summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fragments/base/common54
-rw-r--r--fragments/base/crypto4
-rw-r--r--fragments/base/modules2
-rw-r--r--fragments/base/net40
-rw-r--r--fragments/base/security14
-rw-r--r--fragments/boot/efi5
-rw-r--r--fragments/boot/initrd1
-rw-r--r--fragments/cpu/amd13
-rw-r--r--fragments/cpu/intel7
-rw-r--r--fragments/devices/input/xpad3
-rw-r--r--fragments/devices/net/r81691
-rw-r--r--fragments/devices/net/tigon31
-rw-r--r--fragments/devices/usb/bluetooth1
-rw-r--r--fragments/devices/usb/sound1
-rw-r--r--fragments/drivers/i2c2
-rw-r--r--fragments/drivers/pci2
-rw-r--r--fragments/drivers/raid7
-rw-r--r--fragments/drivers/sata7
-rw-r--r--fragments/drivers/sound7
-rw-r--r--fragments/drivers/usb11
-rw-r--r--fragments/fs/cifs4
-rw-r--r--fragments/fs/devtmpfs2
-rw-r--r--fragments/fs/ext44
-rw-r--r--fragments/fs/foreign9
-rw-r--r--fragments/fs/fuse1
-rw-r--r--fragments/fs/tmpfs2
-rw-r--r--fragments/hosts/coleridge1
-rw-r--r--fragments/hosts/nabokov3
-rw-r--r--fragments/net/bluetooth3
-rw-r--r--fragments/net/nftables67
-rw-r--r--fragments/profile/desktop7
-rw-r--r--fragments/profile/server5
-rw-r--r--fragments/profile/vm9
-rw-r--r--fragments/security/audit4
-rw-r--r--fragments/security/cgroups7
-rw-r--r--fragments/security/namespaces5
-rwxr-xr-xmerge.sh23
-rw-r--r--templates/base16
-rw-r--r--templates/coleridge8
-rw-r--r--templates/demeter6
-rw-r--r--templates/nabokov11
41 files changed, 380 insertions, 0 deletions
diff --git a/fragments/base/common b/fragments/base/common
new file mode 100644
index 0000000..1a26566
--- /dev/null
+++ b/fragments/base/common
@@ -0,0 +1,54 @@
+CONFIG_SMP=y
+
+CONFIG_SYSVIPC=y
+CONFIG_POSIX_MQUEUE=y
+
+CONFIG_NO_HZ_IDLE=y
+CONFIG_HIGH_RES_TIMERS=y
+
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+
+CONFIG_SCHED_AUTOGROUP=y
+
+# We only really care about standard PC systems
+# CONFIG_X86_EXTENDED_PLATFORM is not set
+
+CONFIG_NUMA=y
+
+# The following can be disabled since it is a legacy option,
+# the kernel will use X86_64_ACPI_NUMA instead
+# CONFIG_AMD_NUMA is not set
+
+CONFIG_PARTITION_ADVANCED=y
+
+# The kernel cites 65536 as a "reasonable" value here.
