONFIG_HOTPLUG_SMT=y
-CONFIG_HOTPLUG_SPLIT_STARTUP=y
-CONFIG_HPET_EMULATE_RTC=y
-CONFIG_HPET_TIMER=y
-CONFIG_HPET=y
-CONFIG_HP_ILO=m
-CONFIG_HSA_AMD=y
-CONFIG_HSR=y
-CONFIG_HSU_DMA=y
-CONFIG_HUGETLBFS=y
-CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y
-CONFIG_HUGETLB_PAGE=y
-CONFIG_HVC_DRIVER=y
-CONFIG_HVC_IRQ=y
-CONFIG_HVC_XEN_FRONTEND=y
-CONFIG_HVC_XEN=y
-CONFIG_HW_CONSOLE=y
-CONFIG_HWMON=y
-CONFIG_HW_RANDOM_TPM=y
-CONFIG_HW_RANDOM_VIA=y
-CONFIG_HW_RANDOM_VIRTIO=y
-CONFIG_HW_RANDOM=y
-CONFIG_HYPERV_BALLOON=y
-CONFIG_HYPERV_IOMMU=y
-CONFIG_HYPERVISOR_GUEST=y
-CONFIG_HYPERV_KEYBOARD=y
-CONFIG_HYPERV_NET=y
-CONFIG_HYPERV_STORAGE=y
-CONFIG_HYPERV_TIMER=y
-CONFIG_HYPERV_UTILS=y
-CONFIG_HYPERV_VSOCKETS=y
-CONFIG_HYPERV=y
-CONFIG_HZ=250
-CONFIG_HZ_250=y
-CONFIG_I2C_ALGOBIT=m
-CONFIG_I2C_BOARDINFO=y
-CONFIG_I2C_COMPAT=y
-CONFIG_I2C_HELPER_AUTO=y
-CONFIG_I2C_HID=y
-CONFIG_I2C_I801=m
-CONFIG_I2C_SMBUS=m
-CONFIG_I2C=y
-CONFIG_I40E=m
-CONFIG_I40EVF=m
-CONFIG_I6300ESB_WDT=m
-CONFIG_I8253_LOCK=y
-CONFIG_IA32_EMULATION=y
-CONFIG_IA32_FEAT_CTL=y
-CONFIG_IAVF=m
-CONFIG_ICE_HWTS=y
-CONFIG_ICE=m
-CONFIG_ICE_SWITCHDEV=y
-CONFIG_IGB_DCA=y
-CONFIG_IGB_HWMON=y
-CONFIG_IGB=m
-CONFIG_IGBVF=m
-CONFIG_IGC=m
-CONFIG_IKCONFIG_PROC=y
-CONFIG_IKCONFIG=y
-CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_ARCH_POLICY=y
-CONFIG_IMA_DEFAULT_HASH="sha512"
-CONFIG_IMA_DEFAULT_HASH_SHA512=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-CONFIG_IMA_LSM_RULES=y
-CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
-CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
-CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
-CONFIG_IMA_WRITE_POLICY=y
-CONFIG_IMA=y
-CONFIG_INET6_AH=y
-CONFIG_INET6_ESP_OFFLOAD=y
-CONFIG_INET6_ESP=y
-CONFIG_INET6_IPCOMP=y
-CONFIG_INET6_TUNNEL=y
-CONFIG_INET6_XFRM_TUNNEL=y
-CONFIG_INET_AH=y
-CONFIG_INET_ESP=y
-CONFIG_INET_IPCOMP=y
-CONFIG_INET_TABLE_PERTURB_ORDER=16
-CONFIG_INET_TUNNEL=y
-CONFIG_INET_XFRM_TUNNEL=y
-CONFIG_INET=y
-CONFIG_INFINIBAND_ADDR_TRANS_CONFIGFS=y
-CONFIG_INFINIBAND_ADDR_TRANS=y
-CONFIG_INFINIBAND_IPOIB_DEBUG=y
-CONFIG_INFINIBAND_IPOIB=y
-CONFIG_INFINIBAND_VIRT_DMA=y
-CONFIG_INFINIBAND=y
-CONFIG_INIT_ENV_ARG_LIMIT=32
-CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
-CONFIG_INITRAMFS_PRESERVE_MTIME=y
-CONFIG_INITRAMFS_SOURCE=""
-CONFIG_INIT_STACK_ALL_ZERO=y
-CONFIG_INLINE_READ_UNLOCK_IRQ=y
-CONFIG_INLINE_READ_UNLOCK=y
-CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
-CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
-CONFIG_INLINE_WRITE_UNLOCK=y
-CONFIG_INOTIFY_USER=y
-CONFIG_INPUT_EVDEV=y
-CONFIG_INPUT_FF_MEMLESS=y
-CONFIG_INPUT_JOYSTICK=y
-CONFIG_INPUT_KEYBOARD=y
-CONFIG_INPUT_LEDS=y
-CONFIG_INPUT_MISC=y
-CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
-CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
-CONFIG_INPUT_MOUSEDEV=y
-CONFIG_INPUT_MOUSE=y
-CONFIG_INPUT_SPARSEKMAP=y
-CONFIG_INPUT_TABLET=y
-CONFIG_INPUT_TOUCHSCREEN=y
-CONFIG_INPUT_VIVALDIFMAP=y
-CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y
-CONFIG_INPUT=y
-CONFIG_INSTRUCTION_DECODER=y
-CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-CONFIG_INTEGRITY_AUDIT=y
-CONFIG_INTEGRITY_PLATFORM_KEYRING=y
-CONFIG_INTEGRITY_SIGNATURE=y
-CONFIG_INTEGRITY_TRUSTED_KEYRING=y
-CONFIG_INTEGRITY=y
-CONFIG_INTEL_GTT=y
-CONFIG_INTEL_IDLE=y
-CONFIG_INTEL_IOATDMA=y
-CONFIG_INTEL_IOMMU_DEFAULT_ON=y
-CONFIG_INTEL_IOMMU_FLOPPY_WA=y
-CONFIG_INTEL_IOMMU_PERF_EVENTS=y
-CONFIG_INTEL_IOMMU_SVM=y
-CONFIG_INTEL_IOMMU=y
-CONFIG_INTEL_PMC_CORE=m
-CONFIG_INTEL_TCC=y
-CONFIG_INTERVAL_TREE=y
-CONFIG_IO_DELAY_0X80=y
-CONFIG_IOMMU_API=y
-CONFIG_IOMMU_DEFAULT_DMA_STRICT=y
-CONFIG_IOMMU_DMA=y
-CONFIG_IOMMU_IO_PGTABLE=y
-CONFIG_IOMMU_IOVA=y
-CONFIG_IOMMU_SUPPORT=y
-CONFIG_IOMMU_SVA=y
-CONFIG_IOSCHED_BFQ=y
-CONFIG_IOSF_MBI=y
-CONFIG_IO_URING=y
-CONFIG_IO_WQ=y
-CONFIG_IP6_NF_FILTER=y
-CONFIG_IP6_NF_IPTABLES=y
-CONFIG_IP6_NF_MANGLE=y
-CONFIG_IP6_NF_MATCH_AH=y
-CONFIG_IP6_NF_MATCH_EUI64=y
-CONFIG_IP6_NF_MATCH_FRAG=y
-CONFIG_IP6_NF_MATCH_HL=y
-CONFIG_IP6_NF_MATCH_IPV6HEADER=y
-CONFIG_IP6_NF_MATCH_MH=y
-CONFIG_IP6_NF_MATCH_OPTS=y
-CONFIG_IP6_NF_MATCH_RPFILTER=y
-CONFIG_IP6_NF_MATCH_RT=y
-CONFIG_IP6_NF_NAT=y
-CONFIG_IP6_NF_RAW=y
-CONFIG_IP6_NF_SECURITY=y
-CONFIG_IP6_NF_TARGET_HL=y
-CONFIG_IP6_NF_TARGET_REJECT=y
-CONFIG_IP6_NF_TARGET_SYNPROXY=y
-CONFIG_IP_ADVANCED_ROUTER=y
-CONFIG_IPC_NS=y
-CONFIG_IP_DCCP_CCID3=y
-CONFIG_IP_DCCP_TFRC_LIB=y
-CONFIG_IP_DCCP=y
-CONFIG_IPMI_DEVICE_INTERFACE=y
-CONFIG_IPMI_DMI_DECODE=y
-CONFIG_IPMI_HANDLER=y
-CONFIG_IPMI_PLAT_DATA=y
-CONFIG_IPMI_POWEROFF=y
-CONFIG_IPMI_SI=y
-CONFIG_IPMI_WATCHDOG=m
-CONFIG_IP_MROUTE_COMMON=y
-CONFIG_IP_MROUTE=y
-CONFIG_IP_MULTICAST=y
-CONFIG_IP_MULTIPLE_TABLES=y
-CONFIG_IP_NF_FILTER=y
-CONFIG_IP_NF_IPTABLES=y
-CONFIG_IP_NF_MANGLE=y
-CONFIG_IP_NF_MATCH_RPFILTER=y
-CONFIG_IP_NF_NAT=y
-CONFIG_IP_NF_RAW=y
-CONFIG_IP_NF_TARGET_MASQUERADE=y
-CONFIG_IP_NF_TARGET_NETMAP=y
-CONFIG_IP_NF_TARGET_REDIRECT=y
-CONFIG_IP_NF_TARGET_REJECT=y
-CONFIG_IP_PIMSM_V1=y
-CONFIG_IP_PIMSM_V2=y
-CONFIG_IP_PNP_BOOTP=y
-CONFIG_IP_PNP_DHCP=y
-CONFIG_IP_PNP_RARP=y
-CONFIG_IP_PNP=y
-CONFIG_IP_ROUTE_CLASSID=y
-CONFIG_IP_ROUTE_MULTIPATH=y
-CONFIG_IP_ROUTE_VERBOSE=y
-CONFIG_IP_SCTP=y
-CONFIG_IP_SET_BITMAP_IPMAC=y
-CONFIG_IP_SET_BITMAP_IP=y
-CONFIG_IP_SET_BITMAP_PORT=y
-CONFIG_IP_SET_HASH_IPMAC=y
-CONFIG_IP_SET_HASH_IPMARK=y
-CONFIG_IP_SET_HASH_IPPORTIP=y
-CONFIG_IP_SET_HASH_IPPORTNET=y
-CONFIG_IP_SET_HASH_IPPORT=y
-CONFIG_IP_SET_HASH_IP=y
-CONFIG_IP_SET_HASH_MAC=y
-CONFIG_IP_SET_HASH_NETIFACE=y
-CONFIG_IP_SET_HASH_NETNET=y
-CONFIG_IP_SET_HASH_NETPORTNET=y
-CONFIG_IP_SET_HASH_NETPORT=y
-CONFIG_IP_SET_HASH_NET=y
-CONFIG_IP_SET_LIST_SET=y
-CONFIG_IP_SET_MAX=256
-CONFIG_IP_SET=y
-CONFIG_IPV6_FOU_TUNNEL=y
-CONFIG_IPV6_FOU=y
-CONFIG_IPV6_ILA=y
-CONFIG_IPV6_MIP6=y
-CONFIG_IPV6_MULTIPLE_TABLES=y
-CONFIG_IPV6_NDISC_NODETYPE=y
-CONFIG_IPV6_ROUTE_INFO=y
-CONFIG_IPV6_ROUTER_PREF=y
-CONFIG_IPV6_SIT=y
-CONFIG_IPV6_TUNNEL=y
-CONFIG_IPV6=y
-CONFIG_IPVLAN_L3S=y
-CONFIG_IPVLAN=y
-CONFIG_IP_VS_IPV6=y
-CONFIG_IP_VS_LC=y
-CONFIG_IP_VS_MH_TAB_INDEX=12
-CONFIG_IP_VS_NFCT=y
-CONFIG_IP_VS_PROTO_TCP=y
-CONFIG_IP_VS_PROTO_UDP=y
-CONFIG_IP_VS_RR=y
-CONFIG_IP_VS_SH_TAB_BITS=8
-CONFIG_IP_VS_SH=y
-CONFIG_IP_VS_TAB_BITS=12
-CONFIG_IP_VS_WRR=y
-CONFIG_IP_VS=y
-CONFIG_IRQ_BYPASS_MANAGER=y
-CONFIG_IRQ_DOMAIN_HIERARCHY=y
-CONFIG_IRQ_DOMAIN=y
-CONFIG_IRQ_FORCED_THREADING=y
-CONFIG_IRQ_MSI_IOMMU=y
-CONFIG_IRQ_POLL=y
-CONFIG_IRQ_REMAP=y
-CONFIG_IRQ_WORK=y
-CONFIG_ISA_DMA_API=y
-CONFIG_ISCSI_TCP=y
-CONFIG_ISO9660_FS=y
-CONFIG_ITCO_VENDOR_SUPPORT=y
-CONFIG_ITCO_WDT=m
-CONFIG_IXGBE_DCA=y
-CONFIG_IXGBE_HWMON=y
-CONFIG_IXGBE_IPSEC=y
-CONFIG_IXGBE=m
-CONFIG_IXGBEVF_IPSEC=y
-CONFIG_IXGBEVF=m
-CONFIG_JBD2=y
-CONFIG_JOLIET=y
-CONFIG_JUMP_LABEL=y
-CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
-CONFIG_KALLSYMS_BASE_RELATIVE=y
-CONFIG_KALLSYMS=y
-CONFIG_KARMA_PARTITION=y
-CONFIG_KCMP=y
-CONFIG_KERNEL_ZSTD=y
-CONFIG_KERNFS=y
-CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
-CONFIG_KEXEC_CORE=y
-CONFIG_KEXEC_FILE=y
-CONFIG_KEXEC_SIG=y
-CONFIG_KEYBOARD_ATKBD=y
-CONFIG_KEYS=y
-CONFIG_KFENCE_NUM_OBJECTS=255
-CONFIG_KFENCE_SAMPLE_INTERVAL=100
-CONFIG_KFENCE_STRESS_TEST_FAULTS=0
-CONFIG_KFENCE=y
-CONFIG_KPROBE_EVENTS=y
-CONFIG_KPROBES_ON_FTRACE=y
-CONFIG_KPROBES=y
-CONFIG_KRETPROBE_ON_RETHOOK=y
