* Use zswap instead of swap in zram
This requires a swap file which will get generated automatically on
startup.
* Fix file size and free disk space comparison
* Set zswap factor to 33%
* Set vm.swappiness to 1
Decrease swapping to a minimum. This is also recommended for database
work loads by the MariaDB documentation. In practice it causes the least
amount of writes to disk when under memory pressure, while still making
swap available when needed.
It seems that Raspberry Pi enabled Multi-Gen LRU by default. By my
testing, it performs worse in some situation. Add it by default for all
platforms, but disable it by default for now.
* Add security library libseccomp
Enable libseccomp to activate seccomp support in HAOS. This will compile
systemd and Docker with seccomp support.
Note: Traditionally Supervisor required to disable seccomp. This seems
no longer to be the case with current Supervisor, but it needs further
testing. All containers started by Supervisor get currently started with
seccomp disabled.
* Enable seccomp in the kernel
The fq_codel network scheduler is the de-facto standard nowadays in most
distros. Systemd enables the scheduler by default if available. Make
sure all boards have the necessary kernel module activated.
* RaspberryPi: Update kernel 5.15.61 - 1.20220830
* Add Yellow to the Raspberry Pi kernel update script
* Bump Yellow to kernel 5.15.61 - 1.20220830
Also drop the work around for the LED polarity as the new firmware
has been fixed.
* Explicitly select no kernel module compression
Home Assistant OS uses a compressed rootfs already, no compression for
kernel modules necessary.
* Bump buildroot
* buildroot d7e4c223e5...5468d36a26 (1):
> package/rpi-firmware: bump version to 1.20220830
* Move Bluetooth protocol configuration to hassos.config
Enable a couple of potential useful Bluetooth protocol drivers.
Also enable Bluetooth Network Encapsulation Protocol since the BlueZ
plug-in seems to be enabled.
* Drop OverlayFS configuration not liked by Docker
* Bump buildroot
* buildroot 0397d9c8f0...2ba3394abf (1):
> package/docker-engine: use kernel modules for extra network drivers
* Make IPv6 SIT tunnel driver a kernel module
This is what distributions seem to be doing too.
* Support firewall matching by pkttype
Matching by pkttype is required by the reference OTBR firewall script.
* Add additional Kernel configurations required for OpenThread.
The CRDA (Central Regulatory Domain Agent) utility has been used as a
user space helper to load regulatory information for WiFi drivers.
However, since Linux 4.15 the kernel can load the regulatory information
directly from a signed firmware file "regulatory.db".
The regulatory.db file is provided by the WIRELESS_REGDB package, which
has been already installed since its a dependency of CRDA.
Drop CRDA and select WIRELESS_REGDB package explicitly to make sure the
regulatory.db file is present.
The Wireless Extension framework is deprecated, but it seems that the
Wireless Extensions proc API is still popular (/proc/net/wireless).
Enable the minimal set of Wireless Extension to get the proc API.
* Enable hidraw driver (#1120)
The hidraw driver is required by some IoT devices such as Wyze sense or
Jablotron JA-100. Enable the driver on all platforms by default.