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
+
+# We want to support transparent hugepages, though want applications
+# to ask for them specifically with madvise
+CONFIG_TRANSPARENT_HUGEPAGE=y
+CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y
+
+CONFIG_MD=y
+CONFIG_BLK_DEV_DM=y
+CONFIG_BLK_DEV_LOOP=y
+
+# CONFIG_LEGACY_PTYS is not set
+
+CONFIG_HPET=y
+
+CONFIG_HIDRAW=y
+
+CONFIG_EDAC=y
+CONFIG_EDAC_SBRIDGE=y
+# CONFIG_EDAC_LEGACY_SYSFS is not set
+
+CONFIG_RTC_CLASS=y
+
+# CONFIG_UNUSED_SYMBOLS is not set
+
+# https://lwn.net/Articles/681763/
+CONFIG_BLK_WBT=y
+CONFIG_BLK_WBT_SQ=y
+CONFIG_BLK_WBT_MQ=y
diff --git a/fragments/base/crypto b/fragments/base/crypto
new file mode 100644
index 0000000..0f63cdd
--- /dev/null
+++ b/fragments/base/crypto
@@ -0,0 +1,4 @@
+CONFIG_DM_CRYPT=y
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
diff --git a/fragments/base/modules b/fragments/base/modules
new file mode 100644
index 0000000..a3f5b21
--- /dev/null
+++ b/fragments/base/modules
@@ -0,0 +1,2 @@
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
diff --git a/fragments/base/net b/fragments/base/net
new file mode 100644
index 0000000..b0aefe2
--- /dev/null
+++ b/fragments/base/net
@@ -0,0 +1,40 @@
+CONFIG_NET=y
+
+# "Foo over UDP" is needed for any application that wants to tunnel
+# traffic over UDP, like wireguard et al
+CONFIG_NET_FOU=y
+
+CONFIG_RFKILL=y
+
+CONFIG_NETDEVICES=y
+CONFIG_TUN=m
+CONFIG_VETH=m
+
+CONFIG_VLAN_8021Q=y
+CONFIG_BRIDGE=y
+
+CONFIG_PACKET=y
+CONFIG_PACKET_DIAG=y
+CONFIG_NETLINK_DIAG=y
+CONFIG_UNIX=y
+CONFIG_UNIX_DIAG=y
+CONFIG_INET=y
+CONFIG_XFRM_USER=y
+CONFIG_IP_ADVANCED_ROUTER=y
+CONFIG_IP_MULTIPLE_TABLES=y
+CONFIG_IP_ROUTE_VERBOSE=y
+CONFIG_SYN_COOKIES=y
+CONFIG_INET_UDP_DIAG=y
+CONFIG_INET_RAW_DIAG=y
+
+# The following options enable support for IPsec and are enabled by default.
+# We think wireguard is the superior solution, and hence disable them.
+# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
+# CONFIG_INET_XFRM_MODE_TUNNEL is not set
+# CONFIG_INET_XFRM_MODE_BEET is not set
+# CONFIG_INET6_XFRM_MODE_TRANSPORT is not set
+# CONFIG_INET6_XFRM_MODE_TUNNEL is not set
+# CONFIG_INET6_XFRM_MODE_BEET is not set
+
+# We do not need IPv6-in-IPv4
+# CONFIG_IPV6_SIT is not set
diff --git a/fragments/base/security b/fragments/base/security
new file mode 100644
index 0000000..5d8b95c
--- /dev/null
+++ b/fragments/base/security
@@ -0,0 +1,14 @@
+CONFIG_REFCOUNT_FULL=y
+CONFIG_GCC_PLUGINS=y
+CONFIG_GCC_PLUGIN_STRUCTLEAK=y
+CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
+
+# CONFIG_COMPAT_BRK is not set
+# CONFIG_SLAB_MERGE_DEFAULT is not set
+CONFIG_SLAB_FREELIST_RANDOM=y
+CONFIG_SLAB_FREELIST_HARDENED=y
+
+CONFIG_HARDENED_USERCOPY=y
+CONFIG_FORTIFY_SOURCE=y
+
+CONFIG_IO_STRICT_DEVMEM=y
diff --git a/fragments/boot/efi b/fragments/boot/efi
new file mode 100644
