]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/profiles/hardware/cubieboard2.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
carotte: prepare switch install
[sourcephile-nix.git] / nixos / profiles / hardware / cubieboard2.nix
1 { pkgs, lib, config, modulesPath, ... }:
2 {
3 imports = [
4 "${modulesPath}/installer/sd-card/sd-image-armv7l-multiplatform.nix"
5 ];
6 #nixpkgs.config.allowUnfree = true;
7 nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
8 nixpkgs.overlays = [
9 (final: super: {
10 # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
11 mesa = super.mesa.override {
12 driDrivers = [];
13 eglPlatforms = ["x11"];
14 enableGalliumNine = false;
15 galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"];
16 vulkanDrivers = [];
17 };
18 })
19 (final: super: {
20 linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: {
21 kernel = ksuper.kernel.override {
22 defconfig = "sunxi_defconfig";
23 structuredExtraConfig = with lib.kernel; {
24 #
25 # File systems
26 #
27 PSTORE = yes;
28 VFAT_FS = yes;
29 EXT4_FS = yes;
30 EXT4_USE_FOR_EXT2 = yes;
31
32 #
33 # Networking options
34 #
35 TCP_CONG_BBR = module;
36 IPV6 = yes;
37 IPV6_ROUTER_PREF = yes;
38 IPV6_ROUTE_INFO = yes;
39 IPV6_OPTIMISTIC_DAD = yes;
40 INET6_AH = module;
41 INET6_ESP = module;
42 INET6_ESP_OFFLOAD = module;
43 INET6_ESPINTCP = yes;
44 INET6_IPCOMP = module;
45 IPV6_MIP6 = module;
46 IPV6_ILA = module;
47 INET6_XFRM_TUNNEL = module;
48 INET6_TUNNEL = module;
49 IPV6_VTI = module;
50 IPV6_SIT = module;
51 IPV6_SIT_6RD = yes;
52 IPV6_NDISC_NODETYPE = yes;
53 IPV6_TUNNEL = module;
54 IPV6_MULTIPLE_TABLES = yes;
55 IPV6_SUBTREES = yes;
56 IPV6_MROUTE = yes;
57 IPV6_MROUTE_MULTIPLE_TABLES = yes;
58 IPV6_PIMSM_V2 = yes;
59 IPV6_SEG6_LWTUNNEL = yes;
60 IPV6_SEG6_HMAC = yes;
61 IPV6_RPL_LWTUNNEL = yes;
62 # CONFIG_MPTCP is not set
63 # CONFIG_NETWORK_SECMARK is not set
64 NET_PTP_CLASSIFY = yes;
65 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
66 NETFILTER = yes;
67 NETFILTER_ADVANCED = yes;
68
69 #
70 # Core Netfilter Configuration
71 #
72 NETFILTER_INGRESS = yes;
73 NETFILTER_NETLINK = module;
74 NETFILTER_FAMILY_ARP = yes;
75 NETFILTER_NETLINK_HOOK = module;
76 NETFILTER_NETLINK_ACCT = module;
77 NETFILTER_NETLINK_QUEUE = module;
78 NETFILTER_NETLINK_LOG = module;
79 NETFILTER_NETLINK_OSF = module;
80 NF_CONNTRACK = module;
81 NF_LOG_SYSLOG = module;
82 NETFILTER_CONNCOUNT = module;
83 NF_CONNTRACK_MARK = yes;
84 NF_CONNTRACK_ZONES = yes;
85 NF_CONNTRACK_PROCFS = yes;
86 NF_CONNTRACK_EVENTS = yes;
87 NF_CONNTRACK_TIMEOUT = yes;
88 NF_CONNTRACK_TIMESTAMP = yes;
89 NF_CONNTRACK_LABELS = yes;
90 NF_CT_PROTO_DCCP = yes;
91 NF_CT_PROTO_SCTP = yes;
92 NF_CT_PROTO_UDPLITE = yes;
93 # CONFIG_NF_CONNTRACK_AMANDA is not set
94 # CONFIG_NF_CONNTRACK_FTP is not set
95 # CONFIG_NF_CONNTRACK_H323 is not set
96 # CONFIG_NF_CONNTRACK_IRC is not set
97 # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
98 # CONFIG_NF_CONNTRACK_SNMP is not set
99 # CONFIG_NF_CONNTRACK_PPTP is not set
100 # CONFIG_NF_CONNTRACK_SANE is not set
