1 { pkgs, lib, config, modulesPath, ... }:
4 "${modulesPath}/installer/sd-card/sd-image-armv7l-multiplatform.nix"
6 #nixpkgs.config.allowUnfree = true;
7 nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
10 # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
11 mesa = super.mesa.override {
13 eglPlatforms = ["x11"];
14 enableGalliumNine = false;
15 galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"];
20 boot.cleanTmpDir = true;
21 boot.tmpOnTmpfs = lib.mkForce false;
22 # TODO: is that needed?
23 hardware.enableRedistributableFirmware = true;
25 postBuildCommands = ''
26 dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
31 populateFirmwareCommands = lib.mkForce "";
33 boot.initrd.availableKernelModules = lib.mkForce [
39 # nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
40 boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
43 linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: {
44 kernel = ksuper.kernel.override {
45 defconfig = "sunxi_defconfig";
46 structuredExtraConfig = with lib.kernel; {
53 EXT4_USE_FOR_EXT2 = yes;
58 TCP_CONG_BBR = module;
60 IPV6_ROUTER_PREF = yes;
61 IPV6_ROUTE_INFO = yes;
62 IPV6_OPTIMISTIC_DAD = yes;
65 INET6_ESP_OFFLOAD = module;
67 INET6_IPCOMP = module;
70 INET6_XFRM_TUNNEL = module;
71 INET6_TUNNEL = module;
75 IPV6_NDISC_NODETYPE = yes;
77 IPV6_MULTIPLE_TABLES = yes;
80 IPV6_MROUTE_MULTIPLE_TABLES = yes;
82 IPV6_SEG6_LWTUNNEL = yes;
84 IPV6_RPL_LWTUNNEL = yes;
85 # CONFIG_MPTCP is not set
86 # CONFIG_NETWORK_SECMARK is not set
87 NET_PTP_CLASSIFY = yes;
88 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
90 NETFILTER_ADVANCED = yes;
93 # Core Netfilter Configuration
95 NETFILTER_INGRESS = yes;
96 NETFILTER_NETLINK = module;
97 NETFILTER_FAMILY_ARP = yes;
98 NETFILTER_NETLINK_HOOK = module;
99 NETFILTER_NETLINK_ACCT = module;
100 NETFILTER_NETLINK_QUEUE = module;
101 NETFILTER_NETLINK_LOG = module;
102 NETFILTER_NETLINK_OSF = module;
103 NF_CONNTRACK = module;
104 NF_LOG_SYSLOG = module;
105 NETFILTER_CONNCOUNT = module;
106 NF_CONNTRACK_MARK = yes;
107 NF_CONNTRACK_ZONES = yes;
108 NF_CONNTRACK_PROCFS = yes;
109 NF_CONNTRACK_EVENTS = yes;
110 NF_CONNTRACK_TIMEOUT = yes;
111 NF_CONNTRACK_TIMESTAMP = yes;
112 NF_CONNTRACK_LABELS = yes;
113 NF_CT_PROTO_DCCP = yes;
114 NF_CT_PROTO_SCTP = yes;
115 NF_CT_PROTO_UDPLITE = yes;
116 # CONFIG_NF_CONNTRACK_AMANDA is not set
117 # CONFIG_NF_CONNTRACK_FTP is not set
118 # CONFIG_NF_CONNTRACK_H323 is not set
119 # CONFIG_NF_CONNTRACK_IRC is not set
120 # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
121 # CONFIG_NF_CONNTRACK_SNMP is not set
122 # CONFIG_NF_CONNTRACK_PPTP is not set
123 # CONFIG_NF_CONNTRACK_SANE is not set
124 # CONFIG_NF_CONNTRACK_SIP is not set
125 # CONFIG_NF_CONNTRACK_TFTP is not set
126 NF_CT_NETLINK = module;
127 NF_CT_NETLINK_TIMEOUT = module;
128 NF_CT_NETLINK_HELPER = module;
129 NETFILTER_NETLINK_GLUE_CT = yes;
131 NF_NAT_REDIRECT = yes;
132 NF_NAT_MASQUERADE = yes;
133 NETFILTER_SYNPROXY = module;
135 NF_TABLES_INET = yes;
136 NF_TABLES_NETDEV = yes;
139 NFT_COUNTER = module;
140 NFT_CONNLIMIT = module;