index 0000000..c3dd195
--- /dev/null
+++ b/fragments/boot/efi
@@ -0,0 +1,5 @@
+CONFIG_EFI=y
+CONFIG_EFI_STUB=y
+CONFIG_EFI_VARS=y
+CONFIG_RESET_ATTACK_MITIGATION=y
+CONFIG_EFIVAR_FS=y
diff --git a/fragments/boot/initrd b/fragments/boot/initrd
new file mode 100644
index 0000000..f97f7a0
--- /dev/null
+++ b/fragments/boot/initrd
@@ -0,0 +1 @@
+CONFIG_BLK_DEV_INITRD=y
diff --git a/fragments/cpu/amd b/fragments/cpu/amd
new file mode 100644
index 0000000..f0dfd33
--- /dev/null
+++ b/fragments/cpu/amd
@@ -0,0 +1,13 @@
+CONFIG_GENERIC_CPU=y
+CONFIG_X86_ACPI_CPUFREQ=y
+CONFIG_X86_AMD_PLATFORM_DEVICE=y
+CONFIG_PERF_EVENTS_AMD_POWER=y
+CONFIG_MICROCODE_AMD=y
+
+CONFIG_SENSORS_K10TEMP=y
+CONFIG_SENSORS_FAM15H_POWER=y
+
+CONFIG_EDAC_AMD64=y
+
+CONFIG_AMD_IOMMU=y
+CONFIG_AMD_IOMMU_V2=y
diff --git a/fragments/cpu/intel b/fragments/cpu/intel
new file mode 100644
index 0000000..c64743e
--- /dev/null
+++ b/fragments/cpu/intel
@@ -0,0 +1,7 @@
+CONFIG_INTEL_IDLE=y
+CONFIG_INTEL_IOMMU=y
+CONFIG_MCORE2=y
+
+CONFIG_X86_INTEL_TSX_MODE_ON=y
+
+CONFIG_SENSORS_CORETEMP=y
diff --git a/fragments/devices/input/xpad b/fragments/devices/input/xpad
new file mode 100644
index 0000000..38ed99f
--- /dev/null
+++ b/fragments/devices/input/xpad
@@ -0,0 +1,3 @@
+CONFIG_INPUT_JOYSTICK=y
+CONFIG_JOYSTICK_XPAD=m
+CONFIG_JOYSTICK_XPAD_FF=y
diff --git a/fragments/devices/net/r8169 b/fragments/devices/net/r8169
new file mode 100644
index 0000000..811d42a
--- /dev/null
+++ b/fragments/devices/net/r8169
@@ -0,0 +1 @@
+CONFIG_R8169=y
diff --git a/fragments/devices/net/tigon3 b/fragments/devices/net/tigon3
new file mode 100644
index 0000000..7659e32
--- /dev/null
+++ b/fragments/devices/net/tigon3
@@ -0,0 +1 @@
+CONFIG_TIGON3=y
diff --git a/fragments/devices/usb/bluetooth b/fragments/devices/usb/bluetooth
new file mode 100644
index 0000000..87df533
--- /dev/null
+++ b/fragments/devices/usb/bluetooth
@@ -0,0 +1 @@
+CONFIG_BT_HCIBTUSB=m
diff --git a/fragments/devices/usb/sound b/fragments/devices/usb/sound
new file mode 100644
index 0000000..fdd348d
--- /dev/null
+++ b/fragments/devices/usb/sound
@@ -0,0 +1 @@
+CONFIG_SND_USB_AUDIO=y
diff --git a/fragments/drivers/i2c b/fragments/drivers/i2c
new file mode 100644
index 0000000..5fd23e6
--- /dev/null
+++ b/fragments/drivers/i2c
@@ -0,0 +1,2 @@
+CONFIG_I2C=y
+CONFIG_I2C_CHARDEV=y
diff --git a/fragments/drivers/pci b/fragments/drivers/pci
new file mode 100644
index 0000000..56b5a87
--- /dev/null
+++ b/fragments/drivers/pci
@@ -0,0 +1,2 @@
+CONFIG_PCIEPORTBUS=y
+CONFIG_PCI_MSI=y
diff --git a/fragments/drivers/raid b/fragments/drivers/raid
new file mode 100644
index 0000000..2ebb46d
--- /dev/null
+++ b/fragments/drivers/raid
@@ -0,0 +1,7 @@
+CONFIG_BLK_DEV_MD=y
+CONFIG_MD_AUTODETECT=y
+CONFIG_MD_LINEAR=y
+CONFIG_MD_RAID0=y
+CONFIG_MD_RAID1=y
+CONFIG_MD_RAID10=y
+CONFIG_MD_RAID456=y
