]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/profiles/hardware/cubieboard2.nix
mermet: lower redis-rspamd RAM
[sourcephile-nix.git] / nixos / profiles / hardware / cubieboard2.nix
1 { pkgs, lib, config, modulesPath, ... }:
2 {
3 imports = [
4 "${modulesPath}/installer/sd-card/sd-image.nix"
5 ];
6
7 nix = {
8 # Too CPU hungry for the Cubieboard2, for too little Mio saved
9 autoOptimiseStore = false;
10 maxJobs = host.CPUs;
11 };
12 powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
13
14 boot.supportedFilesystems = [
15 #"btrfs"
16 #"reiserfs"
17 "vfat"
18 #"f2fs"
19 #"xfs"
20 #"zfs"
21 #"ntfs"
22 #"cifs"
23 ];
24
25 # The serial ports listed here are:
26 # - ttyS0: for Tegra (Jetson TK1)
27 # - ttymxc0: for i.MX6 (Wandboard)
28 # - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
29 # - ttyO0: for OMAP (BeagleBone Black)
30 # - ttySAC2: for Exynos (ODROID-XU3)
31 boot.consoleLogLevel = lib.mkDefault 7;
32 boot.kernelParams = [
33 "console=ttyS0,115200n8"
34 "console=ttymxc0,115200n8"
35 "console=ttyAMA0,115200n8"
36 "console=ttyO0,115200n8"
37 "console=ttySAC2,115200n8"
38 "console=tty0"
39 ];
40
41 #nixpkgs.config.allowUnfree = true;
42 nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
43 nixpkgs.overlays = [
44 (final: super: {
45 # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
46 mesa = super.mesa.override {
47 driDrivers = [];
48 eglPlatforms = ["x11"];
49 enableGalliumNine = false;
50 galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"];
51 vulkanDrivers = [];
52 };
53 })
54 (final: super: {
55 linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: {
56 kernel = ksuper.kernel.override {
57 defconfig = "sunxi_defconfig";
58 structuredExtraConfig = with lib.kernel; {
59 #
60 # File systems
61 #
62 PSTORE = yes;
63 VFAT_FS = yes;
64 EXT4_FS = yes;
65 EXT4_USE_FOR_EXT2 = yes;
66
67 #
68 # Networking options
69 #
70 TCP_CONG_BBR = module;
71 IPV6 = yes;
72 IPV6_ROUTER_PREF = yes;
73 IPV6_ROUTE_INFO = yes;
74 IPV6_OPTIMISTIC_DAD = yes;
75 INET6_AH = module;
76 INET6_ESP = module;
77 INET6_ESP_OFFLOAD = module;
78 INET6_ESPINTCP = yes;
79 INET6_IPCOMP = module;
80 IPV6_MIP6 = module;
81 IPV6_ILA = module;
82 INET6_XFRM_TUNNEL = module;
83 INET6_TUNNEL = module;
84 IPV6_VTI = module;
85 IPV6_SIT = module;
86 IPV6_SIT_6RD = yes;
87 IPV6_NDISC_NODETYPE = yes;
88 IPV6_TUNNEL = module;
89 IPV6_MULTIPLE_TABLES = yes;
90 IPV6_SUBTREES = yes;
91 IPV6_MROUTE = yes;
92 IPV6_MROUTE_MULTIPLE_TABLES = yes;
93 IPV6_PIMSM_V2 = yes;
94 IPV6_SEG6_LWTUNNEL = yes;
95 IPV6_SEG6_HMAC = yes;
96 IPV6_RPL_LWTUNNEL = yes;
97 # CONFIG_MPTCP is not set
98 # CONFIG_NETWORK_SECMARK is not set