-CONFIG_KRETPROBES=y
-CONFIG_KVM_AMD=y
-CONFIG_KVM_AMD_SEV=y
-CONFIG_KVM_ASYNC_PF=y
-CONFIG_KVM_COMPAT=y
-CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y
-CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y
-CONFIG_KVM_GUEST=y
-CONFIG_KVM_INTEL=y
-CONFIG_KVM_MMIO=y
-CONFIG_KVM_SMM=y
-CONFIG_KVM_VFIO=y
-CONFIG_KVM_WERROR=y
-CONFIG_KVM_XFER_TO_GUEST_WORK=y
-CONFIG_KVM=y
-CONFIG_L2TP=y
-CONFIG_LAPB=y
-CONFIG_LD_IS_BFD=y
-CONFIG_LD_ORPHAN_WARN_LEVEL="warn"
-CONFIG_LD_ORPHAN_WARN=y
-CONFIG_LD_VERSION=24200
-CONFIG_LEDS_CLASS=y
-CONFIG_LEDS_TRIGGERS=y
-CONFIG_LEGACY_DIRECT_IO=y
-CONFIG_LEGACY_VSYSCALL_NONE=y
-CONFIG_LIBCRC32C=y
-CONFIG_LINEAR_RANGES=y
-CONFIG_LIST_HARDENED=y
-CONFIG_LLC2=y
-CONFIG_LLC=y
-CONFIG_LLD_VERSION=0
-CONFIG_LOAD_UEFI_KEYS=y
-#CONFIG_LOCALVERSION="-patagia"
-CONFIG_LOCK_DEBUGGING_SUPPORT=y
-CONFIG_LOCKDEP_SUPPORT=y
-CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
-CONFIG_LOCKD_V4=y
-CONFIG_LOCKD=y
-CONFIG_LOCK_MM_AND_FIND_VMA=y
-CONFIG_LOCK_SPIN_ON_OWNER=y
-CONFIG_LOG_BUF_SHIFT=18
-CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
-CONFIG_LOGITECH_FF=y
-CONFIG_LOGIWHEELS_FF=y
-CONFIG_LOGO_LINUX_CLUT224=y
-CONFIG_LOGO=y
-CONFIG_LPC_ICH=m
-CONFIG_LRU_CACHE=m
-CONFIG_LRU_GEN_ENABLED=y
-CONFIG_LRU_GEN_WALKS_MMU=y
-CONFIG_LRU_GEN=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity,bpf,apparmor"
-CONFIG_LTO_NONE=y
-CONFIG_LWTUNNEL_BPF=y
-CONFIG_LWTUNNEL=y
-CONFIG_LZ4_COMPRESS=m
-CONFIG_LZ4_DECOMPRESS=y
-CONFIG_LZ4HC_COMPRESS=m
-CONFIG_LZO_COMPRESS=y
-CONFIG_LZO_DECOMPRESS=y
-CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
-CONFIG_MAC_PARTITION=y
-CONFIG_MACVLAN=y
-CONFIG_MACVTAP=y
-CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
-CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE=""
-CONFIG_MAGIC_SYSRQ_SERIAL=y
-CONFIG_MAGIC_SYSRQ=y
-CONFIG_MAILBOX=y
-CONFIG_MARVELL_10G_PHY=y
-CONFIG_MARVELL_PHY=y
-CONFIG_MAX_SKB_FRAGS=17
-CONFIG_MD_AUTODETECT=y
-CONFIG_MD_BITMAP_FILE=y
-CONFIG_MDIO_BUS=y
-CONFIG_MDIO_DEVICE=y
-CONFIG_MDIO_DEVRES=y
-CONFIG_MDIO=m
-CONFIG_MD_RAID0=y
-CONFIG_MD_RAID10=y
-CONFIG_MD_RAID1=y
-CONFIG_MD_RAID456=m
-CONFIG_MD=y
-CONFIG_MEGARAID_SAS=m
-CONFIG_MEMBARRIER=y
-CONFIG_MEMCG_KMEM=y
-CONFIG_MEMCG=y
-CONFIG_MEMFD_CREATE=y
-CONFIG_MEMORY_BALLOON=y
-CONFIG_MEMORY_FAILURE=y
-CONFIG_MEMORY_HOTPLUG=y
-CONFIG_MEMORY_HOTREMOVE=y
-CONFIG_MEMORY_ISOLATION=y
-CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
-CONFIG_MFD_CORE=m
-CONFIG_MFD_INTEL_PMC_BXT=m
-CONFIG_MICROCODE=y
-CONFIG_MIGRATION=y
-CONFIG_MII=m
-CONFIG_MINIX_SUBPARTITION=y
-CONFIG_MISC_FILESYSTEMS=y
-CONFIG_MITIGATION_RFDS=y
-CONFIG_MITIGATION_SPECTRE_BHI=y
-CONFIG_MLX4_CORE_GEN2=y
-CONFIG_MLX4_CORE=m
-CONFIG_MLX4_DEBUG=y
-CONFIG_MLX4_EN_DCB=y
-CONFIG_MLX4_EN=m
-CONFIG_MLX4_INFINIBAND=m
-CONFIG_MLX5_BRIDGE=y
-CONFIG_MLX5_CORE_EN_DCB=y
-CONFIG_MLX5_CORE_EN=y
-CONFIG_MLX5_CORE_IPOIB=y
-CONFIG_MLX5_CORE=m
-CONFIG_MLX5_EN_ARFS=y
-CONFIG_MLX5_EN_RXNFC=y
-CONFIG_MLX5_ESWITCH=y
-CONFIG_MLX5_FPGA=y
-CONFIG_MLX5_INFINIBAND=m
-CONFIG_MLX5_MPFS=y
-CONFIG_MLX5_SW_STEERING=y
-CONFIG_MLXFW=m
-CONFIG_MLXSW_CORE_HWMON=y
-CONFIG_MLXSW_CORE=m
-CONFIG_MLXSW_CORE_THERMAL=y
-CONFIG_MLXSW_I2C=m
-CONFIG_MLXSW_MINIMAL=m
-CONFIG_MLXSW_PCI=m
-CONFIG_MLXSW_SPECTRUM_DCB=y
-CONFIG_MLXSW_SPECTRUM=m
-CONFIG_MMC_BLOCK_MINORS=32
-CONFIG_MMC_BLOCK=y
-CONFIG_MMC_CQHCI=y
-CONFIG_MMCONF_FAM10H=y
-CONFIG_MMC_RICOH_MMC=y
-CONFIG_MMC_SDHCI_ACPI=m
-CONFIG_MMC_SDHCI_F_SDH30=m
-CONFIG_MMC_SDHCI_IO_ACCESSORS=y
-CONFIG_MMC_SDHCI_PCI=m
-CONFIG_MMC_SDHCI_PLTFM=m
-CONFIG_MMC_SDHCI_XENON=m
-CONFIG_MMC_SDHCI=y
-CONFIG_MMC=y
-CONFIG_MMU_GATHER_MERGE_VMAS=y
-CONFIG_MMU_GATHER_RCU_TABLE_FREE=y
-CONFIG_MMU_GATHER_TABLE_FREE=y
-CONFIG_MMU_LAZY_TLB_REFCOUNT=y
-CONFIG_MMU_NOTIFIER=y
-CONFIG_MMU=y
-CONFIG_MODPROBE_PATH="/sbin/modprobe"
-CONFIG_MODULE_COMPRESS_ZSTD=y
-CONFIG_MODULE_FORCE_UNLOAD=y
-CONFIG_MODULE_SIG_ALL=y
-CONFIG_MODULE_SIG_FORCE=y
-CONFIG_MODULE_SIG_FORMAT=y
-CONFIG_MODULE_SIG_HASH="sha512"
-CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
-CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
-CONFIG_MODULE_SIG_SHA512=y
-CONFIG_MODULE_SIG=y
-CONFIG_MODULE_SRCVERSION_ALL=y
-CONFIG_MODULE_UNLOAD=y
-CONFIG_MODULES_TREE_LOOKUP=y
-CONFIG_MODULES_USE_ELF_RELA=y
-CONFIG_MODULES=y
-CONFIG_MODVERSIONS=y
-CONFIG_MPILIB=y
-CONFIG_MPLS=y
-CONFIG_MQ_IOSCHED_DEADLINE=y
-CONFIG_MQ_IOSCHED_KYBER=y
-CONFIG_MSDOS_FS=y
-CONFIG_MSDOS_PARTITION=y
-CONFIG_MTRR=y
-CONFIG_MULTIUSER=y
-CONFIG_MUTEX_SPIN_ON_OWNER=y
-CONFIG_NAMESPACES=y
-CONFIG_NEED_DMA_MAP_STATE=y
-CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
-CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
-CONFIG_NEED_SG_DMA_FLAGS=y
-CONFIG_NEED_SG_DMA_LENGTH=y
-CONFIG_NET_ACT_BPF=y
-CONFIG_NET_ACT_CSUM=y
-CONFIG_NET_ACT_GACT=y
-CONFIG_NET_ACT_IFE=y
-CONFIG_NET_ACT_IPT=y
-CONFIG_NET_ACT_MIRRED=y
-CONFIG_NET_ACT_NAT=y
-CONFIG_NET_ACT_PEDIT=y
-CONFIG_NET_ACT_POLICE=y
-CONFIG_NET_ACT_SAMPLE=y
-CONFIG_NET_ACT_SIMP=y
-CONFIG_NET_ACT_SKBEDIT=y
-CONFIG_NET_ACT_SKBMOD=y
-CONFIG_NET_ACT_TUNNEL_KEY=y
-CONFIG_NET_ACT_VLAN=y
-CONFIG_NET_CLS_ACT=y
-CONFIG_NET_CLS_BASIC=y
-CONFIG_NET_CLS_BPF=y
-CONFIG_NET_CLS_CGROUP=y
-CONFIG_NET_CLS_FLOWER=y
-CONFIG_NET_CLS_FLOW=y
-CONFIG_NET_CLS_FW=y
-CONFIG_NET_CLS_MATCHALL=y
-CONFIG_NET_CLS_ROUTE4=y
-CONFIG_NET_CLS_U32=y
-CONFIG_NET_CLS=y
-CONFIG_NETCONSOLE=y
-CONFIG_NET_CORE=y
-CONFIG_NETDEVICES=y
-CONFIG_NET_DEVLINK=y
-CONFIG_NET_DSA=y
-CONFIG_NET_EGRESS=y
-CONFIG_NET_EMATCH_CMP=y
-CONFIG_NET_EMATCH_IPSET=y
-CONFIG_NET_EMATCH_META=y
-CONFIG_NET_EMATCH_NBYTE=y
-CONFIG_NET_EMATCH_STACK=32
-CONFIG_NET_EMATCH_TEXT=y
-CONFIG_NET_EMATCH_U32=y
-CONFIG_NET_EMATCH=y
-CONFIG_NET_FAILOVER=y
-CONFIG_NETFILTER_ADVANCED=y
-CONFIG_NETFILTER_BPF_LINK=y
-CONFIG_NETFILTER_CONNCOUNT=y
-CONFIG_NETFILTER_EGRESS=y
-CONFIG_NETFILTER_FAMILY_BRIDGE=y
-CONFIG_NETFILTER_INGRESS=y
-CONFIG_NETFILTER_NETLINK_ACCT=y
-CONFIG_NETFILTER_NETLINK_GLUE_CT=y
-CONFIG_NETFILTER_NETLINK_LOG=y
-CONFIG_NETFILTER_NETLINK_OSF=y
-CONFIG_NETFILTER_NETLINK_QUEUE=y
-CONFIG_NETFILTER_NETLINK=y
-CONFIG_NETFILTER_SKIP_EGRESS=y
-CONFIG_NETFILTER_SYNPROXY=y
-CONFIG_NETFILTER_XTABLES_COMPAT=y
-CONFIG_NETFILTER_XTABLES=y
-CONFIG_NETFILTER_XT_CONNMARK=y
-CONFIG_NETFILTER_XT_MARK=y
-CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
-CONFIG_NETFILTER_XT_MATCH_BPF=y
-CONFIG_NETFILTER_XT_MATCH_CGROUP=y
-CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
-CONFIG_NETFILTER_XT_MATCH_COMMENT=y
-CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
-CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
-CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
-CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
-CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
-CONFIG_NETFILTER_XT_MATCH_CPU=y
-CONFIG_NETFILTER_XT_MATCH_DCCP=y
-CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
-CONFIG_NETFILTER_XT_MATCH_DSCP=y
-CONFIG_NETFILTER_XT_MATCH_ECN=y
-CONFIG_NETFILTER_XT_MATCH_ESP=y
-CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
-CONFIG_NETFILTER_XT_MATCH_HELPER=y
-CONFIG_NETFILTER_XT_MATCH_HL=y
-CONFIG_NETFILTER_XT_MATCH_IPCOMP=y
-CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
-CONFIG_NETFILTER_XT_MATCH_IPVS=y
-CONFIG_NETFILTER_XT_MATCH_L2TP=y
-CONFIG_NETFILTER_XT_MATCH_LENGTH=y
-CONFIG_NETFILTER_XT_MATCH_LIMIT=y
