]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/profiles/hardware/cubieboard2.nix
openssh: disable passwordAuthentication by default
[sourcephile-nix.git] / nixos / profiles / hardware / cubieboard2.nix
1 { pkgs, lib, config, host, modulesPath, ... }:
2 {
3 imports = [
4 "${modulesPath}/installer/sd-card/sd-image.nix"
5 ];
6
7 # Too CPU hungry for this hardware, for too little Mio saved
8 nix.autoOptimiseStore = false;
9
10 powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
11
12 boot.supportedFilesystems = [
13 #"btrfs"
14 #"reiserfs"
15 "vfat"
16 #"f2fs"
17 #"xfs"
18 #"zfs" # ZFS tools coredump with SIGSEGV
19 #"ntfs"
20 #"cifs"
21 ];
22
23 # The serial ports listed here are:
24 # - ttyS0: for Tegra (Jetson TK1)
25 # - ttymxc0: for i.MX6 (Wandboard)
26 # - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
27 # - ttyO0: for OMAP (BeagleBone Black)
28 # - ttySAC2: for Exynos (ODROID-XU3)
29 boot.consoleLogLevel = lib.mkDefault 7;
30 boot.kernelParams = [
31 "console=ttyS0,115200n8"
32 "console=ttymxc0,115200n8"
33 "console=ttyAMA0,115200n8"
34 "console=ttyO0,115200n8"
35 "console=ttySAC2,115200n8"
36 "console=tty0"
37 ];
38
39 #nixpkgs.config.allowUnfree = true;
40 nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
41 nixpkgs.overlays = [
42 (final: super: {
43 # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
44 mesa = super.mesa.override {
45 driDrivers = [];
46 eglPlatforms = ["x11"];
47 enableGalliumNine = false;
48 galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"];
49 vulkanDrivers = [];
50 };
51 })
52 (final: super: {
53 linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kfinal: ksuper: {
54 kernel = ksuper.kernel.override {
55 defconfig = "sunxi_defconfig";
56 structuredExtraConfig = with lib.kernel; {
57 # Workaround https://github.com/NixOS/nixpkgs/pull/141942#issuecomment-954301443
58 DEBUG_INFO = lib.mkForce no;
59 DEBUG_INFO_BTF = lib.mkForce no;
60 SUSPEND = no;
61 PM = no;
62 PM_SLEEP = no;
63 NVME_CORE = no;
64 TORTURE_TEST = no; # TODO: check if it's possible
65 USB_SERIAL_CH341 = module;
66 USB_SERIAL_PL2303 = module;
67 REGULATOR = lib.mkForce no;
68 MFD_CORE = no;
69
70 #
71 # File systems
72 #
73 EXT4_FS = yes;
74 EXT4_USE_FOR_EXT2 = yes;
75 FUSE_FS = module;
76 PSTORE = yes;
77 CONFIGFS_FS = module;
78 VFAT_FS = yes;
79 ZSWAP = yes;
80
81 # misc
82 DAX = module;
83 DRM_DISPLAY_CONNECTOR = module;
84 FB_SIMPLE = lib.mkForce module;
85 NET_SCH_CODEL = module;
86 NET_SCH_FQ_CODEL = module;
87 UIO = module;
88
89 # Sound options
90 SND_SOC_ADI = no;
91 SND_SOC_ADI_AXI_I2S = no;
92 SND_SOC_ADI_AXI_SPDIF = no;
93 SND_SOC_AMD_ACP = no;
94 SND_SOC_AMD_CZ_RT5645_MACH = no;
95 SND_ATMEL_SOC = no;
96 SND_SOC_MIKROE_PROTO = no;
97 SND_BCM63XX_I2S_WHISTLER = no;
98 SND_DESIGNWARE_I2S = no;
99 SND_SOC_FSL_ASRC = no;
100 SND_SOC_FSL_SAI = no;
101 SND_SOC_FSL_MQS = no;
102 SND_SOC_FSL_AUDMIX = no;
103 SND_SOC_FSL_SSI = no;