99 NET_PTP_CLASSIFY = yes;
100 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
101 NETFILTER = yes;
102 NETFILTER_ADVANCED = yes;
103
104 #
105 # Core Netfilter Configuration
106 #
107 NETFILTER_INGRESS = yes;
108 NETFILTER_NETLINK = module;
109 NETFILTER_FAMILY_ARP = yes;
110 NETFILTER_NETLINK_HOOK = module;
111 NETFILTER_NETLINK_ACCT = module;
112 NETFILTER_NETLINK_QUEUE = module;
113 NETFILTER_NETLINK_LOG = module;
114 NETFILTER_NETLINK_OSF = module;
115 NF_CONNTRACK = module;
116 NF_LOG_SYSLOG = module;
117 NETFILTER_CONNCOUNT = module;
118 NF_CONNTRACK_MARK = yes;
119 NF_CONNTRACK_ZONES = yes;
120 NF_CONNTRACK_PROCFS = yes;
121 NF_CONNTRACK_EVENTS = yes;
122 NF_CONNTRACK_TIMEOUT = yes;
123 NF_CONNTRACK_TIMESTAMP = yes;
124 NF_CONNTRACK_LABELS = yes;
125 NF_CT_PROTO_DCCP = yes;
126 NF_CT_PROTO_SCTP = yes;
127 NF_CT_PROTO_UDPLITE = yes;
128 # CONFIG_NF_CONNTRACK_AMANDA is not set
129 # CONFIG_NF_CONNTRACK_FTP is not set
130 # CONFIG_NF_CONNTRACK_H323 is not set
131 # CONFIG_NF_CONNTRACK_IRC is not set
132 # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
133 # CONFIG_NF_CONNTRACK_SNMP is not set
134 # CONFIG_NF_CONNTRACK_PPTP is not set
135 # CONFIG_NF_CONNTRACK_SANE is not set
136 # CONFIG_NF_CONNTRACK_SIP is not set
137 # CONFIG_NF_CONNTRACK_TFTP is not set
138 NF_CT_NETLINK = module;
139 NF_CT_NETLINK_TIMEOUT = module;
140 NF_CT_NETLINK_HELPER = module;
141 NETFILTER_NETLINK_GLUE_CT = yes;
142 NF_NAT = module;
143 NF_NAT_REDIRECT = yes;
144 NF_NAT_MASQUERADE = yes;
145 NETFILTER_SYNPROXY = module;
146 NF_TABLES = module;
147 NF_TABLES_INET = yes;
148 NF_TABLES_NETDEV = yes;
149 NFT_NUMGEN = module;
150 NFT_CT = module;
151 NFT_COUNTER = module;
152 NFT_CONNLIMIT = module;
153 NFT_LOG = module;
154 NFT_LIMIT = module;
155 NFT_MASQ = module;
156 NFT_REDIR = module;
157 NFT_NAT = module;
158 NFT_TUNNEL = module;
159 NFT_OBJREF = module;
160 NFT_QUEUE = module;
161 NFT_QUOTA = module;
162 NFT_REJECT = module;
163 NFT_REJECT_INET = module;
164 NFT_COMPAT = module;
165 NFT_HASH = module;
166 NFT_FIB = module;
167 NFT_FIB_INET = module;
168 NFT_XFRM = module;
169 NFT_SOCKET = module;
170 NFT_OSF = module;
171 NFT_TPROXY = module;
172 NFT_SYNPROXY = module;
173 NF_DUP_NETDEV = module;
174 NFT_DUP_NETDEV = module;
175 NFT_FWD_NETDEV = module;
176 NFT_FIB_NETDEV = module;
177 NFT_REJECT_NETDEV = module;
178 # CONFIG_NF_FLOW_TABLE is not set
179 NETFILTER_XTABLES = module;
180
181 #
182 # Xtables combined modules
183 #
184 NETFILTER_XT_MARK = module;
185 NETFILTER_XT_CONNMARK = module;
186 NETFILTER_XT_SET = module;
187
188 #
189 # Xtables targets
190 #
191 NETFILTER_XT_TARGET_CHECKSUM = module;