151 NFT_REJECT_INET = module;
155 NFT_FIB_INET = module;
160 NFT_SYNPROXY = module;
161 NF_DUP_NETDEV = module;
162 NFT_DUP_NETDEV = module;
163 NFT_FWD_NETDEV = module;
164 NFT_FIB_NETDEV = module;
165 NFT_REJECT_NETDEV = module;
166 # CONFIG_NF_FLOW_TABLE is not set
167 NETFILTER_XTABLES = module;
170 # Xtables combined modules
172 NETFILTER_XT_MARK = module;
173 NETFILTER_XT_CONNMARK = module;
174 NETFILTER_XT_SET = module;
179 NETFILTER_XT_TARGET_CHECKSUM = module;
180 NETFILTER_XT_TARGET_CLASSIFY = module;
181 NETFILTER_XT_TARGET_CONNMARK = module;
182 NETFILTER_XT_TARGET_CT = module;
183 NETFILTER_XT_TARGET_DSCP = module;
184 NETFILTER_XT_TARGET_HL = module;
185 NETFILTER_XT_TARGET_HMARK = module;
186 NETFILTER_XT_TARGET_IDLETIMER = module;
187 NETFILTER_XT_TARGET_LED = module;
188 NETFILTER_XT_TARGET_LOG = module;
189 NETFILTER_XT_TARGET_MARK = module;
190 NETFILTER_XT_NAT = module;
191 NETFILTER_XT_TARGET_NETMAP = module;
192 NETFILTER_XT_TARGET_NFLOG = module;
193 NETFILTER_XT_TARGET_NFQUEUE = module;
194 NETFILTER_XT_TARGET_NOTRACK = module;
195 NETFILTER_XT_TARGET_RATEEST = module;
196 NETFILTER_XT_TARGET_REDIRECT = module;
197 NETFILTER_XT_TARGET_MASQUERADE = module;
198 NETFILTER_XT_TARGET_TEE = module;
199 NETFILTER_XT_TARGET_TPROXY = module;
200 NETFILTER_XT_TARGET_TRACE = module;
201 NETFILTER_XT_TARGET_TCPMSS = module;
202 NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
207 NETFILTER_XT_MATCH_ADDRTYPE = module;
208 NETFILTER_XT_MATCH_BPF = module;
209 NETFILTER_XT_MATCH_CGROUP = module;
210 NETFILTER_XT_MATCH_CLUSTER = module;
211 NETFILTER_XT_MATCH_COMMENT = module;
212 NETFILTER_XT_MATCH_CONNBYTES = module;
213 NETFILTER_XT_MATCH_CONNLABEL = module;
214 NETFILTER_XT_MATCH_CONNLIMIT = module;
215 NETFILTER_XT_MATCH_CONNMARK = module;
216 NETFILTER_XT_MATCH_CONNTRACK = module;
217 NETFILTER_XT_MATCH_CPU = module;
218 NETFILTER_XT_MATCH_DCCP = module;
219 NETFILTER_XT_MATCH_DEVGROUP = module;
220 NETFILTER_XT_MATCH_DSCP = module;
221 NETFILTER_XT_MATCH_ECN = module;
222 NETFILTER_XT_MATCH_ESP = module;
223 NETFILTER_XT_MATCH_HASHLIMIT = module;
224 NETFILTER_XT_MATCH_HELPER = module;
225 NETFILTER_XT_MATCH_HL = module;
226 NETFILTER_XT_MATCH_IPCOMP = module;
227 NETFILTER_XT_MATCH_IPRANGE = module;
228 NETFILTER_XT_MATCH_L2TP = module;
229 NETFILTER_XT_MATCH_LENGTH = module;
230 NETFILTER_XT_MATCH_LIMIT = module;
231 NETFILTER_XT_MATCH_MAC = module;
232 NETFILTER_XT_MATCH_MARK = module;
233 NETFILTER_XT_MATCH_MULTIPORT = module;
234 NETFILTER_XT_MATCH_NFACCT = module;
235 NETFILTER_XT_MATCH_OSF = module;
236 NETFILTER_XT_MATCH_OWNER = module;
237 # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
238 NETFILTER_XT_MATCH_PKTTYPE = module;
239 NETFILTER_XT_MATCH_QUOTA = module;
240 NETFILTER_XT_MATCH_RATEEST = module;
241 NETFILTER_XT_MATCH_REALM = module;
242 NETFILTER_XT_MATCH_RECENT = module;
243 NETFILTER_XT_MATCH_SCTP = module;
244 NETFILTER_XT_MATCH_SOCKET = module;
245 NETFILTER_XT_MATCH_STATE = module;
246 NETFILTER_XT_MATCH_STATISTIC = module;
247 NETFILTER_XT_MATCH_STRING = module;
248 NETFILTER_XT_MATCH_TCPMSS = module;