101 # CONFIG_NF_CONNTRACK_SIP is not set
102 # CONFIG_NF_CONNTRACK_TFTP is not set
103 NF_CT_NETLINK = module;
104 NF_CT_NETLINK_TIMEOUT = module;
105 NF_CT_NETLINK_HELPER = module;
106 NETFILTER_NETLINK_GLUE_CT = yes;
107 NF_NAT = module;
108 NF_NAT_REDIRECT = yes;
109 NF_NAT_MASQUERADE = yes;
110 NETFILTER_SYNPROXY = module;
111 NF_TABLES = module;
112 NF_TABLES_INET = yes;
113 NF_TABLES_NETDEV = yes;
114 NFT_NUMGEN = module;
115 NFT_CT = module;
116 NFT_COUNTER = module;
117 NFT_CONNLIMIT = module;
118 NFT_LOG = module;
119 NFT_LIMIT = module;
120 NFT_MASQ = module;
121 NFT_REDIR = module;
122 NFT_NAT = module;
123 NFT_TUNNEL = module;
124 NFT_OBJREF = module;
125 NFT_QUEUE = module;
126 NFT_QUOTA = module;
127 NFT_REJECT = module;
128 NFT_REJECT_INET = module;
129 NFT_COMPAT = module;
130 NFT_HASH = module;
131 NFT_FIB = module;
132 NFT_FIB_INET = module;
133 NFT_XFRM = module;
134 NFT_SOCKET = module;
135 NFT_OSF = module;
136 NFT_TPROXY = module;
137 NFT_SYNPROXY = module;
138 NF_DUP_NETDEV = module;
139 NFT_DUP_NETDEV = module;
140 NFT_FWD_NETDEV = module;
141 NFT_FIB_NETDEV = module;
142 NFT_REJECT_NETDEV = module;
143 # CONFIG_NF_FLOW_TABLE is not set
144 NETFILTER_XTABLES = module;
145
146 #
147 # Xtables combined modules
148 #
149 NETFILTER_XT_MARK = module;
150 NETFILTER_XT_CONNMARK = module;
151 NETFILTER_XT_SET = module;
152
153 #
154 # Xtables targets
155 #
156 NETFILTER_XT_TARGET_CHECKSUM = module;
157 NETFILTER_XT_TARGET_CLASSIFY = module;
158 NETFILTER_XT_TARGET_CONNMARK = module;
159 NETFILTER_XT_TARGET_CT = module;
160 NETFILTER_XT_TARGET_DSCP = module;
161 NETFILTER_XT_TARGET_HL = module;
162 NETFILTER_XT_TARGET_HMARK = module;
163 NETFILTER_XT_TARGET_IDLETIMER = module;
164 NETFILTER_XT_TARGET_LED = module;
165 NETFILTER_XT_TARGET_LOG = module;
166 NETFILTER_XT_TARGET_MARK = module;
167 NETFILTER_XT_NAT = module;
168 NETFILTER_XT_TARGET_NETMAP = module;
169 NETFILTER_XT_TARGET_NFLOG = module;
170 NETFILTER_XT_TARGET_NFQUEUE = module;
171 NETFILTER_XT_TARGET_NOTRACK = module;
172 NETFILTER_XT_TARGET_RATEEST = module;
173 NETFILTER_XT_TARGET_REDIRECT = module;
174 NETFILTER_XT_TARGET_MASQUERADE = module;
175 NETFILTER_XT_TARGET_TEE = module;
176 NETFILTER_XT_TARGET_TPROXY = module;
177 NETFILTER_XT_TARGET_TRACE = module;
178 NETFILTER_XT_TARGET_TCPMSS = module;
179 NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
180
181 #
182 # Xtables matches
183 #
184 NETFILTER_XT_MATCH_ADDRTYPE = module;
185 NETFILTER_XT_MATCH_BPF = module;
186 NETFILTER_XT_MATCH_CGROUP = module;
187 NETFILTER_XT_MATCH_CLUSTER = module;
188 NETFILTER_XT_MATCH_COMMENT = module;
189 NETFILTER_XT_MATCH_CONNBYTES = module;
190 NETFILTER_XT_MATCH_CONNLABEL = module;
191 NETFILTER_XT_MATCH_CONNLIMIT = module;
192 NETFILTER_XT_MATCH_CONNMARK = module;
193 NETFILTER_XT_MATCH_CONNTRACK = module;
194 NETFILTER_XT_MATCH_CPU = module;
195 NETFILTER_XT_MATCH_DCCP = module;
196 NETFILTER_XT_MATCH_DEVGROUP = module;
197 NETFILTER_XT_MATCH_DSCP = module;
198 NETFILTER_XT_MATCH_ECN = module;
199 NETFILTER_XT_MATCH_ESP = module;
200 NETFILTER_XT_MATCH_HASHLIMIT = module;