-CONFIG_NETFILTER_XT_MATCH_MAC=y
-CONFIG_NETFILTER_XT_MATCH_MARK=y
-CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
-CONFIG_NETFILTER_XT_MATCH_NFACCT=y
-CONFIG_NETFILTER_XT_MATCH_OSF=y
-CONFIG_NETFILTER_XT_MATCH_OWNER=y
-CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
-CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
-CONFIG_NETFILTER_XT_MATCH_POLICY=y
-CONFIG_NETFILTER_XT_MATCH_QUOTA=y
-CONFIG_NETFILTER_XT_MATCH_RATEEST=y
-CONFIG_NETFILTER_XT_MATCH_REALM=y
-CONFIG_NETFILTER_XT_MATCH_RECENT=y
-CONFIG_NETFILTER_XT_MATCH_SCTP=y
-CONFIG_NETFILTER_XT_MATCH_SOCKET=y
-CONFIG_NETFILTER_XT_MATCH_STATE=y
-CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
-CONFIG_NETFILTER_XT_MATCH_STRING=y
-CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
-CONFIG_NETFILTER_XT_MATCH_TIME=y
-CONFIG_NETFILTER_XT_MATCH_U32=y
-CONFIG_NETFILTER_XT_NAT=y
-CONFIG_NETFILTER_XT_SET=y
-CONFIG_NETFILTER_XT_TARGET_AUDIT=y
-CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
-CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
-CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
-CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
-CONFIG_NETFILTER_XT_TARGET_CT=y
-CONFIG_NETFILTER_XT_TARGET_DSCP=y
-CONFIG_NETFILTER_XT_TARGET_HL=y
-CONFIG_NETFILTER_XT_TARGET_HMARK=y
-CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
-CONFIG_NETFILTER_XT_TARGET_LED=y
-CONFIG_NETFILTER_XT_TARGET_LOG=y
-CONFIG_NETFILTER_XT_TARGET_MARK=y
-CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y
-CONFIG_NETFILTER_XT_TARGET_NETMAP=y
-CONFIG_NETFILTER_XT_TARGET_NFLOG=y
-CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
-CONFIG_NETFILTER_XT_TARGET_RATEEST=y
-CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
-CONFIG_NETFILTER_XT_TARGET_SECMARK=y
-CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
-CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y
-CONFIG_NETFILTER_XT_TARGET_TEE=y
-CONFIG_NETFILTER_XT_TARGET_TPROXY=y
-CONFIG_NETFILTER=y
-CONFIG_NET_FLOW_LIMIT=y
-CONFIG_NET_FOU_IP_TUNNELS=y
-CONFIG_NET_FOU=y
-CONFIG_NETFS_SUPPORT=y
-CONFIG_NET_HANDSHAKE=y
-CONFIG_NET_IFE=y
-CONFIG_NET_INGRESS=y
-CONFIG_NET_IPGRE_DEMUX=y
-CONFIG_NET_IPGRE=m
-CONFIG_NET_IPIP=y
-CONFIG_NET_IP_TUNNEL=y
-CONFIG_NET_L3_MASTER_DEV=y
-CONFIG_NETLABEL=y
-CONFIG_NETLINK_DIAG=y
-CONFIG_NET_MPLS_GSO=y
-CONFIG_NET_NCSI=y
-CONFIG_NET_NSH=y
-CONFIG_NET_NS=y
-CONFIG_NET_POLL_CONTROLLER=y
-CONFIG_NETPOLL=y
-CONFIG_NET_PTP_CLASSIFY=y
-CONFIG_NET_RX_BUSY_POLL=y
-CONFIG_NET_SCH_CHOKE=y
-CONFIG_NET_SCH_CODEL=y
-CONFIG_NET_SCH_DEFAULT=y
-CONFIG_NET_SCH_DRR=y
-CONFIG_NET_SCHED=y
-CONFIG_NET_SCH_FIFO=y
-CONFIG_NET_SCH_FQ_CODEL=y
-CONFIG_NET_SCH_FQ=y
-CONFIG_NET_SCH_GRED=y
-CONFIG_NET_SCH_HFSC=y
-CONFIG_NET_SCH_HHF=y
-CONFIG_NET_SCH_HTB=y
-CONFIG_NET_SCH_INGRESS=y
-CONFIG_NET_SCH_MQPRIO_LIB=y
-CONFIG_NET_SCH_MQPRIO=y
-CONFIG_NET_SCH_MULTIQ=y
-CONFIG_NET_SCH_NETEM=y
-CONFIG_NET_SCH_PIE=y
-CONFIG_NET_SCH_PLUG=y
-CONFIG_NET_SCH_PRIO=y
-CONFIG_NET_SCH_QFQ=y
-CONFIG_NET_SCH_RED=y
-CONFIG_NET_SCH_SFB=y
-CONFIG_NET_SCH_SFQ=y
-CONFIG_NET_SCH_TBF=y
-CONFIG_NET_SCH_TEQL=y
-CONFIG_NET_SELFTESTS=y
-CONFIG_NET_SOCK_MSG=y
-CONFIG_NET_SWITCHDEV=y
-CONFIG_NET_TULIP=y
-CONFIG_NET_UDP_TUNNEL=y
-CONFIG_NET_VENDOR_3COM=y
-CONFIG_NET_VENDOR_8390=y
-CONFIG_NET_VENDOR_ADAPTEC=y
-CONFIG_NET_VENDOR_AGERE=y
-CONFIG_NET_VENDOR_ALACRITECH=y
-CONFIG_NET_VENDOR_ALTEON=y
-CONFIG_NET_VENDOR_AMAZON=y
-CONFIG_NET_VENDOR_AMD=y
-CONFIG_NET_VENDOR_AQUANTIA=y
-CONFIG_NET_VENDOR_ARC=y
-CONFIG_NET_VENDOR_ASIX=y
-CONFIG_NET_VENDOR_ATHEROS=y
-CONFIG_NET_VENDOR_BROADCOM=y
-CONFIG_NET_VENDOR_BROCADE=y
-CONFIG_NET_VENDOR_CADENCE=y
-CONFIG_NET_VENDOR_CAVIUM=y
-CONFIG_NET_VENDOR_CHELSIO=y
-CONFIG_NET_VENDOR_CISCO=y
-CONFIG_NET_VENDOR_CORTINA=y
-CONFIG_NET_VENDOR_DAVICOM=y
-CONFIG_NET_VENDOR_DEC=y
-CONFIG_NET_VENDOR_DLINK=y
-CONFIG_NET_VENDOR_EMULEX=y
-CONFIG_NET_VENDOR_ENGLEDER=y
-CONFIG_NET_VENDOR_EZCHIP=y
-CONFIG_NET_VENDOR_FUNGIBLE=y
-CONFIG_NET_VENDOR_GOOGLE=y
-CONFIG_NET_VENDOR_HUAWEI=y
-CONFIG_NET_VENDOR_I825XX=y
-CONFIG_NET_VENDOR_INTEL=y
-CONFIG_NET_VENDOR_LITEX=y
-CONFIG_NET_VENDOR_MARVELL=y
-CONFIG_NET_VENDOR_MELLANOX=y
-CONFIG_NET_VENDOR_MICREL=y
-CONFIG_NET_VENDOR_MICROCHIP=y
-CONFIG_NET_VENDOR_MICROSEMI=y
-CONFIG_NET_VENDOR_MICROSOFT=y
-CONFIG_NET_VENDOR_MYRI=y
-CONFIG_NET_VENDOR_NATSEMI=y
-CONFIG_NET_VENDOR_NETERION=y
-CONFIG_NET_VENDOR_NETRONOME=y
-CONFIG_NET_VENDOR_NI=y
-CONFIG_NET_VENDOR_NVIDIA=y
-CONFIG_NET_VENDOR_OKI=y
-CONFIG_NET_VENDOR_PACKET_ENGINES=y
-CONFIG_NET_VENDOR_PENSANDO=y
-CONFIG_NET_VENDOR_QLOGIC=y
-CONFIG_NET_VENDOR_QUALCOMM=y
-CONFIG_NET_VENDOR_RDC=y
-CONFIG_NET_VENDOR_REALTEK=y
-CONFIG_NET_VENDOR_RENESAS=y
-CONFIG_NET_VENDOR_ROCKER=y
-CONFIG_NET_VENDOR_SAMSUNG=y
-CONFIG_NET_VENDOR_SEEQ=y
-CONFIG_NET_VENDOR_SILAN=y
-CONFIG_NET_VENDOR_SIS=y
-CONFIG_NET_VENDOR_SMSC=y
-CONFIG_NET_VENDOR_SOCIONEXT=y
-CONFIG_NET_VENDOR_SOLARFLARE=y
-CONFIG_NET_VENDOR_STMICRO=y
-CONFIG_NET_VENDOR_SUN=y
-CONFIG_NET_VENDOR_SYNOPSYS=y
-CONFIG_NET_VENDOR_TEHUTI=y
-CONFIG_NET_VENDOR_TI=y
-CONFIG_NET_VENDOR_VERTEXCOM=y
-CONFIG_NET_VENDOR_VIA=y
-CONFIG_NET_VENDOR_WANGXUN=y
-CONFIG_NET_VENDOR_WIZNET=y
-CONFIG_NET_VENDOR_XILINX=y
-CONFIG_NET_VRF=m
-CONFIG_NETWORK_FILESYSTEMS=y
-CONFIG_NETWORK_SECMARK=y
-CONFIG_NETXEN_NIC=m
-CONFIG_NET_XGRESS=y
-CONFIG_NET=y
-CONFIG_NEW_LEDS=y
-CONFIG_NF_CONNTRACK_BROADCAST=y
-CONFIG_NF_CONNTRACK_EVENTS=y
-CONFIG_NF_CONNTRACK_FTP=y
-CONFIG_NF_CONNTRACK_LABELS=y
-CONFIG_NF_CONNTRACK_MARK=y
-CONFIG_NF_CONNTRACK_NETBIOS_NS=y
-CONFIG_NF_CONNTRACK_OVS=y
-CONFIG_NF_CONNTRACK_PPTP=y
-CONFIG_NF_CONNTRACK_PROCFS=y
-CONFIG_NF_CONNTRACK_SANE=y
-CONFIG_NF_CONNTRACK_SECMARK=y
-CONFIG_NF_CONNTRACK_SIP=y
-CONFIG_NF_CONNTRACK_SNMP=y
-CONFIG_NF_CONNTRACK_TFTP=y
-CONFIG_NF_CONNTRACK_TIMEOUT=y
-CONFIG_NF_CONNTRACK_TIMESTAMP=y
-CONFIG_NF_CONNTRACK=y
-CONFIG_NF_CONNTRACK_ZONES=y
-CONFIG_NF_CT_NETLINK=y
-CONFIG_NF_CT_PROTO_GRE=y
-CONFIG_NF_CT_PROTO_SCTP=y
-CONFIG_NF_DEFRAG_IPV4=y
-CONFIG_NF_DEFRAG_IPV6=y
-CONFIG_NF_DUP_IPV4=y
-CONFIG_NF_DUP_IPV6=y
-CONFIG_NF_DUP_NETDEV=y
-CONFIG_NF_LOG_ARP=y
-CONFIG_NF_LOG_IPV4=y
-CONFIG_NF_LOG_IPV6=y
-CONFIG_NF_LOG_SYSLOG=y
-CONFIG_NF_NAT_FTP=y
-CONFIG_NF_NAT_MASQUERADE=y
-CONFIG_NF_NAT_OVS=y
-CONFIG_NF_NAT_PPTP=y
-CONFIG_NF_NAT_REDIRECT=y
-CONFIG_NF_NAT_SIP=y
-CONFIG_NF_NAT_SNMP_BASIC=y
-CONFIG_NF_NAT_TFTP=y
-CONFIG_NF_NAT=y
-CONFIG_NF_REJECT_IPV4=y
-CONFIG_NF_REJECT_IPV6=y
-CONFIG_NFS_ACL_SUPPORT=m
-CONFIG_NFS_COMMON=y
-CONFIG_NFS_DEBUG=y
-CONFIG_NFS_DISABLE_UDP_SUPPORT=y
-CONFIG_NFSD_LEGACY_CLIENT_TRACKING=y
-CONFIG_NFSD=m
-CONFIG_NFSD_V3_ACL=y
-CONFIG_NFSD_V4_SECURITY_LABEL=y
-CONFIG_NFSD_V4=y
-CONFIG_NFS_FSCACHE=y
-CONFIG_NFS_FS=m
-CONFIG_NFS_USE_KERNEL_DNS=y
-CONFIG_NFS_V2=m
-CONFIG_NFS_V3_ACL=y
-CONFIG_NFS_V3=m
-CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org"
-CONFIG_NFS_V4_1=y
-CONFIG_NFS_V4_2_READ_PLUS=y
-CONFIG_NFS_V4_2_SSC_HELPER=y
-CONFIG_NFS_V4_2=y
-CONFIG_NFS_V4=m
-CONFIG_NFS_V4_SECURITY_LABEL=y
-CONFIG_NF_TABLES_INET=y
-CONFIG_NF_TABLES_IPV4=y
-CONFIG_NF_TABLES_IPV6=y
-CONFIG_NF_TABLES_NETDEV=y
-CONFIG_NF_TABLES=y
-CONFIG_NFT_COMPAT=y
-CONFIG_NFT_CT=y
-CONFIG_NFT_DUP_NETDEV=y
-CONFIG_NFT_FIB_INET=y
-CONFIG_NFT_FIB_IPV4=y
-CONFIG_NFT_FIB_IPV6=y
-CONFIG_NFT_FIB=y
-CONFIG_NFT_FWD_NETDEV=y
-CONFIG_NFT_HASH=y
-CONFIG_NFT_LIMIT=y
-CONFIG_NFT_LOG=y
-CONFIG_NFT_MASQ=y
