nixos-conf/custom/modules/default.nix

{
  pkgs,
  lib,
  kernel-src,
  ...
}:
{
  boot = {
    kernelPackages = pkgs.linuxPackagesFor (
      pkgs.callPackage ./kernel.nix {
        inherit lib kernel-src;
        structuredExtraConfig = { };
        kernelPatches = [ ];
        extraConfig = "";
        features = { };
        randstructSeed = null;
      }
    );
    kernelPatches = [
      {
        name = "cpu";
        structuredExtraConfig = (
          with lib.kernel;
          {
            PROCESSOR_SELECT = yes;
            #
            CPU_SUP_INTEL = no;
            CPU_SUP_HYGON = no;
            CPU_SUP_CENTAUR = no;
            CPU_SUP_ZHAOXIN = no;
            #
            X86_MCE_INTEL = no;
          }
        );
      }
      {
        name = "gpu";
        structuredExtraConfig = (
          with lib.kernel;
          {
            DRM_AMDGPU = no;
            DRM_KOMEDA = no;
            DRM_NOUVEAU = no;
            DRM_RADEON = no;
            #
            FB_NVIDIA = no;
            FB_RADEON = no;
          }
        );
      }
      {
        name = "go crazy, go stupid";
        structuredExtraConfig = (
          with lib.kernel;
          {
            # CPU_MITIGATIONS = no;
            #
            # unaffected by
            MITIGATION_PAGE_TABLE_ISOLATION = no;
            MITIGATION_GDS = no;
            MITIGATION_RFDS = no;
            MITIGATION_MDS = no;
            MITIGATION_TAA = no;
            MITIGATION_MMIO_STALE_DATA = no;
            MITIGATION_L1TF = no;
            MITIGATION_SRBDS = no;
            MITIGATION_ITS = no;
            MITIGATION_SPECTRE_BHI = no;
            MITIGATION_IBRS_ENTRY = no;
            MITIGATION_CALL_DEPTH_TRACKING = no;
          }
        );
      }
      {
        name = "audio";
        structuredExtraConfig = (
          with lib.kernel;
          {
            SND_SEQ_DEVICE = no;
            SND_SEQUENCER = no;
            SND_SEQ_DUMMY = no;
            SND_HRTIMER = no;
          }
        );
      }
      {
        name = "network and wireless";
        structuredExtraConfig = (
          with lib.kernel;
          {
            BT = no;
            HAMRADIO = lib.mkForce no;
          }
        );
      }
      {
        name = "input";
        structuredExtraConfig = (
          with lib.kernel;
          {
            MOUSE_APPLETOUCH = no;
            INPUT_TOUCHSCREEN = no;
          }
        );
      }
      {
        name = "garbo";
        structuredExtraConfig = (
          with lib.kernel;
          {
            IIO = no;
            #
            GNSS = no;
            #
            GOOGLE_FIRMWARE = lib.mkForce no;
            #
            TRACING = no;
            FUNCTION_GRAPH_TRACER = no;
            DYNAMIC_FTRACE = no;
            #
            FTRACE = lib.mkForce no;
            FUNCTION_PROFILER = lib.mkForce no;
            FUNCTION_TRACER = lib.mkForce no;
            SCHED_TRACER = lib.mkForce no;
            STACK_TRACER = lib.mkForce no;
          }
        );
      }
    ];
  };
}