diff --git a/fragments/drivers/sata b/fragments/drivers/sata
new file mode 100644
index 0000000..bd4fc1d
--- /dev/null
+++ b/fragments/drivers/sata
@@ -0,0 +1,7 @@
+CONFIG_ATA=y
+# CONFIG_ATA_SFF is not set
+CONFIG_BLK_DEV_SD=y
+CONFIG_BLK_DEV_SR=y
+CONFIG_CHR_DEV_SG=y
+CONFIG_SATA_AHCI=y
+CONFIG_SCSI_CONSTANTS=y
diff --git a/fragments/drivers/sound b/fragments/drivers/sound
new file mode 100644
index 0000000..9ea12a5
--- /dev/null
+++ b/fragments/drivers/sound
@@ -0,0 +1,7 @@
+CONFIG_SOUND=y
+CONFIG_SND=y
+CONFIG_SND_HRTIMER=y
+# CONFIG_SND_SUPPORT_OLD_API is not set
+
+# pulseaudio recommends the following
+CONFIG_SND_HDA_PREALLOC_SIZE=2048
diff --git a/fragments/drivers/usb b/fragments/drivers/usb
new file mode 100644
index 0000000..764451d
--- /dev/null
+++ b/fragments/drivers/usb
@@ -0,0 +1,11 @@
+CONFIG_USB=y
+CONFIG_USB_HID=y
+CONFIG_USB_HIDDEV=y
+CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
+CONFIG_USB_MON=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_USB_EHCI_ROOT_HUB_TT=y
+CONFIG_USB_OHCI_HCD=y
+CONFIG_USB_UHCI_HCD=y
+CONFIG_USB_STORAGE=y
diff --git a/fragments/fs/cifs b/fragments/fs/cifs
new file mode 100644
index 0000000..2512c7c
--- /dev/null
+++ b/fragments/fs/cifs
@@ -0,0 +1,4 @@
+CONFIG_CIFS=y
+CONFIG_CIFS_XATTR=y
+CONFIG_CIFS_POSIX=y
+CONFIG_CIFS_ACL=y
diff --git a/fragments/fs/devtmpfs b/fragments/fs/devtmpfs
new file mode 100644
index 0000000..5e9cf98
--- /dev/null
+++ b/fragments/fs/devtmpfs
@@ -0,0 +1,2 @@
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
diff --git a/fragments/fs/ext4 b/fragments/fs/ext4
new file mode 100644
index 0000000..c229a59
--- /dev/null
+++ b/fragments/fs/ext4
@@ -0,0 +1,4 @@
+CONFIG_EXT4_FS=y
+CONFIG_EXT4_FS_POSIX_ACL=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_EXT4_ENCRYPTION=y
diff --git a/fragments/fs/foreign b/fragments/fs/foreign
new file mode 100644
index 0000000..6efa183
--- /dev/null
+++ b/fragments/fs/foreign
@@ -0,0 +1,9 @@
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+CONFIG_ZISOFS=y
+CONFIG_UDF_FS=y
+CONFIG_VFAT_FS=y
+
+CONFIG_NLS_CODEPAGE_437=y
+CONFIG_NLS_ISO8859_1=y
+CONFIG_NLS_UTF8=y
diff --git a/fragments/fs/fuse b/fragments/fs/fuse
new file mode 100644
index 0000000..43e95f2
--- /dev/null
+++ b/fragments/fs/fuse
@@ -0,0 +1 @@
+CONFIG_FUSE_FS=y
diff --git a/fragments/fs/tmpfs b/fragments/fs/tmpfs
new file mode 100644
index 0000000..9b5a40b
--- /dev/null
+++ b/fragments/fs/tmpfs
@@ -0,0 +1,2 @@
+CONFIG_TMPFS=y
+CONFIG_TMPFS_POSIX_ACL=y
diff --git a/fragments/hosts/coleridge b/fragments/hosts/coleridge
new file mode 100644
index 0000000..8ad4c9b
--- /dev/null
+++ b/fragments/hosts/coleridge
@@ -0,0 +1 @@
+CONFIG_EXTRA_FIRMWARE="amd-ucode/microcode_amd_fam15h.bin"
diff --git a/fragments/hosts/nabokov b/fragments/hosts/nabokov
new file mode 100644
index 0000000..f24a95e
--- /dev/null
+++ b/fragments/hosts/nabokov