-CONFIG_NFT_NAT=y
-CONFIG_NFT_NUMGEN=y
-CONFIG_NF_TPROXY_IPV4=y
-CONFIG_NF_TPROXY_IPV6=y
-CONFIG_NFT_QUEUE=y
-CONFIG_NFT_QUOTA=y
-CONFIG_NFT_REDIR=y
-CONFIG_NFT_REJECT_INET=y
-CONFIG_NFT_REJECT_IPV4=y
-CONFIG_NFT_REJECT_IPV6=y
-CONFIG_NFT_REJECT=y
-CONFIG_NFT_TPROXY=y
-CONFIG_NITRO_ENCLAVES=y
-CONFIG_NLATTR=y
-CONFIG_NLS_ASCII=y
-CONFIG_NLS_CODEPAGE_437=y
-CONFIG_NLS_DEFAULT="utf8"
-CONFIG_NLS_ISO8859_1=y
-CONFIG_NLS_UCS2_UTILS=y
-CONFIG_NLS_UTF8=y
-CONFIG_NLS=y
-CONFIG_NODES_SHIFT=6
-CONFIG_NO_HZ_COMMON=y
-CONFIG_NO_HZ_IDLE=y
-CONFIG_NO_HZ=y
-CONFIG_NOP_TRACER=y
-CONFIG_NR_CPUS=512
-CONFIG_NR_CPUS_DEFAULT=64
-CONFIG_NR_CPUS_RANGE_BEGIN=2
-CONFIG_NR_CPUS_RANGE_END=512
-CONFIG_NUMA=y
-CONFIG_NVME_AUTH=y
-CONFIG_NVME_COMMON=y
-CONFIG_NVME_CORE=y
-CONFIG_NVME_FABRICS=y
-CONFIG_NVME_FC=y
-CONFIG_NVME_HWMON=y
-CONFIG_NVMEM_SYSFS=y
-CONFIG_NVME_MULTIPATH=y
-CONFIG_NVMEM=y
-CONFIG_NVME_RDMA=m
-CONFIG_NVME_TARGET_AUTH=y
-CONFIG_NVME_TARGET_FC=m
-CONFIG_NVME_TARGET_LOOP=m
-CONFIG_NVME_TARGET=m
-CONFIG_NVME_TARGET_PASSTHRU=y
-CONFIG_NVME_TARGET_RDMA=m
-CONFIG_NVME_TARGET_TCP=m
-CONFIG_NVME_TCP=y
-CONFIG_NVRAM=y
-CONFIG_OBJAGG=m
-CONFIG_OBJTOOL=y
-CONFIG_OID_REGISTRY=y
-CONFIG_OLD_SIGSUSPEND3=y
-CONFIG_OPENVSWITCH_GENEVE=y
-CONFIG_OPENVSWITCH_GRE=m
-CONFIG_OPENVSWITCH_VXLAN=y
-CONFIG_OPENVSWITCH=y
-CONFIG_OPTPROBES=y
-CONFIG_OSF_PARTITION=y
-CONFIG_OUTPUT_FORMAT="elf64-x86-64"
-CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
-CONFIG_OVERLAY_FS=y
-CONFIG_P2SB=y
-CONFIG_PACKET=y
-CONFIG_PAGE_COUNTER=y
-CONFIG_PAGE_POISONING=y
-CONFIG_PAGE_POOL=y
-CONFIG_PAGE_REPORTING=y
-CONFIG_PAGE_SIZE_LESS_THAN_256KB=y
-CONFIG_PAGE_SIZE_LESS_THAN_64KB=y
-CONFIG_PAGE_TABLE_ISOLATION=y
-CONFIG_PAHOLE_HAS_LANG_EXCLUDE=y
-CONFIG_PAHOLE_HAS_SPLIT_BTF=y
-CONFIG_PAHOLE_VERSION=126
-CONFIG_PANIC_ON_OOPS_VALUE=1
-CONFIG_PANIC_ON_OOPS=y
-CONFIG_PANIC_TIMEOUT=-1
-CONFIG_PANTHERLORD_FF=y
-CONFIG_PARAVIRT_CLOCK=y
-CONFIG_PARAVIRT_XXL=y
-CONFIG_PARAVIRT=y
-CONFIG_PARMAN=m
-CONFIG_PARTITION_ADVANCED=y
-CONFIG_PATA_AMD=m
-CONFIG_PATA_MARVELL=m
-CONFIG_PATA_OLDPIIX=m
-CONFIG_PATA_SCH=m
-CONFIG_PATA_TIMINGS=y
-CONFIG_PCC=y
-CONFIG_PCI_ATS=y
-CONFIG_PCI_DIRECT=y
-CONFIG_PCI_DOMAINS=y
-CONFIG_PCIEAER=y
-CONFIG_PCIEASPM_DEFAULT=y
-CONFIG_PCIEASPM=y
-CONFIG_PCIE_BUS_DEFAULT=y
-CONFIG_PCIE_PME=y
-CONFIG_PCIEPORTBUS=y
-CONFIG_PCI_HYPERV_INTERFACE=y
-CONFIG_PCI_HYPERV=y
-CONFIG_PCI_IOV=y
-CONFIG_PCI_LABEL=y
-CONFIG_PCI_LOCKLESS_CONFIG=y
-CONFIG_PCI_MMCONFIG=y
-CONFIG_PCI_MSI=y
-CONFIG_PCI_PASID=y
-CONFIG_PCI_PRI=y
-CONFIG_PCI_QUIRKS=y
-CONFIG_PCI_XEN=y
-CONFIG_PCI=y
-CONFIG_PCPU_DEV_REFCNT=y
-CONFIG_PCSPKR_PLATFORM=y
-CONFIG_PERF_EVENTS_AMD_UNCORE=y
-CONFIG_PERF_EVENTS_INTEL_CSTATE=y
-CONFIG_PERF_EVENTS_INTEL_RAPL=y
-CONFIG_PERF_EVENTS_INTEL_UNCORE=y
-CONFIG_PERF_EVENTS=y
-CONFIG_PER_VMA_LOCK=y
-CONFIG_PGTABLE_LEVELS=4
-CONFIG_PHONET=y
-CONFIG_PHYLIB=y
-CONFIG_PHYLINK=y
-CONFIG_PHYS_ADDR_T_64BIT=y
-CONFIG_PHYSICAL_ALIGN=0x200000
-CONFIG_PHYSICAL_START=0x1000000
-CONFIG_PID_NS=y
-CONFIG_PKCS7_MESSAGE_PARSER=y
-CONFIG_PLDMFW=y
-CONFIG_PM_CLK=y
-CONFIG_PM_DEBUG=y
-CONFIG_PM_SLEEP_DEBUG=y
-CONFIG_PM_SLEEP_SMP=y
-CONFIG_PM_SLEEP=y
-CONFIG_PM_TRACE_RTC=y
-CONFIG_PM_TRACE=y
-CONFIG_PM=y
-CONFIG_PNFS_BLOCK=y
-CONFIG_PNFS_FILE_LAYOUT=y
-CONFIG_PNFS_FLEXFILE_LAYOUT=y
-CONFIG_PNPACPI=y
-CONFIG_PNP_DEBUG_MESSAGES=y
-CONFIG_PNP=y
-CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y
-CONFIG_POSIX_MQUEUE_SYSCTL=y
-CONFIG_POSIX_MQUEUE=y
-CONFIG_POSIX_TIMERS=y
-CONFIG_POWER_SUPPLY_HWMON=y
-CONFIG_POWER_SUPPLY=y
-CONFIG_PPS=y
-CONFIG_PREEMPT_NONE_BUILD=y
-CONFIG_PREEMPT_NONE=y
-CONFIG_PREEMPT_NOTIFIERS=y
-CONFIG_PREFIX_SYMBOLS=y
-CONFIG_PREVENT_FIRMWARE_BUILD=y
-CONFIG_PRINTK_TIME=y
-CONFIG_PRINTK=y
-CONFIG_PROBE_EVENTS_BTF_ARGS=y
-CONFIG_PROBE_EVENTS=y
-CONFIG_PROC_CHILDREN=y
-CONFIG_PROC_EVENTS=y
-CONFIG_PROC_FS=y
-CONFIG_PROC_KCORE=y
-CONFIG_PROC_PAGE_MONITOR=y
-CONFIG_PROC_PID_ARCH_STATUS=y
-CONFIG_PROC_PID_CPUSET=y
-CONFIG_PROC_SYSCTL=y
-CONFIG_PROC_VMCORE=y
-CONFIG_PROFILING=y
-CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
-CONFIG_PSAMPLE=y
-CONFIG_PSI=y
-CONFIG_PTDUMP_CORE=y
-CONFIG_PTP_1588_CLOCK_KVM=y
-CONFIG_PTP_1588_CLOCK_OPTIONAL=y
-CONFIG_PTP_1588_CLOCK=y
-CONFIG_PWM_SYSFS=y
-CONFIG_PWM=y
-CONFIG_QEDE=m
-CONFIG_QED=m
-CONFIG_QED_SRIOV=y
-CONFIG_QFMT_V2=y
-CONFIG_QLCNIC_DCB=y
-CONFIG_QLCNIC_HWMON=y
-CONFIG_QLCNIC=m
-CONFIG_QLCNIC_SRIOV=y
-CONFIG_QUEUED_RWLOCKS=y
-CONFIG_QUEUED_SPINLOCKS=y
-CONFIG_QUOTACTL=y
-CONFIG_QUOTA_NETLINK_INTERFACE=y
-CONFIG_QUOTA_TREE=y
-CONFIG_QUOTA=y
-CONFIG_R8169=m
-CONFIG_RAID6_PQ_BENCHMARK=y
-CONFIG_RAID6_PQ=m
-CONFIG_RAID_ATTRS=y
-CONFIG_RANDOMIZE_BASE=y
-CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
-CONFIG_RANDOMIZE_KSTACK_OFFSET=y
-CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
-CONFIG_RANDOMIZE_MEMORY=y
-CONFIG_RANDSTRUCT_NONE=y
-CONFIG_RAS=y
-CONFIG_RATIONAL=y
-CONFIG_RCU_CPU_STALL_TIMEOUT=21
-CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0
-CONFIG_RCU_NEED_SEGCBLIST=y
-CONFIG_RCU_STALL_COMMON=y
-CONFIG_RDMA_RXE=m
-CONFIG_RDS=y
-CONFIG_RD_XZ=y
-CONFIG_RD_ZSTD=y
-CONFIG_REALTEK_PHY=y
-CONFIG_REGMAP_I2C=y
-CONFIG_REGMAP=y
-CONFIG_REGULATOR_FIXED_VOLTAGE=y
-CONFIG_REGULATOR_MP8859=y
-CONFIG_REGULATOR_PWM=y
-CONFIG_REGULATOR=y
-CONFIG_RELAY=y
-CONFIG_RELOCATABLE=y
-CONFIG_RESET_ATTACK_MITIGATION=y
-CONFIG_RETHOOK=y
-CONFIG_RETHUNK=y
-CONFIG_RETPOLINE=y
-CONFIG_RFS_ACCEL=y
-CONFIG_RING_BUFFER=y
-CONFIG_ROOT_NFS=y
-CONFIG_RPCSEC_GSS_KRB5=y
-CONFIG_RPMSG_NS=y
-CONFIG_RPMSG_VIRTIO=y
-CONFIG_RPMSG=y
-CONFIG_RPS=y
-CONFIG_RSEQ=y
-CONFIG_RTC_CLASS=y
-CONFIG_RTC_DRV_CMOS=y
-CONFIG_RTC_I2C_AND_SPI=y
-CONFIG_RTC_INTF_DEV=y
-CONFIG_RTC_INTF_PROC=y
-CONFIG_RTC_INTF_SYSFS=y
-CONFIG_RTC_LIB=y
-CONFIG_RTC_MC146818_LIB=y
-CONFIG_RTC_NVMEM=y
-CONFIG_RTC_SYSTOHC_DEVICE="rtc0"
-CONFIG_RTC_SYSTOHC=y
-CONFIG_RT_GROUP_SCHED=y
-CONFIG_RT_MUTEXES=y
-CONFIG_RUNTIME_TESTING_MENU=y
-CONFIG_RWSEM_SPIN_ON_OWNER=y
-CONFIG_SATA_AHCI=m
-CONFIG_SATA_HOST=y
-CONFIG_SATA_MOBILE_LPM_POLICY=0
-CONFIG_SATA_NV=m
-CONFIG_SATA_PMP=y
-CONFIG_SATA_SIS=y
-CONFIG_SATA_SVW=m
-CONFIG_SATA_ULI=m
-CONFIG_SATA_VIA=m
-CONFIG_SATA_VITESSE=m
-CONFIG_SBITMAP=y
-CONFIG_SCHED_CLUSTER=y
-CONFIG_SCHED_CORE=y
-CONFIG_SCHED_HRTICK=y
-CONFIG_SCHED_INFO=y
-CONFIG_SCHED_MC_PRIO=y
-CONFIG_SCHED_MC=y
-CONFIG_SCHED_MM_CID=y
-CONFIG_SCHED_OMIT_FRAME_POINTER=y
-CONFIG_SCHED_SMT=y
-CONFIG_SCHED_STACK_END_CHECK=y
-CONFIG_SCHEDSTATS=y
-CONFIG_SCSI_AACRAID=m
-CONFIG_SCSI_COMMON=y
-CONFIG_SCSI_CONSTANTS=y
-CONFIG_SCSI_DMA=y
-CONFIG_SCSI_ENCLOSURE=y
-CONFIG_SCSI_HPSA=m
-CONFIG_SCSI_ISCI=m
-CONFIG_SCSI_ISCSI_ATTRS=y
-CONFIG_SCSI_LOWLEVEL=y
-CONFIG_SCSI_MOD=y
-CONFIG_SCSI_MPT2SAS_MAX_SGE=128
-CONFIG_SCSI_MPT3SAS=m
-CONFIG_SCSI_MPT3SAS_MAX_SGE=128
-CONFIG_SCSI_PMCRAID=m
-CONFIG_SCSI_PROC_FS=y
-CONFIG_SCSI_SAS_ATA=y
-CONFIG_SCSI_SAS_ATTRS=y
-CONFIG_SCSI_SAS_HOST_SMP=y
-CONFIG_SCSI_SAS_LIBSAS=y
-CONFIG_SCSI_SMARTPQI=m
-CONFIG_SCSI_SPI_ATTRS=y
-CONFIG_SCSI_VIRTIO=y
-CONFIG_SCSI=y
-CONFIG_SCTP_COOKIE_HMAC_MD5=y
-CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
-CONFIG_SECCOMP_FILTER=y
-CONFIG_SECCOMP=y
-CONFIG_SECRETMEM=y
-CONFIG_SECTION_MISMATCH_WARN_ONLY=y
-CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y
-CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
-CONFIG_SECURITY_APPARMOR_HASH=y
-CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
-CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_SECURITY_DMESG_RESTRICT=y
-CONFIG_SECURITYFS=y
-CONFIG_SECURITY_LANDLOCK=y
-CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_SECURITY_LOCKDOWN_LSM=y
-CONFIG_SECURITY_NETWORK_XFRM=y
-CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_PATH=y
-CONFIG_SECURITY=y
-CONFIG_SECURITY_YAMA=y
-CONFIG_SENSORS_ACPI_POWER=y
-CONFIG_SENSORS_CORETEMP=y
-CONFIG_SENSORS_DRIVETEMP=y
-CONFIG_SENSORS_FAM15H_POWER=m
-CONFIG_SENSORS_I5500=m
-CONFIG_SENSORS_I5K_AMB=m
-CONFIG_SENSORS_K10TEMP=m
-CONFIG_SENSORS_K8TEMP=m
-CONFIG_SENSORS_NCT6683=y
-CONFIG_SERIAL_8250_CONSOLE=y
-CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y
-CONFIG_SERIAL_8250_DETECT_IRQ=y
-CONFIG_SERIAL_8250_DMA=y
-CONFIG_SERIAL_8250_DWLIB=y
-CONFIG_SERIAL_8250_EXAR=y
-CONFIG_SERIAL_8250_EXTENDED=y
-CONFIG_SERIAL_8250_LPSS=y
-CONFIG_SERIAL_8250_MANY_PORTS=y
-CONFIG_SERIAL_8250_MID=y
-CONFIG_SERIAL_8250_NR_UARTS=32
-CONFIG_SERIAL_8250_PCILIB=y
-CONFIG_SERIAL_8250_PCI=y
-CONFIG_SERIAL_8250_PERICOM=y
-CONFIG_SERIAL_8250_PNP=y
-CONFIG_SERIAL_8250_RSA=y
-CONFIG_SERIAL_8250_RUNTIME_UARTS=4
-CONFIG_SERIAL_8250_SHARE_IRQ=y
-CONFIG_SERIAL_8250=y
-CONFIG_SERIAL_CORE_CONSOLE=y
-CONFIG_SERIAL_CORE=y
-CONFIG_SERIAL_EARLYCON=y
-CONFIG_SERIAL_NONSTANDARD=y
-CONFIG_SERIO_I8042=y
-CONFIG_SERIO_LIBPS2=y
-CONFIG_SERIO_PCIPS2=m
-CONFIG_SERIO_SERPORT=y
-CONFIG_SERIO=y
-CONFIG_SFC=m
-CONFIG_SFC_MCDI_LOGGING=y
-CONFIG_SFC_MCDI_MON=y
-CONFIG_SFC_SIENA=m
-CONFIG_SFC_SIENA_MCDI_LOGGING=y
-CONFIG_SFC_SIENA_MCDI_MON=y
-CONFIG_SFC_SIENA_SRIOV=y
-CONFIG_SFC_SRIOV=y
-CONFIG_SGETMASK_SYSCALL=y
-CONFIG_SGI_PARTITION=y
-CONFIG_SGL_ALLOC=y
-CONFIG_SG_POOL=y
-CONFIG_SHMEM=y
-CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
-CONFIG_SIGNALFD=y
-CONFIG_SIGNATURE=y
-CONFIG_SIGNED_PE_FILE_VERIFICATION=y
-CONFIG_SKB_EXTENSIONS=y
-CONFIG_SKY2=m
-CONFIG_SLAB_FREELIST_HARDENED=y
-CONFIG_SLAB_FREELIST_RANDOM=y
-CONFIG_SLAB_MERGE_DEFAULT=y
-CONFIG_SLS=y
-CONFIG_SLUB_CPU_PARTIAL=y
-CONFIG_SLUB_DEBUG=y
-CONFIG_SLUB=y
-CONFIG_SMBFS=y
-CONFIG_SMP=y
-CONFIG_SMSC_PHY=m
-CONFIG_SOCK_CGROUP_DATA=y
-CONFIG_SOCK_RX_QUEUE_MAPPING=y
-CONFIG_SOFTIRQ_ON_OWN_STACK=y
-CONFIG_SOLARIS_X86_PARTITION=y
-CONFIG_SP5100_TCO=m
-CONFIG_SPARSE_IRQ=y
-CONFIG_SPARSEMEM_EXTREME=y
-CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
-CONFIG_SPARSEMEM_VMEMMAP=y
-CONFIG_SPARSEMEM=y
-CONFIG_SPLIT_PTLOCK_CPUS=4
-CONFIG_SQUASHFS_COMPILE_DECOMP_SINGLE=y
-CONFIG_SQUASHFS_DECOMP_SINGLE=y
-CONFIG_SQUASHFS_FILE_DIRECT=y
-CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
-CONFIG_SQUASHFS_XATTR=y
-CONFIG_SQUASHFS_XZ=y
-CONFIG_SQUASHFS=y
-CONFIG_SQUASHFS_ZSTD=y
-CONFIG_SSB_POSSIBLE=y
-CONFIG_STACKDEPOT=y
-CONFIG_STACKLEAK_TRACK_MIN_SIZE=100
-CONFIG_STACKPROTECTOR_STRONG=y
-CONFIG_STACKPROTECTOR=y
-CONFIG_STACKTRACE_SUPPORT=y
-CONFIG_STACKTRACE=y
-CONFIG_STANDALONE=y
-CONFIG_STP=y
-CONFIG_STREAM_PARSER=y
-CONFIG_STRICT_KERNEL_RWX=y
-CONFIG_STRICT_MODULE_RWX=y
-CONFIG_SUN_PARTITION=y
-CONFIG_SUNRPC_BACKCHANNEL=y
-CONFIG_SUNRPC_GSS=y
-CONFIG_SUNRPC_XPRT_RDMA=y
-CONFIG_SUNRPC=y
-CONFIG_SURFACE_PLATFORMS=y
-CONFIG_SUSPEND_FREEZER=y
-CONFIG_SUSPEND=y
-CONFIG_SWAP=y
-CONFIG_SWIOTLB_XEN=y
-CONFIG_SWIOTLB=y
-CONFIG_SWPHY=y
-CONFIG_SYMBOLIC_ERRNAME=y
-CONFIG_SYNC_FILE=y
-CONFIG_SYN_COOKIES=y
-CONFIG_SYSCTL_EXCEPTION_TRACE=y
-CONFIG_SYSCTL=y
-CONFIG_SYSFB=y
-CONFIG_SYSFS_SYSCALL=y
-CONFIG_SYSFS=y
-CONFIG_SYS_HYPERVISOR=y
-CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
-CONFIG_SYSTEM_BLACKLIST_KEYRING=y
-CONFIG_SYSTEM_DATA_VERIFICATION=y
-CONFIG_SYSTEM_TRUSTED_KEYRING=y
-CONFIG_SYSTEM_TRUSTED_KEYS=""
-CONFIG_SYSVIPC_COMPAT=y
-CONFIG_SYSVIPC_SYSCTL=y
-CONFIG_SYSVIPC=y
-CONFIG_TAP=y
-CONFIG_TASK_DELAY_ACCT=y
-CONFIG_TASK_IO_ACCOUNTING=y
-CONFIG_TASKS_RCU_GENERIC=y
-CONFIG_TASKS_RUDE_RCU=y
-CONFIG_TASKSTATS=y
-CONFIG_TASKS_TRACE_RCU=y
-CONFIG_TASK_XACCT=y
-CONFIG_TCG_CRB=y
-CONFIG_TCG_TIS_CORE=y
-CONFIG_TCG_TIS=y
-CONFIG_TCG_TPM=y
-CONFIG_TCP_CONG_ADVANCED=y
-CONFIG_TCP_CONG_BBR=y
-CONFIG_TCP_CONG_CUBIC=y
-CONFIG_TCP_MD5SIG=y
-CONFIG_TEXTSEARCH_BM=y
-CONFIG_TEXTSEARCH_FSM=y
-CONFIG_TEXTSEARCH_KMP=y
-CONFIG_TEXTSEARCH=y
-CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
-CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
-CONFIG_THERMAL_GOV_STEP_WISE=y
-CONFIG_THERMAL_GOV_USER_SPACE=y
-CONFIG_THERMAL_HWMON=y
-CONFIG_THERMAL_WRITABLE_TRIPS=y
-CONFIG_THERMAL=y
-CONFIG_THREAD_INFO_IN_TASK=y
-CONFIG_TICK_CPU_ACCOUNTING=y
-CONFIG_TICK_ONESHOT=y
-CONFIG_TIGON3_HWMON=y
-CONFIG_TIGON3=m
-CONFIG_TIME_NS=y
-CONFIG_TIMERFD=y
-CONFIG_TLS=m
-CONFIG_TMPFS_POSIX_ACL=y
-CONFIG_TMPFS_XATTR=y
-CONFIG_TMPFS=y
-CONFIG_TOOLS_SUPPORT_RELR=y
-CONFIG_TRACE_CLOCK=y
-CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y
-CONFIG_TRACE_IRQFLAGS_SUPPORT=y
-CONFIG_TRACEPOINTS=y
-CONFIG_TRACING_SUPPORT=y
-CONFIG_TRACING=y
-CONFIG_TREE_RCU=y
-CONFIG_TREE_SRCU=y
-CONFIG_TTY=y
-CONFIG_TTY_PRINTK_LEVEL=6
-CONFIG_TTY_PRINTK=m
-CONFIG_TUN=y
-CONFIG_UBSAN_BOOL=y
-CONFIG_UBSAN_BOUNDS_STRICT=y
-CONFIG_UBSAN_BOUNDS=y
-CONFIG_UBSAN_ENUM=y
-CONFIG_UBSAN_SANITIZE_ALL=y
-CONFIG_UBSAN_SHIFT=y
-CONFIG_UBSAN=y
-CONFIG_UCS2_STRING=y
-CONFIG_UDF_FS=y
-CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-CONFIG_UEVENT_HELPER=y
-CONFIG_UID16=y
-CONFIG_UNIX98_PTYS=y
-CONFIG_UNIX_SCM=y
-CONFIG_UNIXWARE_DISKLABEL=y
-CONFIG_UNIX=y
-CONFIG_UNWINDER_ORC=y
-CONFIG_UPROBE_EVENTS=y
-CONFIG_UPROBES=y
-CONFIG_USB4=m
-CONFIG_USB4_NET=m
-CONFIG_USB_ACM=y
-CONFIG_USB_ALI_M5632=y
-CONFIG_USB_AN2720=y
-CONFIG_USB_ARCH_HAS_HCD=y
-CONFIG_USB_ARMLINUX=y
-CONFIG_USB_AUTOSUSPEND_DELAY=2
-CONFIG_USB_BELKIN=y
-CONFIG_USB_CDC_PHONET=m
-CONFIG_USB_COMMON=y
-CONFIG_USB_DEFAULT_PERSIST=y
-CONFIG_USB_EHCI_HCD=y
-CONFIG_USB_EHCI_PCI=y
-CONFIG_USB_EHCI_TT_NEWSCHED=y
-CONFIG_USB_HID=y
-CONFIG_USB_KC2190=y
-CONFIG_USB_NET_AQC111=m
-CONFIG_USB_NET_AX88179_178A=m
-CONFIG_USB_NET_AX8817X=m
-CONFIG_USB_NET_CDC_EEM=m
-CONFIG_USB_NET_CDCETHER=m
-CONFIG_USB_NET_CDC_MBIM=m
-CONFIG_USB_NET_CDC_NCM=m
-CONFIG_USB_NET_CDC_SUBSET_ENABLE=m
-CONFIG_USB_NET_CDC_SUBSET=m
-CONFIG_USB_NET_CX82310_ETH=m
-CONFIG_USB_NET_DM9601=m
-CONFIG_USB_NET_DRIVERS=y
-CONFIG_USB_NET_GL620A=m
-CONFIG_USB_NET_HUAWEI_CDC_NCM=m
-CONFIG_USB_NET_INT51X1=m
-CONFIG_USB_NET_KALMIA=m
-CONFIG_USB_NET_MCS7830=m
-CONFIG_USB_NET_NET1080=m
-CONFIG_USB_NET_PLUSB=m
-CONFIG_USB_NET_QMI_WWAN=m
-CONFIG_USB_NET_RNDIS_HOST=m
-CONFIG_USB_NET_SMSC75XX=m
-CONFIG_USB_NET_SMSC95XX=m
-CONFIG_USB_NET_SR9700=m
-CONFIG_USB_NET_SR9800=m
-CONFIG_USB_NET_ZAURUS=m
-CONFIG_USB_OHCI_HCD=m
-CONFIG_USB_OHCI_HCD_PCI=m
-CONFIG_USB_OHCI_HCD_PLATFORM=m
-CONFIG_USB_OHCI_LITTLE_ENDIAN=y
-CONFIG_USB_PCI=y
-CONFIG_USB_RTL8152=m
-CONFIG_USB_RTL8153_ECM=m
-CONFIG_USB_SERIAL_CH341=m
-CONFIG_USB_SERIAL_CONSOLE=y
-CONFIG_USB_SERIAL_CP210X=m
-CONFIG_USB_SERIAL_FTDI_SIO=m
-CONFIG_USB_SERIAL_GENERIC=y
-CONFIG_USB_SERIAL_OPTION=m
-CONFIG_USB_SERIAL_PL2303=m
-CONFIG_USB_SERIAL_WWAN=m
-CONFIG_USB_SERIAL=y
-CONFIG_USB_SIERRA_NET=m
-CONFIG_USB_STORAGE=y
-CONFIG_USB_SUPPORT=y
-CONFIG_USB_UAS=y
-CONFIG_USB_UHCI_HCD=m
-CONFIG_USB_USBNET=m
-CONFIG_USB_VL600=m
-CONFIG_USB_WDM=m
-CONFIG_USB_XHCI_HCD=y
-CONFIG_USB_XHCI_PCI=y
-CONFIG_USB_XHCI_PLATFORM=y
-CONFIG_USB=y
-CONFIG_USELIB=y
-CONFIG_USE_PERCPU_NUMA_NODE_ID=y
-CONFIG_USER_NS=y