192 NETFILTER_XT_TARGET_CLASSIFY = module;
193 NETFILTER_XT_TARGET_CONNMARK = module;
194 NETFILTER_XT_TARGET_CT = module;
195 NETFILTER_XT_TARGET_DSCP = module;
196 NETFILTER_XT_TARGET_HL = module;
197 NETFILTER_XT_TARGET_HMARK = module;
198 NETFILTER_XT_TARGET_IDLETIMER = module;
199 NETFILTER_XT_TARGET_LED = module;
200 NETFILTER_XT_TARGET_LOG = module;
201 NETFILTER_XT_TARGET_MARK = module;
202 NETFILTER_XT_NAT = module;
203 NETFILTER_XT_TARGET_NETMAP = module;
204 NETFILTER_XT_TARGET_NFLOG = module;
205 NETFILTER_XT_TARGET_NFQUEUE = module;
206 NETFILTER_XT_TARGET_NOTRACK = module;
207 NETFILTER_XT_TARGET_RATEEST = module;
208 NETFILTER_XT_TARGET_REDIRECT = module;
209 NETFILTER_XT_TARGET_MASQUERADE = module;
210 NETFILTER_XT_TARGET_TEE = module;
211 NETFILTER_XT_TARGET_TPROXY = module;
212 NETFILTER_XT_TARGET_TRACE = module;
213 NETFILTER_XT_TARGET_TCPMSS = module;
214 NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
215
216 #
217 # Xtables matches
218 #
219 NETFILTER_XT_MATCH_ADDRTYPE = module;
220 NETFILTER_XT_MATCH_BPF = module;
221 NETFILTER_XT_MATCH_CGROUP = module;
222 NETFILTER_XT_MATCH_CLUSTER = module;
223 NETFILTER_XT_MATCH_COMMENT = module;
224 NETFILTER_XT_MATCH_CONNBYTES = module;
225 NETFILTER_XT_MATCH_CONNLABEL = module;
226 NETFILTER_XT_MATCH_CONNLIMIT = module;
227 NETFILTER_XT_MATCH_CONNMARK = module;
228 NETFILTER_XT_MATCH_CONNTRACK = module;
229 NETFILTER_XT_MATCH_CPU = module;
230 NETFILTER_XT_MATCH_DCCP = module;
231 NETFILTER_XT_MATCH_DEVGROUP = module;
232 NETFILTER_XT_MATCH_DSCP = module;
233 NETFILTER_XT_MATCH_ECN = module;
234 NETFILTER_XT_MATCH_ESP = module;
235 NETFILTER_XT_MATCH_HASHLIMIT = module;
236 NETFILTER_XT_MATCH_HELPER = module;
237 NETFILTER_XT_MATCH_HL = module;
238 NETFILTER_XT_MATCH_IPCOMP = module;
239 NETFILTER_XT_MATCH_IPRANGE = module;
240 NETFILTER_XT_MATCH_L2TP = module;
241 NETFILTER_XT_MATCH_LENGTH = module;
242 NETFILTER_XT_MATCH_LIMIT = module;
243 NETFILTER_XT_MATCH_MAC = module;
244 NETFILTER_XT_MATCH_MARK = module;
245 NETFILTER_XT_MATCH_MULTIPORT = module;
246 NETFILTER_XT_MATCH_NFACCT = module;
247 NETFILTER_XT_MATCH_OSF = module;
248 NETFILTER_XT_MATCH_OWNER = module;
249 # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
250 NETFILTER_XT_MATCH_PKTTYPE = module;
251 NETFILTER_XT_MATCH_QUOTA = module;
252 NETFILTER_XT_MATCH_RATEEST = module;
253 NETFILTER_XT_MATCH_REALM = module;
254 NETFILTER_XT_MATCH_RECENT = module;
255 NETFILTER_XT_MATCH_SCTP = module;
256 NETFILTER_XT_MATCH_SOCKET = module;
257 NETFILTER_XT_MATCH_STATE = module;
258 NETFILTER_XT_MATCH_STATISTIC = module;
259 NETFILTER_XT_MATCH_STRING = module;
260 NETFILTER_XT_MATCH_TCPMSS = module;