201 NETFILTER_XT_MATCH_HELPER = module;
202 NETFILTER_XT_MATCH_HL = module;
203 NETFILTER_XT_MATCH_IPCOMP = module;
204 NETFILTER_XT_MATCH_IPRANGE = module;
205 NETFILTER_XT_MATCH_L2TP = module;
206 NETFILTER_XT_MATCH_LENGTH = module;
207 NETFILTER_XT_MATCH_LIMIT = module;
208 NETFILTER_XT_MATCH_MAC = module;
209 NETFILTER_XT_MATCH_MARK = module;
210 NETFILTER_XT_MATCH_MULTIPORT = module;
211 NETFILTER_XT_MATCH_NFACCT = module;
212 NETFILTER_XT_MATCH_OSF = module;
213 NETFILTER_XT_MATCH_OWNER = module;
214 # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
215 NETFILTER_XT_MATCH_PKTTYPE = module;
216 NETFILTER_XT_MATCH_QUOTA = module;
217 NETFILTER_XT_MATCH_RATEEST = module;
218 NETFILTER_XT_MATCH_REALM = module;
219 NETFILTER_XT_MATCH_RECENT = module;
220 NETFILTER_XT_MATCH_SCTP = module;
221 NETFILTER_XT_MATCH_SOCKET = module;
222 NETFILTER_XT_MATCH_STATE = module;
223 NETFILTER_XT_MATCH_STATISTIC = module;
224 NETFILTER_XT_MATCH_STRING = module;
225 NETFILTER_XT_MATCH_TCPMSS = module;
226 NETFILTER_XT_MATCH_TIME = module;
227 NETFILTER_XT_MATCH_U32 = module;
228 # end of Core Netfilter Configuration
229
230 IP_SET = module;
231 IP_SET_MAX.freeform = "256";
232 IP_SET_BITMAP_IP = module;
233 IP_SET_BITMAP_IPMAC = module;
234 IP_SET_BITMAP_PORT = module;
235 IP_SET_HASH_IP = module;
236 IP_SET_HASH_IPMARK = module;
237 IP_SET_HASH_IPPORT = module;
238 IP_SET_HASH_IPPORTIP = module;
239 IP_SET_HASH_IPPORTNET = module;
240 IP_SET_HASH_IPMAC = module;
241 IP_SET_HASH_MAC = module;
242 IP_SET_HASH_NETPORTNET = module;
243 IP_SET_HASH_NET = module;
244 IP_SET_HASH_NETNET = module;
245 IP_SET_HASH_NETPORT = module;
246 IP_SET_HASH_NETIFACE = module;
247 IP_SET_LIST_SET = module;
248 # CONFIG_IP_VS is not set
249
250 #
251 # IP: Netfilter Configuration
252 #
253 NF_DEFRAG_IPV4 = module;
254 NF_SOCKET_IPV4 = module;
255 NF_TPROXY_IPV4 = module;
256 NF_TABLES_IPV4 = yes;
257 NFT_REJECT_IPV4 = module;
258 NFT_DUP_IPV4 = module;
259 NFT_FIB_IPV4 = module;
260 # CONFIG_NF_TABLES_ARP is not set
261 NF_DUP_IPV4 = module;
262 # CONFIG_NF_LOG_ARP is not set
263 # CONFIG_NF_LOG_IPV4 is not set
264 NF_REJECT_IPV4 = module;
265 IP_NF_IPTABLES = module;
266 IP_NF_MATCH_AH = module;
267 IP_NF_MATCH_ECN = module;
268 IP_NF_MATCH_RPFILTER = module;
269 IP_NF_MATCH_TTL = module;
270 IP_NF_FILTER = module;
271 IP_NF_TARGET_REJECT = module;
272 IP_NF_TARGET_SYNPROXY = module;
273 IP_NF_NAT = module;
274 IP_NF_TARGET_MASQUERADE = module;
275 IP_NF_TARGET_NETMAP = module;
276 IP_NF_TARGET_REDIRECT = module;
277 IP_NF_MANGLE = module;
278 IP_NF_TARGET_CLUSTERIP = module;
279 IP_NF_TARGET_ECN = module;
280 IP_NF_TARGET_TTL = module;
281 # CONFIG_IP_NF_RAW is not set
282 # CONFIG_IP_NF_ARPTABLES is not set
283 # end of IP: Netfilter Configuration
284
285 #
286 # IPv6: Netfilter Configuration
287 #
288 NF_SOCKET_IPV6 = module;
289 NF_TPROXY_IPV6 = module;
290 NF_TABLES_IPV6 = yes;
291 NFT_REJECT_IPV6 = module;
292 NFT_DUP_IPV6 = module;
293 NFT_FIB_IPV6 = module;
294 NF_DUP_IPV6 = module;
295 NF_REJECT_IPV6 = module;
296 NF_LOG_IPV6 = module;