249 NETFILTER_XT_MATCH_TIME = module;
250 NETFILTER_XT_MATCH_U32 = module;
251 # end of Core Netfilter Configuration
254 IP_SET_MAX.freeform = "256";
255 IP_SET_BITMAP_IP = module;
256 IP_SET_BITMAP_IPMAC = module;
257 IP_SET_BITMAP_PORT = module;
258 IP_SET_HASH_IP = module;
259 IP_SET_HASH_IPMARK = module;
260 IP_SET_HASH_IPPORT = module;
261 IP_SET_HASH_IPPORTIP = module;
262 IP_SET_HASH_IPPORTNET = module;
263 IP_SET_HASH_IPMAC = module;
264 IP_SET_HASH_MAC = module;
265 IP_SET_HASH_NETPORTNET = module;
266 IP_SET_HASH_NET = module;
267 IP_SET_HASH_NETNET = module;
268 IP_SET_HASH_NETPORT = module;
269 IP_SET_HASH_NETIFACE = module;
270 IP_SET_LIST_SET = module;
271 # CONFIG_IP_VS is not set
274 # IP: Netfilter Configuration
276 NF_DEFRAG_IPV4 = module;
277 NF_SOCKET_IPV4 = module;
278 NF_TPROXY_IPV4 = module;
279 NF_TABLES_IPV4 = yes;
280 NFT_REJECT_IPV4 = module;
281 NFT_DUP_IPV4 = module;
282 NFT_FIB_IPV4 = module;
283 # CONFIG_NF_TABLES_ARP is not set
284 NF_DUP_IPV4 = module;
285 # CONFIG_NF_LOG_ARP is not set
286 # CONFIG_NF_LOG_IPV4 is not set
287 NF_REJECT_IPV4 = module;
288 IP_NF_IPTABLES = module;
289 IP_NF_MATCH_AH = module;
290 IP_NF_MATCH_ECN = module;
291 IP_NF_MATCH_RPFILTER = module;
292 IP_NF_MATCH_TTL = module;
293 IP_NF_FILTER = module;
294 IP_NF_TARGET_REJECT = module;
295 IP_NF_TARGET_SYNPROXY = module;
297 IP_NF_TARGET_MASQUERADE = module;
298 IP_NF_TARGET_NETMAP = module;
299 IP_NF_TARGET_REDIRECT = module;
300 IP_NF_MANGLE = module;
301 IP_NF_TARGET_CLUSTERIP = module;
302 IP_NF_TARGET_ECN = module;
303 IP_NF_TARGET_TTL = module;
304 # CONFIG_IP_NF_RAW is not set
305 # CONFIG_IP_NF_ARPTABLES is not set
306 # end of IP: Netfilter Configuration
309 # IPv6: Netfilter Configuration
311 NF_SOCKET_IPV6 = module;
312 NF_TPROXY_IPV6 = module;
313 NF_TABLES_IPV6 = yes;
314 NFT_REJECT_IPV6 = module;
315 NFT_DUP_IPV6 = module;
316 NFT_FIB_IPV6 = module;
317 NF_DUP_IPV6 = module;
318 NF_REJECT_IPV6 = module;
319 NF_LOG_IPV6 = module;
320 IP6_NF_IPTABLES = module;
321 IP6_NF_MATCH_AH = module;
322 IP6_NF_MATCH_EUI64 = module;
323 IP6_NF_MATCH_FRAG = module;
324 IP6_NF_MATCH_OPTS = module;
325 IP6_NF_MATCH_HL = module;
326 IP6_NF_MATCH_IPV6HEADER = module;
327 IP6_NF_MATCH_MH = module;
328 IP6_NF_MATCH_RPFILTER = module;
329 IP6_NF_MATCH_RT = module;
330 IP6_NF_MATCH_SRH = module;
331 IP6_NF_TARGET_HL = module;
332 IP6_NF_FILTER = module;
333 IP6_NF_TARGET_REJECT = module;
334 IP6_NF_TARGET_SYNPROXY = module;
335 IP6_NF_MANGLE = module;
338 IP6_NF_TARGET_MASQUERADE = module;
339 IP6_NF_TARGET_NPT = module;
340 # end of IPv6: Netfilter Configuration
342 NF_DEFRAG_IPV6 = module;
361 F2FS_FS = lib.mkForce no;
384 MISC_FILESYSTEMS = no;
398 STAGING = lib.mkForce no;
407 DRM_STM = lib.mkForce no;
409 INPUT_TOUCHSCREEN = no;
410 MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
411 MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
414 MPTCP = lib.mkForce no;
416 NF_TABLES_BRIDGE = lib.mkForce no;
419 PARAVIRT = lib.mkForce no;
421 USB_GSPCA = lib.mkForce no;
422 VIDEO_STK1160_COMMON = lib.mkForce no;
423 XEN = lib.mkForce no;
426 #ignoreConfigErrors = true;