261 NETFILTER_XT_MATCH_TIME = module;
262 NETFILTER_XT_MATCH_U32 = module;
263 # end of Core Netfilter Configuration
264
265 IP_SET = module;
266 IP_SET_MAX.freeform = "256";
267 IP_SET_BITMAP_IP = module;
268 IP_SET_BITMAP_IPMAC = module;
269 IP_SET_BITMAP_PORT = module;
270 IP_SET_HASH_IP = module;
271 IP_SET_HASH_IPMARK = module;
272 IP_SET_HASH_IPPORT = module;
273 IP_SET_HASH_IPPORTIP = module;
274 IP_SET_HASH_IPPORTNET = module;
275 IP_SET_HASH_IPMAC = module;
276 IP_SET_HASH_MAC = module;
277 IP_SET_HASH_NETPORTNET = module;
278 IP_SET_HASH_NET = module;
279 IP_SET_HASH_NETNET = module;
280 IP_SET_HASH_NETPORT = module;
281 IP_SET_HASH_NETIFACE = module;
282 IP_SET_LIST_SET = module;
283 # CONFIG_IP_VS is not set
284
285 #
286 # IP: Netfilter Configuration
287 #
288 NF_DEFRAG_IPV4 = module;
289 NF_SOCKET_IPV4 = module;
290 NF_TPROXY_IPV4 = module;
291 NF_TABLES_IPV4 = yes;
292 NFT_REJECT_IPV4 = module;
293 NFT_DUP_IPV4 = module;
294 NFT_FIB_IPV4 = module;
295 # CONFIG_NF_TABLES_ARP is not set
296 NF_DUP_IPV4 = module;
297 # CONFIG_NF_LOG_ARP is not set
298 # CONFIG_NF_LOG_IPV4 is not set
299 NF_REJECT_IPV4 = module;
300 IP_NF_IPTABLES = module;
301 IP_NF_MATCH_AH = module;
302 IP_NF_MATCH_ECN = module;
303 IP_NF_MATCH_RPFILTER = module;
304 IP_NF_MATCH_TTL = module;
305 IP_NF_FILTER = module;
306 IP_NF_TARGET_REJECT = module;
307 IP_NF_TARGET_SYNPROXY = module;
308 IP_NF_NAT = module;
309 IP_NF_TARGET_MASQUERADE = module;
310 IP_NF_TARGET_NETMAP = module;
311 IP_NF_TARGET_REDIRECT = module;
312 IP_NF_MANGLE = module;
313 IP_NF_TARGET_CLUSTERIP = module;
314 IP_NF_TARGET_ECN = module;
315 IP_NF_TARGET_TTL = module;
316 # CONFIG_IP_NF_RAW is not set
317 # CONFIG_IP_NF_ARPTABLES is not set
318 # end of IP: Netfilter Configuration
319
320 #
321 # IPv6: Netfilter Configuration
322 #
323 NF_SOCKET_IPV6 = module;
324 NF_TPROXY_IPV6 = module;
325 NF_TABLES_IPV6 = yes;
326 NFT_REJECT_IPV6 = module;
327 NFT_DUP_IPV6 = module;
328 NFT_FIB_IPV6 = module;
329 NF_DUP_IPV6 = module;
330 NF_REJECT_IPV6 = module;
331 NF_LOG_IPV6 = module;
332 IP6_NF_IPTABLES = module;
333 IP6_NF_MATCH_AH = module;
334 IP6_NF_MATCH_EUI64 = module;
335 IP6_NF_MATCH_FRAG = module;
336 IP6_NF_MATCH_OPTS = module;
337 IP6_NF_MATCH_HL = module;
338 IP6_NF_MATCH_IPV6HEADER = module;
339 IP6_NF_MATCH_MH = module;
340 IP6_NF_MATCH_RPFILTER = module;
341 IP6_NF_MATCH_RT = module;
342 IP6_NF_MATCH_SRH = module;
343 IP6_NF_TARGET_HL = module;
344 IP6_NF_FILTER = module;
345 IP6_NF_TARGET_REJECT = module;
346 IP6_NF_TARGET_SYNPROXY = module;
347 IP6_NF_MANGLE = module;
348 IP6_NF_RAW = module;
349 IP6_NF_NAT = module;