-CONFIG_USER_RETURN_NOTIFIER=y
-CONFIG_USER_STACKTRACE_SUPPORT=y
-CONFIG_UTS_NS=y
-CONFIG_UVC_COMMON=m
-CONFIG_VETH=y
-CONFIG_VFAT_FS=y
-CONFIG_VFIO_CONTAINER=y
-CONFIG_VFIO_GROUP=y
-CONFIG_VFIO_IOMMU_TYPE1=m
-CONFIG_VFIO=m
-CONFIG_VFIO_MDEV=m
-CONFIG_VFIO_PCI_CORE=m
-CONFIG_VFIO_PCI_IGD=y
-CONFIG_VFIO_PCI_INTX=y
-CONFIG_VFIO_PCI=m
-CONFIG_VFIO_PCI_MMAP=y
-CONFIG_VFIO_PCI_VGA=y
-CONFIG_VFIO_VIRQFD=y
-CONFIG_VGA_ARB_MAX_GPUS=16
-CONFIG_VGA_ARB=y
-CONFIG_VGA_CONSOLE=y
-CONFIG_VGASTATE=y
-CONFIG_VHOST_IOTLB=y
-CONFIG_VHOST_MENU=y
-CONFIG_VHOST_NET=y
-CONFIG_VHOST_TASK=y
-CONFIG_VHOST_VSOCK=y
-CONFIG_VHOST=y
-CONFIG_VIRT_DRIVERS=y
-CONFIG_VIRTIO_ANCHOR=y
-CONFIG_VIRTIO_BALLOON=m
-CONFIG_VIRTIO_BLK=y
-CONFIG_VIRTIO_CONSOLE=y
-CONFIG_VIRTIO_DMA_SHARED_BUFFER=y
-CONFIG_VIRTIO_FS=y
-CONFIG_VIRTIO_INPUT=m
-CONFIG_VIRTIO_MENU=y
-CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y
-CONFIG_VIRTIO_MMIO=m
-CONFIG_VIRTIO_NET=y
-CONFIG_VIRTIO_PCI_LEGACY=y
-CONFIG_VIRTIO_PCI_LIB_LEGACY=m
-CONFIG_VIRTIO_PCI_LIB=m
-CONFIG_VIRTIO_PCI=m
-CONFIG_VIRTIO_VSOCKETS_COMMON=y
-CONFIG_VIRTIO_VSOCKETS=y
-CONFIG_VIRTIO=y
-CONFIG_VIRTUALIZATION=y
-CONFIG_VLAN_8021Q=y
-CONFIG_VMAP_PFN=y
-CONFIG_VMAP_STACK=y
-CONFIG_VMD=y
-CONFIG_VM_EVENT_COUNTERS=y
-CONFIG_VMGENID=y
-CONFIG_VSOCKETS_DIAG=y
-CONFIG_VSOCKETS_LOOPBACK=y
-CONFIG_VSOCKETS=y
-CONFIG_VT_CONSOLE_SLEEP=y
-CONFIG_VT_CONSOLE=y
-CONFIG_VT_HW_CONSOLE_BINDING=y
-CONFIG_VT=y
-CONFIG_VXLAN=y
-CONFIG_WATCHDOG_CORE=m
-CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y
-CONFIG_WATCHDOG_OPEN_TIMEOUT=0
-CONFIG_WATCHDOG_SYSFS=y
-CONFIG_WATCHDOG=y
-CONFIG_WDAT_WDT=m
-CONFIG_WIREGUARD=y
-CONFIG_WIRELESS=y
-CONFIG_WMI_BMOF=y
-CONFIG_X509_CERTIFICATE_PARSER=y
-CONFIG_X86_64_ACPI_NUMA=y
-CONFIG_X86_64_SMP=y
-CONFIG_X86_64=y
-CONFIG_X86_ACPI_CPUFREQ_CPB=y
-CONFIG_X86_ACPI_CPUFREQ=y
-CONFIG_X86_AMD_PSTATE_DEFAULT_MODE=3
-CONFIG_X86_AMD_PSTATE=y
-CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
-CONFIG_X86_CET=y
-CONFIG_X86_CHECK_BIOS_CORRUPTION=y
-CONFIG_X86_CMOV=y
-CONFIG_X86_CMPXCHG64=y
-CONFIG_X86_CPUID=y
-CONFIG_X86_DEBUGCTLMSR=y
-CONFIG_X86_DEBUG_FPU=y
-CONFIG_X86_DIRECT_GBPAGES=y
-CONFIG_X86_EXTENDED_PLATFORM=y
-CONFIG_X86_HV_CALLBACK_VECTOR=y
-CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
-CONFIG_X86_INTEL_PSTATE=y
-CONFIG_X86_INTEL_TSX_MODE_OFF=y
-CONFIG_X86_INTERNODE_CACHE_SHIFT=6
-CONFIG_X86_IO_APIC=y
-CONFIG_X86_IOPL_IOPERM=y
-CONFIG_X86_KERNEL_IBT=y
-CONFIG_X86_L1_CACHE_SHIFT=6
-CONFIG_X86_LOCAL_APIC=y
-CONFIG_X86_MCE_AMD=y
-CONFIG_X86_MCE_INTEL=y
-CONFIG_X86_MCE_THRESHOLD=y
-CONFIG_X86_MCE=y
-CONFIG_X86_MEM_ENCRYPT=y
-CONFIG_X86_MINIMUM_CPU_FAMILY=64
-CONFIG_X86_MPPARSE=y
-CONFIG_X86_NEED_RELOCS=y
-CONFIG_X86_PAT=y
-CONFIG_X86_PCC_CPUFREQ=m
-CONFIG_X86_PKG_TEMP_THERMAL=y
-CONFIG_X86_PLATFORM_DEVICES=y
-CONFIG_X86_PM_TIMER=y
-CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
-CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
-CONFIG_X86_THERMAL_VECTOR=y
-CONFIG_X86_TSC=y
-CONFIG_X86_UMIP=y
-CONFIG_X86_VERBOSE_BOOTUP=y
-CONFIG_X86_VMX_FEATURE_NAMES=y
-CONFIG_X86_VSYSCALL_EMULATION=y
-CONFIG_X86_X2APIC=y
-CONFIG_X86=y
-CONFIG_XDP_SOCKETS=y
-CONFIG_XFRM_AH=y
-CONFIG_XFRM_ALGO=y
-CONFIG_XFRM_ESP=y
-CONFIG_XFRM_IPCOMP=y
-CONFIG_XFRM_OFFLOAD=y
-CONFIG_XFRM_USER=y
-CONFIG_XFRM=y
-CONFIG_XFS_DRAIN_INTENTS=y
-CONFIG_XFS_FS=m
-CONFIG_XFS_LIVE_HOOKS=y
-CONFIG_XFS_MEMORY_BUFS=y
-CONFIG_XFS_ONLINE_SCRUB_STATS=y
-CONFIG_XFS_ONLINE_SCRUB=y
-CONFIG_XFS_POSIX_ACL=y
-CONFIG_XFS_QUOTA=y
-CONFIG_XFS_RT=y
-CONFIG_XFS_SUPPORT_ASCII_CI=y
-CONFIG_XFS_SUPPORT_V4=y
-CONFIG_XOR_BLOCKS=m
-CONFIG_XPS=y
-CONFIG_XXHASH=y
-CONFIG_XZ_DEC_ARMTHUMB=y
-CONFIG_XZ_DEC_ARM=y
-CONFIG_XZ_DEC_BCJ=y
-CONFIG_XZ_DEC_IA64=y
-CONFIG_XZ_DEC_POWERPC=y
-CONFIG_XZ_DEC_X86=y
-CONFIG_XZ_DEC=y
-CONFIG_ZISOFS=y
-CONFIG_ZLIB_DEFLATE=y
-CONFIG_ZLIB_INFLATE=y
-CONFIG_ZONE_DEVICE=y
-CONFIG_ZONE_DMA32=y
-CONFIG_ZONE_DMA=y
-CONFIG_ZONEFS_FS=m
-CONFIG_ZRAM_DEF_COMP="zstd"
-CONFIG_ZRAM_DEF_COMP_ZSTD=y
-CONFIG_ZRAM=m
-CONFIG_ZRAM_MULTI_COMP=y
-CONFIG_ZRAM_WRITEBACK=y
-CONFIG_ZSTD_COMMON=y
-CONFIG_ZSTD_COMPRESS=y
-CONFIG_ZSTD_DECOMPRESS=y
diff --git a/modules/minimize.nix b/modules/minimize.nix
deleted file mode 100644
index e679396..0000000
--- a/modules/minimize.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ modulesPath, ... }:
-{
- imports = [
- "${modulesPath}/profiles/minimal.nix"
- ];
-
- nix.enable = false;
- system.disableInstallerTools = true;
- system.etc.overlay.enable = true;
- systemd.sysusers.enable = true;
-
- programs.less.lessopen = null;
- programs.command-not-found.enable = false;
-
- environment.defaultPackages = [ ];
-
- security.sudo.enable = false;
-}
diff --git a/modules/network.nix b/modules/network.nix
deleted file mode 100644
index 2c91f1a..0000000
--- a/modules/network.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, ... }:
-{
- networking = {
- useNetworkd = true;
- hostName = "";
-
- # Easy debugging.
- firewall.enable = false;
- };
-
- services.resolved = {
- fallbackDns = [ ]; # Disable fallback DNS. DNS will fail if resolvers are unconfigured
- };
-
- # Faster boot.
- systemd.network.wait-online.enable = false;
-}
diff --git a/modules/partitions.nix b/modules/partitions.nix
deleted file mode 100644
index b53513e..0000000
--- a/modules/partitions.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{
- config,
- pkgs,
- lib,
- modulesPath,
- ...
-}:
-{
-
- imports = [
- "${modulesPath}/image/repart.nix"
- ];
-
- image.repart =
- let
- efiArch = pkgs.stdenv.hostPlatform.efiArch;
- in
- {
- name = config.boot.uki.name;
- split = true;
-
- mkfsOptions = {
- erofs = [
- # "-zzstd,6" # Zstd compression
- # "-zlz4hc,12"
- "-T0" # Fixed timestamp for all files
- "-C262144" # 256 KiB cluster size
- # "-C65536" # 64 KiB cluster size
- # "-C1048576" # 1 MiB cluster size
- "-Efragments,dedupe,ztailpacking" # Extra features
- ];
- };
-
- partitions = {
- "esp" = {
- contents = {
- "/EFI/BOOT/BOOT${lib.toUpper efiArch}.EFI".source = "${pkgs.systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
- "/EFI/Linux/${config.system.boot.loader.ukiFile}".source = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
-
- # systemd-boot configuration
- "/loader/loader.conf".source = (
- pkgs.writeText "$out" ''
- timeout 0
- ''
- # FIXME: should not be 0 in prod
- );
- };
- repartConfig = {
- Type = "esp";
- UUID = "c12a7328-f81f-11d2-ba4b-00a0c93ec93b"; # Well known
- Format = "vfat";
- SizeMinBytes = "256M";
- SplitName = "-";
- };
- };
- "store" = {
- storePaths = [ config.system.build.toplevel ];
- stripNixStorePrefix = true;
- repartConfig = {
- Type = "linux-generic";
- Label = "${config.boot.uki.name}_${config.system.image.version}";
- Format = "erofs";
- Minimize = "best";
- ReadOnly = "yes";
- SizeMinBytes = "1G";
- SizeMaxBytes = "1G";
- SplitName = "store";
- };
- };
-
- # Placeholder for the second installed Nix store.
- "store-empty" = {
- repartConfig = {
- Type = "linux-generic";
- Label = "_empty";
- Minimize = "off";
- SizeMinBytes = "1G";
- SizeMaxBytes = "1G";
- SplitName = "-";
- };
- };
-
- # Persistent storage
- "var" = {
- repartConfig = {
- Type = "var";
- UUID = "4d21b016-b534-45c2-a9fb-5c16e091fd2d"; # Well known
- Format = "xfs";
- Label = "nixos-persistent";
- Minimize = "off";
-
- # Has to be large enough to hold update files.