@@ -0,0 +1,3 @@
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="root=PARTUUID=580f465c-a0ed-324d-8a10-04bb7027b492"
+CONFIG_EXTRA_FIRMWARE="intel-ucode/06-3c-03"
diff --git a/fragments/net/bluetooth b/fragments/net/bluetooth
new file mode 100644
index 0000000..da900ed
--- /dev/null
+++ b/fragments/net/bluetooth
@@ -0,0 +1,3 @@
+CONFIG_BT=m
+CONFIG_BT_RFCOMM=m
+CONFIG_BT_HIDP=y
diff --git a/fragments/net/nftables b/fragments/net/nftables
new file mode 100644
index 0000000..148d48f
--- /dev/null
+++ b/fragments/net/nftables
@@ -0,0 +1,67 @@
+CONFIG_NETFILTER=y
+CONFIG_NETFILTER_NETLINK_ACCT=y
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NETFILTER_NETLINK_OSF=y
+CONFIG_NF_CONNTRACK=y
+# CONFIG_NF_CONNTRACK_PROCFS is not set
+CONFIG_NF_CONNTRACK_MARK=y
+CONFIG_NF_CONNTRACK_LABELS=y
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+# CONFIG_NF_CT_PROTO_UDPLITE is not set
+CONFIG_NF_TABLES=y
+CONFIG_NF_TABLES_SET=y
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
+CONFIG_NFT_NUMGEN=y
+CONFIG_NFT_CT=y
+CONFIG_NFT_COUNTER=y
+CONFIG_NFT_CONNLIMIT=y
+CONFIG_NFT_LOG=y
+CONFIG_NFT_LIMIT=y
+CONFIG_NFT_MASQ=y
+CONFIG_NFT_REDIR=y
+CONFIG_NFT_NAT=y
+CONFIG_NFT_TUNNEL=y
+CONFIG_NFT_OBJREF=y
+CONFIG_NFT_QUEUE=y
+CONFIG_NFT_QUOTA=y
+CONFIG_NFT_REJECT=y
+CONFIG_NFT_HASH=y
+CONFIG_NFT_SOCKET=y
+CONFIG_NFT_OSF=y
+CONFIG_NFT_TPROXY=y
+CONFIG_NF_DUP_NETDEV=y
+CONFIG_NFT_DUP_NETDEV=y
+CONFIG_NFT_FWD_NETDEV=y
+CONFIG_NF_FLOW_TABLE_INET=y
+CONFIG_NF_FLOW_TABLE=y
+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
+CONFIG_NFT_DUP_IPV4=y
+CONFIG_NFT_FIB_INET=y
+CONFIG_NFT_FIB_IPV4=y
+CONFIG_NFT_FLOW_OFFLOAD=y
+CONFIG_NF_TABLES_ARP=y
+CONFIG_NF_FLOW_TABLE_IPV4=y
+CONFIG_NF_LOG_ARP=y
+CONFIG_NF_LOG_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_NFT_CHAIN_NAT_IPV4=y
+CONFIG_NFT_MASQ_IPV4=y
+CONFIG_NFT_REDIR_IPV4=y
+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
+CONFIG_NFT_DUP_IPV6=y
+CONFIG_NFT_FIB_IPV6=y
+CONFIG_NFT_FIB_NETDEV=y
+CONFIG_NF_FLOW_TABLE_IPV6=y
+CONFIG_NF_LOG_IPV6=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_NFT_CHAIN_NAT_IPV6=y
+CONFIG_NFT_MASQ_IPV6=y
+CONFIG_NFT_REDIR_IPV6=y
+CONFIG_BRIDGE_NETFILTER=y
+CONFIG_BRIDGE_VLAN_FILTERING=y
+CONFIG_NF_TABLES_BRIDGE=y
+CONFIG_NFT_BRIDGE_REJECT=y
+CONFIG_NF_LOG_BRIDGE=y
diff --git a/fragments/profile/desktop b/fragments/profile/desktop
new file mode 100644
index 0000000..8d035c2
--- /dev/null
+++ b/fragments/profile/desktop
@@ -0,0 +1,7 @@
+CONFIG_PREEMPT_VOLUNTARY=y
+
+CONFIG_HZ_1000=y
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_EVDEV=y
+
+CONFIG_DRM=y
diff --git a/fragments/profile/server b/fragments/profile/server
new file mode 100644
index 0000000..36580b4
--- /dev/null
+++ b/fragments/profile/server
@@ -0,0 +1,5 @@
+CONFIG_PREEMPT_NONE=y
+
+CONFIG_HZ_300=y
+
+# CONFIG_SUSPEND is not set