350 IP6_NF_TARGET_MASQUERADE = module;
351 IP6_NF_TARGET_NPT = module;
352 # end of IPv6: Netfilter Configuration
353
354 NF_DEFRAG_IPV6 = module;
355
356 #
357 # Disabling
358 #
359 ADFS_FS = no;
360 AFFS_FS = no;
361 BEFS_FS = no;
362 BFS_FS = no;
363 BTRFS = no;
364 BTRFS_FS = no;
365 CEPH_FS = no;
366 CIFS = no;
367 CRAMFS = no;
368 ECRYPT_FS = no;
369 EFS_FS = no;
370 EROFS_FS = no;
371 EXT2_FS = no;
372 EXT3_FS = no;
373 F2FS_FS = lib.mkForce no;
374 GFS2_FS = no;
375 HFSPLUS_FS = no;
376 HFS_FS = no;
377 HPFS_FS = no;
378 JFS_FS = no;
379 MINIX_FS = no;
380 NET_9P = no;
381 NFSD = no;
382 NFS_FS = no;
383 NILFS2_FS = no;
384 OMFS_FS = no;
385 ORANGEFS_FS = no;
386 QNX4FS_FS = no;
387 QNX6FS_FS = no;
388 REISERFS_FS = no;
389 ROMFS_FS = no;
390 SQUASHFS = no;
391 SYSV_FS = no;
392 UFS_FS = no;
393 VXFS_FS = no;
394 XFS_FS = no;
395
396 MISC_FILESYSTEMS = no;
397
398 DECNET = no;
399 SCTP = no;
400 RDS = no;
401 DCCP = no;
402 TIPC = no;
403 CAIF = no;
404 CEPH = no;
405 VMW_SOCK = no;
406 HSR = no;
407 QRTR = no;
408 MPI = no;
409 RAID6 = no;
410 STAGING = lib.mkForce no;
411
412 "6LOWPAN" = no;
413 ARCNET = no;
414 B53 = no;
415 BATMAN_ADV = no;
416 BT = no;
417 CAN = no;
418 COMEDI = no;
419 DRM_STM = lib.mkForce no;
420 INFINIBAND = no;
421 INPUT_TOUCHSCREEN = no;
422 MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
423 MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
424 MEDIA_TUNER = no;
425 MPLS = no;
426 MPTCP = lib.mkForce no;
427 NFC = no;
428 NF_TABLES_BRIDGE = lib.mkForce no;
429 NVME = no;
430 OPENVSWITCH = no;
431 PARAVIRT = lib.mkForce no;
432 POWER_SUPPLY = no;
433 USB_GSPCA = lib.mkForce no;
434 VIDEO_STK1160_COMMON = lib.mkForce no;
435 XEN = lib.mkForce no;
436 #NVME_CORE = no;
437 };
438 #ignoreConfigErrors = true;
439 };
440 });
441 })
442 ];
443 boot.cleanTmpDir = true;
444 boot.tmpOnTmpfs = lib.mkForce false;
445 # TODO: is that needed?
446 hardware.enableRedistributableFirmware = true;
447 sdImage = {
448 postBuildCommands = ''
449 dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
450 '';
451 compressImage = true;
452 expandOnBoot = true;
453 firmwareSize = 1;
454 populateFirmwareCommands = "";
455 populateRootCommands = ''
456 mkdir -p ./files/boot
457 ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
458 '';
459 };
460 boot.loader.grub.enable = false;
461 boot.loader.generic-extlinux-compatible.enable = true;
462 # nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
463 boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
464 boot.initrd.availableKernelModules = lib.mkForce [
465 "mmc_block"
466 "usbhid"
467 "hid_generic"
468 "hid_microsoft"
469 ];
470 }