297 IP6_NF_IPTABLES = module;
298 IP6_NF_MATCH_AH = module;
299 IP6_NF_MATCH_EUI64 = module;
300 IP6_NF_MATCH_FRAG = module;
301 IP6_NF_MATCH_OPTS = module;
302 IP6_NF_MATCH_HL = module;
303 IP6_NF_MATCH_IPV6HEADER = module;
304 IP6_NF_MATCH_MH = module;
305 IP6_NF_MATCH_RPFILTER = module;
306 IP6_NF_MATCH_RT = module;
307 IP6_NF_MATCH_SRH = module;
308 IP6_NF_TARGET_HL = module;
309 IP6_NF_FILTER = module;
310 IP6_NF_TARGET_REJECT = module;
311 IP6_NF_TARGET_SYNPROXY = module;
312 IP6_NF_MANGLE = module;
313 IP6_NF_RAW = module;
314 IP6_NF_NAT = module;
315 IP6_NF_TARGET_MASQUERADE = module;
316 IP6_NF_TARGET_NPT = module;
317 # end of IPv6: Netfilter Configuration
318
319 NF_DEFRAG_IPV6 = module;
320
321 #
322 # Disabling
323 #
324 ADFS_FS = no;
325 AFFS_FS = no;
326 BEFS_FS = no;
327 BFS_FS = no;
328 BTRFS = no;
329 BTRFS_FS = no;
330 CEPH_FS = no;
331 CIFS = no;
332 CRAMFS = no;
333 ECRYPT_FS = no;
334 EFS_FS = no;
335 EROFS_FS = no;
336 EXT2_FS = no;
337 EXT3_FS = no;
338 F2FS_FS = lib.mkForce no;
339 GFS2_FS = no;
340 HFSPLUS_FS = no;
341 HFS_FS = no;
342 HPFS_FS = no;
343 JFS_FS = no;
344 MINIX_FS = no;
345 NET_9P = no;
346 NFSD = no;
347 NFS_FS = no;
348 NILFS2_FS = no;
349 OMFS_FS = no;
350 ORANGEFS_FS = no;
351 QNX4FS_FS = no;
352 QNX6FS_FS = no;
353 REISERFS_FS = no;
354 ROMFS_FS = no;
355 SQUASHFS = no;
356 SYSV_FS = no;
357 UFS_FS = no;
358 VXFS_FS = no;
359 XFS_FS = no;
360
361 MISC_FILESYSTEMS = no;
362
363 DECNET = no;
364 SCTP = no;
365 RDS = no;
366 DCCP = no;
367 TIPC = no;
368 CAIF = no;
369 CEPH = no;
370 VMW_SOCK = no;
371 HSR = no;
372 QRTR = no;
373 MPI = no;
374 RAID6 = no;
375 STAGING = lib.mkForce no;
376
377 "6LOWPAN" = no;
378 ARCNET = no;
379 B53 = no;
380 BATMAN_ADV = no;
381 BT = no;
382 CAN = no;
383 COMEDI = no;
384 DRM_STM = lib.mkForce no;
385 INFINIBAND = no;
386 INPUT_TOUCHSCREEN = no;
387 MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
388 MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
389 MEDIA_TUNER = no;
390 MPLS = no;
391 MPTCP = lib.mkForce no;
392 NFC = no;
393 NF_TABLES_BRIDGE = lib.mkForce no;
394 NVME = no;
395 OPENVSWITCH = no;
396 PARAVIRT = lib.mkForce no;
397 POWER_SUPPLY = no;
398 USB_GSPCA = lib.mkForce no;
399 VIDEO_STK1160_COMMON = lib.mkForce no;
400 XEN = lib.mkForce no;
401 #NVME_CORE = no;
402 };
403 #ignoreConfigErrors = true;
404 };
405 });
406 })
407 ];
408 boot.cleanTmpDir = true;
409 boot.tmpOnTmpfs = lib.mkForce false;
410 # TODO: is that needed?
411 hardware.enableRedistributableFirmware = true;
412 sdImage = {
413 postBuildCommands = ''
414 dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
415 '';
416 compressImage = true;
417 expandOnBoot = true;
418 firmwareSize = 1;
419 populateFirmwareCommands = lib.mkForce "";
420 };
421 boot.initrd.availableKernelModules = lib.mkForce [
422 "mmc_block"
423 "usbhid"
424 "hid_generic"
425 "hid_microsoft"
426 ];
427 # nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
428 boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
429 }
NixOS configurations for Sourcephile's infrastructure