diff --git a/fragments/profile/vm b/fragments/profile/vm
new file mode 100644
index 0000000..bf6bc2d
--- /dev/null
+++ b/fragments/profile/vm
@@ -0,0 +1,9 @@
+CONFIG_KVM=y
+CONFIG_KVM_INTEL=y
+CONFIG_KVM_AMD=y
+CONFIG_VHOST_NET=m
+
+CONFIG_MACVLAN=m
+CONFIG_MACVTAP=m
+CONFIG_IPVLAN=m
+CONFIG_IPVTAP=m
diff --git a/fragments/security/audit b/fragments/security/audit
new file mode 100644
index 0000000..f594b65
--- /dev/null
+++ b/fragments/security/audit
@@ -0,0 +1,4 @@
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
diff --git a/fragments/security/cgroups b/fragments/security/cgroups
new file mode 100644
index 0000000..e3ed289
--- /dev/null
+++ b/fragments/security/cgroups
@@ -0,0 +1,7 @@
+CONFIG_CGROUPS=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
diff --git a/fragments/security/namespaces b/fragments/security/namespaces
new file mode 100644
index 0000000..14935f8
--- /dev/null
+++ b/fragments/security/namespaces
@@ -0,0 +1,5 @@
+CONFIG_IPC_NS=y
+CONFIG_NET_NS=y
+CONFIG_PID_NS=y
+CONFIG_USER_NS=y
+CONFIG_UTS_NS=y
diff --git a/merge.sh b/merge.sh
new file mode 100755
index 0000000..69e3c37
--- /dev/null
+++ b/merge.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+errx() {
+ printf "$@" >&2
+ exit 1
+}
+
+set -e
+
+host=${1:-$(hostname)}
+
+if ! test -r "kernfrag/templates/base"; then
+ errx "config: Could not find base template\n"
+fi
+
+if ! test -r "kernfrag/templates/$host"; then
+ errx "config: Could not find template for '%s'\n" "$host"
+fi
+
+printf "Starting merge for %s...\n\n" "$host"
+
+awk 'NF { printf "%s%s\0", "kernfrag/fragments/", $1 }' \
+ "kernfrag/templates/base" "kernfrag/templates/$host" | xargs -0 scripts/kconfig/merge_config.sh
diff --git a/templates/base b/templates/base
new file mode 100644
index 0000000..f41d62b
--- /dev/null
+++ b/templates/base
@@ -0,0 +1,16 @@
+base/common
+base/crypto
+base/modules
+base/net
+base/security
+drivers/i2c
+drivers/pci
+drivers/sata
+drivers/usb
+fs/devtmpfs
+fs/ext4
+fs/fuse
+fs/tmpfs
+net/nftables
+security/cgroups
+security/namespaces
diff --git a/templates/coleridge b/templates/coleridge
new file mode 100644
index 0000000..3261442
--- /dev/null
+++ b/templates/coleridge
@@ -0,0 +1,8 @@
+boot/initrd
+cpu/amd
+devices/net/r8169
+drivers/raid
+hosts/coleridge
+profile/server
+profile/vm
+security/audit
diff --git a/templates/demeter b/templates/demeter
new file mode 100644
index 0000000..5cd3804
--- /dev/null
+++ b/templates/demeter
@@ -0,0 +1,6 @@
+boot/initrd
+cpu/intel
+devices/net/tigon3
+drivers/raid
+fs/cifs
+profile/server
diff --git a/templates/nabokov b/templates/nabokov
new file mode 100644
index 0000000..fd3d4d3
--- /dev/null
+++ b/templates/nabokov
@@ -0,0 +1,11 @@
+cpu/intel
+devices/input/xpad
+devices/net/r8169
+devices/usb/bluetooth
+devices/usb/sound
+drivers/sound
+fs/foreign
+hosts/nabokov
+net/bluetooth
+profile/desktop
+profile/vm