- SizeMinBytes = "2G";
- SizeMaxBytes = "2G";
- SplitName = "-";
-
- # Wiping this gives us a clean state.
- FactoryReset = "yes";
- };
- };
- };
- };
-}
diff --git a/modules/patagia-agent.nix b/modules/patagia-agent.nix
deleted file mode 100644
index 17d7a62..0000000
--- a/modules/patagia-agent.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- pkgs,
- utils,
- ...
-}:
-
-{
-
- environment.etc."sysupdate.patagia-agent.d".source =
- let
- format = pkgs.formats.ini { listToValue = toString; };
- in
- utils.systemdUtils.lib.definitions "sysupdate.patagia-agent.d" format {
- "10-image.conf" = {
- Source = {
- MatchPattern = "patagia-agent_@v.raw";
- Path = "https://images.dl.patagia.dev/patagia-agent/";
- Type = "url-file";
- };
-
- Target = {
- InstancesMax = 2;
- Path = "/var/lib/extensions";
- CurrentSymlink = "/etc/systemd/extensions/patagia-agent.raw";
- Type = "regular-file";
- MatchPattern = "patagia-agent_@v.raw";
- };
-
- Transfer = {
- Verify = "no"; # FIXME: verify
- };
- };
- };
-}
diff --git a/modules/profiles/base.nix b/modules/profiles/base.nix
new file mode 100644
index 0000000..5cb46f5
--- /dev/null
+++ b/modules/profiles/base.nix
@@ -0,0 +1,86 @@
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
+{
+ imports = [
+ (modulesPath + "/profiles/image-based-appliance.nix")
+ (modulesPath + "/profiles/perlless.nix")
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ # system.forbiddenDependenciesRegexes = lib.mkForce [ ];
+
+ nixpkgs.flake.setNixPath = false;
+ nixpkgs.flake.setFlakeRegistry = false;
+
+ networking.hostName = "patos";
+
+ boot.kernelModules = [
+ "zram"
+ "usb_storage"
+ "uas"
+ "sd_mod"
+ "r8169"
+ "ehci-hcd"
+ "ehci-pci"
+ "xhci-hcd"
+ "xhci-pci"
+ "xhci-pci-renesas"
+ "nvme"
+ "virtio_net"
+ ];
+
+ system.etc.overlay.mutable = lib.mkDefault false;
+ users.mutableUsers = lib.mkDefault false;
+
+
+ systemd.watchdog = lib.mkDefault {
+ runtimeTime = "10s";
+ rebootTime = "30s";
+ };
+
+ zramSwap.enable = true;
+
+ services.openssh.settings.PasswordAuthentication = lib.mkDefault false;
+
+ users.allowNoPasswordLogin = true;
+ security.sudo.enable = lib.mkDefault false;
+
+ security.polkit = {
+ enable = true;
+ extraConfig =''
+ polkit.addRule(function(action, subject) {
+ if (subject.isInGroup("wheel")) {
+ return polkit.Result.YES;
+ }
+ });
+ '';
+ };
+
+ i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+
+ systemd.enableEmergencyMode = false;
+ console.enable = false;
+ systemd.services."getty@tty1".enable = lib.mkDefault false;
+ systemd.services."autovt@".enable = lib.mkDefault false;
+
+ boot.tmp.useTmpfs = true;
+ boot.consoleLogLevel = lib.mkDefault 1;
+ boot.kernelParams = [
+ "panic=1"
+ "boot.panic_on_fail"
+ "nomodeset"
+ ];
+
+ # This is vi country
+ programs.nano.enable = false;
+ programs.vim.enable = true;
+ programs.vim.defaultEditor = lib.mkDefault true;
+
+ # Logging
+ services.journald.storage = "volatile";
+}
diff --git a/modules/profiles/network.nix b/modules/profiles/network.nix
new file mode 100644
index 0000000..d090994
--- /dev/null
+++ b/modules/profiles/network.nix
@@ -0,0 +1,56 @@
+{ lib, ... }:
+{
+ # Use TCP BBR
+ boot.kernel.sysctl = {
+ "net.core.default_qdisc" = "fq";
+ "net.ipv4.tcp_congestion_control" = "bbr";
+ };
+
+ services.resolved.extraConfig = ''
+ DNSStubListener=no
+ '';
+
+ networking.firewall.enable = false;
+
+ networking.nftables.enable = lib.mkDefault true;
+
+ networking.useNetworkd = true;
+ systemd.network.wait-online.enable = true;
+
+ # Explicitly load networking modules
+ boot.kernelModules = [
+ "ip_tables"
+ "x_tables"
+ "nf_tables"
+ "nft_ct"
+ "nft_log"
+ "nf_log_syslog"
+ "nft_fib"
+ "nft_fib_inet"
+ "nft_compat"
+ "nft_nat"
+ "nft_chain_nat"
+ "nft_masq"
+ "nfnetlink"
+ "xt_conntrack"
+ "nf_conntrack"
+ "nf_log_syslog"
+ "nf_nat"
+ "af_packet"
+ "bridge"
+ "veth"
+ "tcp_bbr"
+ "sch_fq_codel"
+ "ipt_rpfilter"
+ "ip6t_rpfilter"
+ "sch_fq"
+ "tun"
+ "tap"
+ "xt_MASQUERADE"
+ "xt_mark"
+ "xt_comment"
+ "xt_multiport"
+ "xt_addrtype"
+ ];
+
+}
diff --git a/modules/profiles/server.nix b/modules/profiles/server.nix
new file mode 100644
index 0000000..7a828f3
--- /dev/null
+++ b/modules/profiles/server.nix
@@ -0,0 +1,43 @@
+{
+ modulesPath,
+ ...
+}:
+{
+
+ imports = [
+ (modulesPath + "/profiles/minimal.nix")
+ ./network.nix
+ ];
+
+ boot.kernel.sysctl = {
+ "net.ipv4.ip_unprivileged_port_start" = 0;
+ };
+
+ users.users."admin" = {
+ isNormalUser = true;
+ linger = true;
+ extraGroups = [ "wheel" ];
+ };
+
+ environment.etc = {
+ subuid = {
+ text = "admin:100000:65536";
+ mode = "0644";
+ };
+
+ subgid = {
+ text = "admin:100000:65536";
+ mode = "0644";
+ };
+ };
+
+ services.openssh.enable = true;
+ system.image.sshKeys.enable = true;
+ system.image.sshKeys.keys = [
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln1"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln2"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDx+7ZEJi7lUCAtoHRRIduJzH3hrpx4YS1f0ZxrJ+uW dln3"
+ ];
+
+ virtualisation.podman.enable = true;
+}
diff --git a/modules/sysext.nix b/modules/sysext.nix
deleted file mode 100644
index ce0e181..0000000
--- a/modules/sysext.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, pkgs, ... }:
-{
- system.activationScripts.sysext = ''
- mkdir -p /var/lib/confexts
- mkdir -p /var/lib/extensions
- mkdir -p /etc/systemd/extensions
- '';
-
- systemd.additionalUpstreamSystemUnits = [
- "systemd-confext.service"
- "systemd-sysext.service"
- ];
-
- systemd.services."systemd-confext" = {
- enable = true;
- wantedBy = [ "multi-user.target" ];
- };
-
- systemd.services."systemd-sysext.service" = {
- enable = true;
- wantedBy = [ "multi-user.target" ];
- };
-}
diff --git a/modules/system_overrides.nix b/modules/system_overrides.nix
deleted file mode 100644
index 1627d28..0000000
--- a/modules/system_overrides.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ lib, options, ... }: {
- # This fields is immutable by default, but can be overridden.
- options.system.nixos.codeName = lib.mkOption { readOnly = false; };
- options.system.nixos.release = lib.mkOption { readOnly = false; };
-}
diff --git a/modules/sysupdate.nix b/modules/sysupdate.nix
deleted file mode 100644
index 8d05b14..0000000
--- a/modules/sysupdate.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-{ config, pkgs, ... }:
-let
- gpgPubKeyStaging = ''
- -----BEGIN PGP PUBLIC KEY BLOCK-----
-
- mDMEZvb3mhYJKwYBBAHaRw8BAQdAvyH7AMLukMEF/1as7auAh757//LlO/kBG8pm
- zhOlTj20LFBhdGFnaWEgU3RhZ2luZyA8bm9yZXBseStzdGFnaW5nQHBhdGFnaWEu
- aW8+iJQEExYKADwWIQTjWE8tGxWc+3+vxyy1R4V5MjgMzAUCZvb3mgIbAwUJBaOa
- gAQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQtUeFeTI4DMwDWAEAlMAhSZh086Ux
- OfLBR1QYgHtXmk6tObJurWkZq6cGICwA/2fBOtZcLfAPRWYPLHAtsqtFrO6CIyQG
- H6n4Iv3D5ZsCuDgEZvb3mhIKKwYBBAGXVQEFAQEHQPKKcltfHlELIHf0AYcd0nOe
- GaWcAnoW4o3zLZUVNnlpAwEIB4h+BBgWCgAmFiEE41hPLRsVnPt/r8cstUeFeTI4
- DMwFAmb295oCGwwFCQWjmoAACgkQtUeFeTI4DMzuegEA62XIq4Ir+4DWdTql58bA
- +0Vr89dMQsAxwVzGGzl8D8wBAMuPY6/2SwbA7KwWuz8L/cTPQVLBt+TSdYeuCBps
- e5UE
- =m2st
- -----END PGP PUBLIC KEY BLOCK-----
- '';
- gpgKeyring = pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
- mkdir -p $out
- export GNUPGHOME=$out
- gpg --no-default-keyring --keyring=$out/import-pubring.gpg --fingerprint
- gpg --no-default-keyring --keyring=$out/import-pubring.gpg --import <<< '${gpgPubKeyStaging}'
- rm $out/S.scdaemon $out/S.gpg-agent $out/S.gpg-agent.*
- '';
-in
-{
- environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/import-pubring.gpg";
-
- systemd.sysupdate = {
- enable = true;
-
- transfers = {
- "10-uki" = {
- Source = {
- MatchPattern = [
- "${config.boot.uki.name}_@v.efi.xz"
- ];
-
- Path = "https://images.dl.patagia.dev/patos/";
- Type = "url-file";
- };
- Target = {
- InstancesMax = 2;
- MatchPattern = [
- "${config.boot.uki.name}_@v.efi"
- ];
-
- Mode = "0444";
- Path = "/EFI/Linux";
- PathRelativeTo = "boot";
-
- Type = "regular-file";
- };
- Transfer = {
- ProtectVersion = "%A";
- Verify = "no";
- };
- };
-
- "20-store" = {
- Source = {
- MatchPattern = [
- "${config.boot.uki.name}_@v.img.xz"
- ];
- Path = "https://images.dl.patagia.dev/patos/";
- Type = "url-file";
- };
-
- Target = {
- InstancesMax = 2;
-
- # This doesn't work, because / is a tmpfs and the heuristic is not that smart.
