feat: add boot.kernel.sysctl and boot.kernelModules

yuxqiu · yuxqiu · commit 86089ea262fa · 2026-03-06T21:26:59.000+08:00
diff --git a/nix/modules/upstream/nixpkgs/default.nix b/nix/modules/upstream/nixpkgs/default.nix
@@ -1,8 +1,24 @@
 {
   nixosModulesPath,
   lib,
+  pkgs,
+  config,
   ...
 }:
+let
+  modulesTypeDesc = ''
+    This can either be a list of modules, or an attrset. In an
+    attrset, names that are set to `true` represent modules that will
+    be included. Note that setting these names to `false` does not
+    prevent the module from being loaded.
+  '';
+  kernelModulesConf = pkgs.writeText "nixos.conf" ''
+    ${lib.concatStringsSep "\n" config.boot.kernelModules}
+  '';
+  attrNamesToTrue = lib.types.coercedTo (lib.types.listOf lib.types.str) (
+    enabledList: lib.genAttrs enabledList (_attrName: true)
+  ) (lib.types.attrsOf lib.types.bool);
+in
 {
   imports = [
     ./firewall.nix
@@ -20,6 +36,7 @@
       "/misc/ids.nix"
       "/security/acme/"
       "/services/web-servers/nginx/"
+      "/config/sysctl.nix"
       # nix settings
       "/config/nix.nix"
       "/services/system/userborn.nix"
@@ -29,11 +46,27 @@
   options =
     # We need to ignore a bunch of options that are used in NixOS modules but
     # that don't apply to system-manager configs.
-    # TODO: can we print an informational message for things like kernel modules
-    # to inform users that they need to be enabled in the host system?
     {
-      boot = lib.mkOption {
-        type = lib.types.raw;
+      boot = {
+        kernelModules = lib.mkOption {
+          type = attrNamesToTrue;
+          default = { };
+          description = ''
+            The set of kernel modules to be loaded in the second stage of
+            the boot process.
+
+            ${modulesTypeDesc}
+          '';
+          apply = mods: lib.attrNames (lib.filterAttrs (_: v: v) mods);
+        };
+
+        kernelPackages = lib.mkOption {
+          type = lib.types.raw;
+          default = {
+            kernel.version = "stub";
+          };
+          description = "Stub kernel packages for compatibility; not actively used in system-manager.";
+        };
       };
 
       # nixos/modules/services/system/userborn.nix still depends on activation scripts
@@ -64,4 +97,17 @@
         };
       };
     };
+
+  config = {
+    # Create /etc/modules-load.d/system-manager.conf, which is read by
+    # systemd-modules-load.service to load required kernel modules.
+    environment.etc = lib.mkIf (config.boot.kernelModules != { }) {
+      "modules-load.d/system-manager.conf".source = kernelModulesConf;
+    };
+
+    # config/sysctl.nix assumes it can freely configure systemd-sysctl.service.
+    # However, in our case, the service is managed by the host system,
+    # so we default to enable = false; to avoid unintended interference.
+    systemd.services.systemd-sysctl.enable = lib.mkDefault false;
+  };
 }
