0ebe75b2ca
Complete infrastructure platform CLI: - Container runtime (systemd-nspawn) - VoltVisor VMs (Neutron Stardust / QEMU) - Stellarium CAS (content-addressed storage) - ORAS Registry - GitOps integration - Landlock LSM security - Compose orchestration - Mesh networking Copyright (c) Armored Gates LLC. All rights reserved. Licensed under AGPSL v5.0
137 lines
2.3 KiB
Plaintext
137 lines
2.3 KiB
Plaintext
# Volt Kernel: Server Profile
|
|
# Optimized for: Headless workloads, maximum density
|
|
# Size target: ~30MB
|
|
# Boot target: <200ms
|
|
|
|
#
|
|
# General Setup
|
|
#
|
|
CONFIG_LOCALVERSION="-volt-server"
|
|
CONFIG_DEFAULT_HOSTNAME="volt"
|
|
CONFIG_SYSVIPC=y
|
|
CONFIG_POSIX_MQUEUE=y
|
|
CONFIG_USELIB=n
|
|
CONFIG_AUDIT=y
|
|
|
|
#
|
|
# Preemption Model: None (server workload)
|
|
#
|
|
CONFIG_PREEMPT_NONE=y
|
|
# CONFIG_PREEMPT_VOLUNTARY is not set
|
|
# CONFIG_PREEMPT is not set
|
|
|
|
#
|
|
# Timer Frequency: Low (reduce overhead)
|
|
#
|
|
CONFIG_HZ_100=y
|
|
CONFIG_NO_HZ_IDLE=y
|
|
CONFIG_NO_HZ_FULL=y
|
|
|
|
#
|
|
# Processor Features
|
|
#
|
|
CONFIG_SMP=y
|
|
CONFIG_NR_CPUS=256
|
|
CONFIG_SCHED_SMT=y
|
|
CONFIG_NUMA=y
|
|
|
|
#
|
|
# Memory Management
|
|
#
|
|
CONFIG_TRANSPARENT_HUGEPAGE=y
|
|
CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
|
|
CONFIG_ZSWAP=y
|
|
CONFIG_ZSMALLOC=y
|
|
CONFIG_MEMORY_HOTPLUG=y
|
|
|
|
#
|
|
# Networking (Minimal Server)
|
|
#
|
|
CONFIG_NET=y
|
|
CONFIG_PACKET=y
|
|
CONFIG_UNIX=y
|
|
CONFIG_INET=y
|
|
CONFIG_IP_MULTICAST=y
|
|
CONFIG_IP_ADVANCED_ROUTER=y
|
|
CONFIG_IP_MULTIPLE_TABLES=y
|
|
CONFIG_IP_ROUTE_MULTIPATH=y
|
|
CONFIG_IPV6=y
|
|
CONFIG_NETFILTER=y
|
|
CONFIG_NF_CONNTRACK=y
|
|
CONFIG_NETFILTER_XTABLES=y
|
|
CONFIG_BRIDGE=y
|
|
CONFIG_VLAN_8021Q=y
|
|
CONFIG_VETH=y
|
|
CONFIG_TUN=y
|
|
|
|
#
|
|
# Security
|
|
#
|
|
CONFIG_SECURITY=y
|
|
CONFIG_SECURITY_NETWORK=y
|
|
CONFIG_SECURITY_LANDLOCK=y
|
|
CONFIG_SECCOMP=y
|
|
CONFIG_SECCOMP_FILTER=y
|
|
CONFIG_SECURITY_YAMA=y
|
|
CONFIG_HARDENED_USERCOPY=y
|
|
CONFIG_FORTIFY_SOURCE=y
|
|
CONFIG_STACKPROTECTOR_STRONG=y
|
|
CONFIG_RANDOMIZE_BASE=y
|
|
CONFIG_RANDOMIZE_MEMORY=y
|
|
|
|
#
|
|
# Cgroups v2
|
|
#
|
|
CONFIG_CGROUPS=y
|
|
CONFIG_CGROUP_SCHED=y
|
|
CONFIG_CGROUP_PIDS=y
|
|
CONFIG_CGROUP_CPUACCT=y
|
|
CONFIG_MEMCG=y
|
|
CONFIG_BLK_CGROUP=y
|
|
CONFIG_CGROUP_DEVICE=y
|
|
CONFIG_CGROUP_FREEZER=y
|
|
|
|
#
|
|
# Namespaces
|
|
#
|
|
CONFIG_NAMESPACES=y
|
|
CONFIG_UTS_NS=y
|
|
CONFIG_IPC_NS=y
|
|
CONFIG_USER_NS=y
|
|
CONFIG_PID_NS=y
|
|
CONFIG_NET_NS=y
|
|
|
|
#
|
|
# File Systems (Minimal)
|
|
#
|
|
CONFIG_EXT4_FS=y
|
|
CONFIG_XFS_FS=y
|
|
CONFIG_BTRFS_FS=y
|
|
CONFIG_OVERLAY_FS=y
|
|
CONFIG_FUSE_FS=y
|
|
CONFIG_PROC_FS=y
|
|
CONFIG_SYSFS=y
|
|
CONFIG_TMPFS=y
|
|
CONFIG_DEVTMPFS=y
|
|
CONFIG_DEVTMPFS_MOUNT=y
|
|
|
|
#
|
|
# DISABLED: Not needed for servers
|
|
#
|
|
# CONFIG_DRM is not set
|
|
# CONFIG_SOUND is not set
|
|
# CONFIG_USB is not set
|
|
# CONFIG_BLUETOOTH is not set
|
|
# CONFIG_WIRELESS is not set
|
|
# CONFIG_INPUT_JOYSTICK is not set
|
|
# CONFIG_INPUT_TABLET is not set
|
|
# CONFIG_INPUT_TOUCHSCREEN is not set
|
|
|
|
#
|
|
# Compression/Size Optimization
|
|
#
|
|
CONFIG_KERNEL_GZIP=y
|
|
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
|
|
# CONFIG_DEBUG_INFO is not set
|
|
# CONFIG_KALLSYMS_ALL is not set
|