- #
- # Path = "auto";
- Path = "/dev/sda";
-
- MatchPattern = "${config.boot.uki.name}_@v";
-
- Type = "partition";
- ReadOnly = "yes";
- };
- Transfer = {
- Verify = "no";
- };
- };
-
- };
- };
-}
diff --git a/modules/utils.nix b/modules/utils.nix
deleted file mode 100644
index befd4bf..0000000
--- a/modules/utils.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-let
- script = pkgs.writeShellScriptBin "patos-upgrade.sh" ''
- systemd-sysupdate --verify=no
- systemd-sysupdate --verify=no update --reboot
- '';
-
- patos-install = pkgs.writeShellApplication {
- name = "patos-install";
- text = ''
- set -xeuo pipefail
- curl -s https://images.dl.patagia.dev/patos/patos_0.0.1.raw.zst |
- zstdcat |
- dd of=/dev/sdb status=progress bs=4M
- '';
- };
-in
-{
- environment.systemPackages = [
- # pkgs.ncdu
- patos-install
- script
- ];
-}
diff --git a/pkgs/composefs.nix b/pkgs/composefs.nix
new file mode 100644
index 0000000..91e8443
--- /dev/null
+++ b/pkgs/composefs.nix
@@ -0,0 +1,5 @@
+{ prev, ... }:
+
+prev.composefs.overrideAttrs (final: prev: {
+ doCheck = false;
+})
diff --git a/pkgs/linux-firmware.nix b/pkgs/linux-firmware.nix
new file mode 100644
index 0000000..8f03d8c
--- /dev/null
+++ b/pkgs/linux-firmware.nix
@@ -0,0 +1,12 @@
+{ stdenv, lib
+, linux-firmware
+, fwDirs
+}: stdenv.mkDerivation {
+ pname = "linux-firmware-minimal";
+ version = linux-firmware.version;
+ buildCommand = lib.concatStringsSep "\n" (
+ [''mkdir -p "$out/lib/firmware"'']
+ ++ (map (name: ''
+ cp -r "${linux-firmware}/lib/firmware/${name}" "$out/lib/firmware/${name}"
+ '') fwDirs));
+}
diff --git a/pkgs/openssh.nix b/pkgs/openssh.nix
new file mode 100644
index 0000000..91de381
--- /dev/null
+++ b/pkgs/openssh.nix
@@ -0,0 +1,7 @@
+{ prev, ... }:
+
+prev.openssh.overrideAttrs (final: prev: {
+ doCheck = false;
+ doInstallCheck = false;
+ dontCheck = true;
+})
diff --git a/pkgs/qemu.nix b/pkgs/qemu.nix
new file mode 100644
index 0000000..93e67dd
--- /dev/null
+++ b/pkgs/qemu.nix
@@ -0,0 +1,30 @@
+{ prev, pkgs, ... }:
+
+(prev.qemu_test.override {
+ enableDocs = false;
+ capstoneSupport = false;
+ guestAgentSupport = false;
+ tpmSupport = false;
+ libiscsiSupport = false;
+ usbredirSupport = false;
+ canokeySupport = false;
+ hostCpuTargets = [ "x86_64-softmmu" ];
+}).overrideDerivation (old: {
+ postFixup = ''
+ rm -r "$out/share/icons"
+ cp "${pkgs.OVMF.fd + "/FV/OVMF.fd"}" "$out/share/qemu/"
+ '';
+ configureFlags = old.configureFlags ++ [
+ "--disable-tcg"
+ "--disable-tcg-interpreter"
+ "--disable-docs"
+ "--disable-install-blobs"
+ "--disable-slirp"
+ "--disable-virtfs"
+ "--disable-virtfs-proxy-helper"
+ "--disable-vhost-user-blk-server"
+ "--without-default-features"
+ "--enable-kvm"
+ "--disable-tools"
+ ];
+})
diff --git a/pkgs/systemd-ukify.nix b/pkgs/systemd-ukify.nix
new file mode 100644
index 0000000..b8e9d55
--- /dev/null
+++ b/pkgs/systemd-ukify.nix
@@ -0,0 +1,48 @@
+{ prev, ... }:
+
+prev.systemd.override {
+ withAcl = false;
+ withAnalyze = false;
+ withApparmor = false;
+ withAudit = false;
+ withEfi = true;
+ withCompression = false;
+ withCoredump = false;
+ withCryptsetup = false;
+ withRepart = false;
+ withDocumentation = false;
+ withFido2 = false;
+ withFirstboot = false;
+ withHomed = false;
+ withHostnamed = false;
+ withHwdb = false;
+ withImportd = false;
+ withIptables = false;
+ withKmod = false;
+ withLibBPF = false;
+ withLibidn2 = false;
+ withLocaled = false;
+ withLogind = false;
+ withMachined = false;
+ withNetworkd = false;
+ withNss = false;
+ withOomd = false;
+ withPam = false;
+ withPasswordQuality = false;
+ withPCRE2 = false;
+ withPolkit = false;
+ withPortabled = false;
+ withQrencode = false;
+ withRemote = false;
+ withResolved = false;
+ withShellCompletions = false;
+ withSysusers = false;
+ withSysupdate = false;
+ withTimedated = false;
+ withTimesyncd = false;
+ withTpm2Tss = false;
+ withUkify = true;
+ withUserDb = false;
+ withUtmp = false;
+ withVmspawn = false;
+}
diff --git a/pkgs/systemd.nix b/pkgs/systemd.nix
new file mode 100644
index 0000000..2d52e9a
--- /dev/null
+++ b/pkgs/systemd.nix
@@ -0,0 +1,10 @@
+{ prev, ... }:
+
+prev.systemd.override {
+ withAcl = false;
+ withApparmor = false;
+ withDocumentation = false;
+ withRemote = false;
+ withShellCompletions = false;
+ withVmspawn = false;
+}
diff --git a/tests/common.nix b/tests/common.nix
new file mode 100644
index 0000000..23232be
--- /dev/null
+++ b/tests/common.nix
@@ -0,0 +1,154 @@
+{
+ self,
+ lib,
+ pkgs,
+ ...
+}:
+
+with import (pkgs.path + "/nixos/lib/testing-python.nix") {
+ inherit pkgs;
+ inherit (pkgs.hostPlatform) system;
+};
+
+let
+ qemu-common = import (pkgs.path + "/nixos/lib/qemu-common.nix") { inherit lib pkgs; };
+
+in
+rec {
+
+ makeSystem =
+ extraConfig:
+ (import (pkgs.path + "/nixos/lib/eval-config.nix")) {
+ inherit pkgs lib;
+ system = null;
+ modules = [
+ {
+ nixpkgs.hostPlatform = pkgs.hostPlatform;
+ }
+ {
+ users.allowNoPasswordLogin = true;
+ system.stateVersion = lib.versions.majorMinor lib.version;
+ system.image.id = lib.mkDefault "test";
+ system.image.version = lib.mkDefault "1";
+ networking.hosts."10.0.2.1" = [ "server.test" ];
+ }
+ {
+ boot.kernelParams = [
+ "console=ttyS0,115200n8"
+ "systemd.journald.forward_to_console=1"
+ ];
+ image.compress = false;
+ boot.initrd.compressor = lib.mkForce "zstd";
+ boot.initrd.compressorArgs = lib.mkForce [ "-8" ];
+ }
+ (pkgs.path + "/nixos/modules/testing/test-instrumentation.nix")
+ self.nixosModules.server
+ self.nixosModules.image
+ extraConfig
+ ];
+ };
+
+ makeImage =
+ extraConfig:
+ let
+ system = makeSystem extraConfig;
+ in
+ "${system.config.system.build.image}/${system.config.system.build.image.imageFile}";
+
+ makeUpdatePackage =
+ extraConfig:
+ let
+ system = makeSystem extraConfig;
+ in
+ "${system.config.system.build.updatePackage}";
+
+ makeImageTest =
+ {
+ name,
+ image,
+ script,
+ httpRoot ? null,
+ }:
+ let
+ qemu = qemu-common.qemuBinary pkgs.qemu_test;
+ flags = [
+ "-m"
+ "512M"
+ "-drive"
+ "if=pflash,format=raw,unit=0,readonly=on,file=${pkgs.OVMF.firmware}"
+ "-drive"
+ "if=pflash,format=raw,unit=1,readonly=on,file=${pkgs.OVMF.variables}"
+ "-drive"
+ "if=virtio,file=${mutableImage}"
+ "-chardev"
+ "socket,id=chrtpm,path=${tpmFolder}/swtpm-sock"
+ "-tpmdev"
+ "emulator,id=tpm0,chardev=chrtpm"
+ "-device"
+ "tpm-tis,tpmdev=tpm0"
+ "-netdev"
+ (
+ "'user,id=net0"
+ + (lib.optionalString (
+ httpRoot != null
+ ) ",guestfwd=tcp:10.0.2.1:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${httpRoot}")
+ + "'"
+ )
+ "-device"
+ "virtio-net-pci,netdev=net0"
+ ];
+ flagsStr = lib.concatStringsSep " " flags;
+ startCommand = "${qemu} ${flagsStr}";
+ mutableImage = "/tmp/linked-image.qcow2";
+ tpmFolder = "/tmp/emulated_tpm";
+ indentLines = str: lib.concatLines (map (s: " " + s) (lib.splitString "\n" str));
+ in
+ makeTest {
+ inherit name;
+ nodes = { };
+ testScript =
+ ''
+ import os
+ import subprocess
+
+ subprocess.check_call(
+ [
+ "qemu-img",
+ "create",
+ "-f",
+ "qcow2",
+ "-F",
+ "raw",
+ "-b",
+ "${image}",
+ "${mutableImage}",
+ ]
+ )
+ subprocess.check_call(["qemu-img", "resize", "${mutableImage}", "4G"])
+
+ os.mkdir("${tpmFolder}")
+ os.mkdir("${tpmFolder}/swtpm")
+
+ def start_tpm():
+ subprocess.Popen(
+ [
+ "${pkgs.swtpm}/bin/swtpm",
+ "socket",
+ "--tpmstate", "dir=${tpmFolder}/swtpm",
+ "--ctrl", "type=unixio,path=${tpmFolder}/swtpm-sock",
+ "--tpm2"
+ ]
+ )
+
+ machine = create_machine("${startCommand}")
+
+ try:
+ ''
+ + indentLines script
+ + ''
+ finally:
+ machine.shutdown()
+ '';
+ };
+
+}
diff --git a/tests/lib.nix b/tests/lib.nix
new file mode 100644
index 0000000..4b905fa
--- /dev/null
+++ b/tests/lib.nix
@@ -0,0 +1,9 @@
+test:
+{ pkgs, self }:
+ let nixos-lib = import (pkgs.path + "/nixos/lib") {};
+in (nixos-lib.runTest {
+ hostPkgs = pkgs;
+ defaults.documentation.enable = false;
+ node.specialArgs = { inherit self; };
+ imports = [ test ];
+}).config.result
diff --git a/tests/podman.nix b/tests/podman.nix
new file mode 100644
index 0000000..0a3747f
--- /dev/null
+++ b/tests/podman.nix
@@ -0,0 +1,22 @@
+{ pkgs, self }: let
+
+ lib = pkgs.lib;
+ test-common = import ./common.nix { inherit self lib pkgs; };
+
+ image = test-common.makeImage { };
+
+in test-common.makeImageTest {
+ name = "podman";
+ inherit image;
+ script = ''
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+ machine.wait_for_unit("network-online.target")
+
+ machine.succeed("tar cv --files-from /dev/null | su admin -l -c 'podman import - scratchimg'")
+
+ machine.succeed("su admin -l -c 'podman run --rm -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg true'")
+ '';
+}
diff --git a/tests/ssh-preseed.nix b/tests/ssh-preseed.nix
new file mode 100644
index 0000000..b67681c
--- /dev/null
+++ b/tests/ssh-preseed.nix
@@ -0,0 +1,37 @@
+{ pkgs, self }:
+let
+ lib = pkgs.lib;
+ test-common = import ./common.nix { inherit self lib pkgs; };
+ sshKeys = import (pkgs.path + "/nixos/tests/ssh-keys.nix") pkgs;
+
+ image = test-common.makeImage {
+ system.image.sshKeys.keys = [ sshKeys.snakeOilPublicKey ];
+ system.extraDependencies = [ sshKeys.snakeOilPrivateKey ];
+ };
+
+in
+test-common.makeImageTest {
+ name = "ssh-preseed";
+ inherit image;
+ script = ''
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+
+ machine.succeed("[ -e /efi/default-ssh-authorized-keys.txt ]")
+ machine.succeed("[ -e /home/admin/.ssh/authorized_keys ]")
+
+ machine.wait_for_open_port(22)
+
+ machine.succeed(
+ "cat ${sshKeys.snakeOilPrivateKey} > privkey.snakeoil"
+ )
+ machine.succeed("chmod 600 privkey.snakeoil")
+
+ machine.succeed(
+ "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil admin@127.0.0.1 true",
+ timeout=30
+ )
+ '';
+}
diff --git a/tests/system-update.nix b/tests/system-update.nix
new file mode 100644
index 0000000..26f793e
--- /dev/null
+++ b/tests/system-update.nix
@@ -0,0 +1,45 @@
+{ pkgs, self }: let
+
+ lib = pkgs.lib;
+ test-common = import ./common.nix { inherit self lib pkgs; };
+
+ initialImage = test-common.makeImage {
+ system.image.version = "1";
+ system.image.updates.url = "http://server.test/";
+ # The default root-b is too small for uncompressed test images
+ systemd.repart.partitions."32-root-b" = {
+ SizeMinBytes = lib.mkForce "1G";
+ SizeMaxBytes = lib.mkForce "1G";
+ };
+ };
+
+ updatePackage = test-common.makeUpdatePackage {
+ system.image.version = "2";
+ system.image.updates.url = "http://server.test/";
+ };
+
+in test-common.makeImageTest {
+ name = "system-update";
+ image = initialImage;
+ httpRoot = updatePackage;
+ script = ''
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+ machine.wait_for_unit("network-online.target")
+
+ machine.succeed("/run/current-system/sw/lib/systemd/systemd-sysupdate update")
+
+ machine.shutdown()
+
+ start_tpm()
+ machine.start()
+
+ machine.wait_for_unit("multi-user.target")
+
+ machine.succeed('. /etc/os-release; [ "$IMAGE_VERSION" == "2" ]')
+
+ machine.wait_for_unit("systemd-bless-boot.service")
+ '';
+}
diff --git a/utils/qemu-uefi-tpm.nix b/utils/qemu-uefi-tpm.nix
new file mode 100644
index 0000000..7cc36c7
--- /dev/null
+++ b/utils/qemu-uefi-tpm.nix
@@ -0,0 +1,49 @@
+{
+ config,
+ pkgs,
+ ...
+}:
+pkgs.writeShellApplication {
+ name = "qemu-uefi-tpm";
+
+ runtimeInputs = with pkgs; [
+ qemu
+ swtpm
+ ];
+
+ text =
+ let
+ tpmOVMF = pkgs.OVMF.override { tpmSupport = true; };
+ in
+ ''
+ set -ex
+ state="/tmp/patos-qemu-$USER"
+ rm -rf "$state"
+ mkdir -m 700 "$state"
+ qemu-img create -f qcow2 -F raw -b "$(readlink -e "$1")" "$state/disk.qcow2" 10G
+
+ swtpm socket -d --tpmstate dir="$state" \
+ --ctrl type=unixio,path="$state/swtpm-sock" \
+ --tpm2 \
+ --log level=20
+
+ qemu-system-x86_64 \
+ -enable-kvm \
+ -machine q35,accel=kvm \
+ -cpu host \
+ -smp 8 \
+ -m 4G \
+ -display none \
+ -chardev "stdio,id=char0,mux=on,logfile=$state/console.log,signal=off" \
+ -serial chardev:char0 \
+ -mon chardev=char0 \
+ -drive "if=pflash,format=raw,unit=0,readonly=on,file=${tpmOVMF.firmware}" \
+ -drive "if=pflash,format=raw,unit=1,readonly=on,file=${tpmOVMF.variables}" \
+ -chardev socket,id=chrtpm,path="$state/swtpm-sock" \
+ -tpmdev emulator,id=tpm0,chardev=chrtpm \
+ -device tpm-tis,tpmdev=tpm0 \
+ -netdev id=net00,type=user,hostfwd=tcp::2222-:22 \
+ -device virtio-net-pci,netdev=net00 \
+ -drive "format=qcow2,file=$state/disk.qcow2"
+ '';
+}