104 SND_SOC_FSL_SPDIF = no;
105 SND_SOC_FSL_ESAI = no;
106 SND_SOC_FSL_MICFIL = no;
107 SND_SOC_FSL_EASRC = no;
108 SND_SOC_FSL_XCVR = no;
109 SND_SOC_FSL_RPMSG = no;
110 SND_SOC_IMX_AUDMUX = no;
111 SND_I2S_HI6210_I2S = no;
112 SND_SOC_MTK_BTCVSD = no;
113 SND_SOC_XILINX_I2S = no;
114 SND_SOC_XILINX_AUDIO_FORMATTER = no;
115 SND_SOC_XILINX_SPDIF = no;
116 SND_SOC_XTFPGA_I2S = no;
117 SND_SOC_AC97_CODEC = no;
118 SND_SOC_ADAU_UTILS = no;
119 SND_SOC_ADAU1372 = no;
120 SND_SOC_ADAU1372_I2C = no;
121 SND_SOC_ADAU1372_SPI = no;
122 SND_SOC_ADAU1701 = no;
123 SND_SOC_ADAU17X1 = no;
124 SND_SOC_ADAU1761 = no;
125 SND_SOC_ADAU1761_I2C = no;
126 SND_SOC_ADAU1761_SPI = no;
127 SND_SOC_ADAU7002 = no;
128 SND_SOC_ADAU7118 = no;
129 SND_SOC_ADAU7118_HW = no;
130 SND_SOC_ADAU7118_I2C = no;
131 SND_SOC_AK4104 = no;
132 SND_SOC_AK4118 = no;
133 SND_SOC_AK4458 = no;
134 SND_SOC_AK4554 = no;
135 SND_SOC_AK4613 = no;
136 SND_SOC_AK4642 = no;
137 SND_SOC_AK5386 = no;
138 SND_SOC_AK5558 = no;
139 SND_SOC_ALC5623 = no;
140 SND_SOC_BD28623 = no;
141 SND_SOC_BT_SCO = no;
142 SND_SOC_CPCAP = no;
143 SND_SOC_CS35L32 = no;
144 SND_SOC_CS35L33 = no;
145 SND_SOC_CS35L34 = no;
146 SND_SOC_CS35L35 = no;
147 SND_SOC_CS35L36 = no;
148 SND_SOC_CS42L42 = no;
149 SND_SOC_CS42L51 = no;
150 SND_SOC_CS42L51_I2C = no;
151 SND_SOC_CS42L52 = no;
152 SND_SOC_CS42L56 = no;
153 SND_SOC_CS42L73 = no;
154 SND_SOC_CS4234 = no;
155 SND_SOC_CS4265 = no;
156 SND_SOC_CS4270 = no;
157 SND_SOC_CS4271 = no;
158 SND_SOC_CS4271_I2C = no;
159 SND_SOC_CS4271_SPI = no;
160 SND_SOC_CS42XX8 = no;
161 SND_SOC_CS42XX8_I2C = no;
162 SND_SOC_CS43130 = no;
163 SND_SOC_CS4341 = no;
164 SND_SOC_CS4349 = no;
165 SND_SOC_CS53L30 = no;
166 SND_SOC_CX2072X = no;
167 SND_SOC_DA7213 = no;
168 SND_SOC_DMIC = no;
169 SND_SOC_HDMI_CODEC = no;
170 SND_SOC_ES7134 = no;
171 SND_SOC_ES7241 = no;
172 SND_SOC_ES8316 = no;
173 SND_SOC_ES8328 = no;
174 SND_SOC_ES8328_I2C = no;
175 SND_SOC_ES8328_SPI = no;
176 SND_SOC_GTM601 = no;
177 SND_SOC_INNO_RK3036 = no;
178 SND_SOC_MAX98088 = no;
179 SND_SOC_MAX98357A = no;
180 SND_SOC_MAX98504 = no;
181 SND_SOC_MAX9867 = no;
182 SND_SOC_MAX98927 = no;
183 SND_SOC_MAX98373 = no;
184 SND_SOC_MAX98373_I2C = no;
185 SND_SOC_MAX98373_SDW = no;
186 SND_SOC_MAX98390 = no;
187 SND_SOC_MAX9860 = no;
188 SND_SOC_MSM8916_WCD_ANALOG = no;
189 SND_SOC_MSM8916_WCD_DIGITAL = no;
190 SND_SOC_PCM1681 = no;
191 SND_SOC_PCM1789 = no;
192 SND_SOC_PCM1789_I2C = no;
193 SND_SOC_PCM179X = no;
194 SND_SOC_PCM179X_I2C = no;
195 SND_SOC_PCM179X_SPI = no;
196 SND_SOC_PCM186X = no;
197 SND_SOC_PCM186X_I2C = no;
198 SND_SOC_PCM186X_SPI = no;
199 SND_SOC_PCM3060 = no;
200 SND_SOC_PCM3060_I2C = no;
201 SND_SOC_PCM3060_SPI = no;
202 SND_SOC_PCM3168A = no;
203 SND_SOC_PCM3168A_I2C = no;
204 SND_SOC_PCM3168A_SPI = no;
205 SND_SOC_PCM5102A = no;
206 SND_SOC_PCM512x = no;
207 SND_SOC_PCM512x_I2C = no;
208 SND_SOC_PCM512x_SPI = no;
209 SND_SOC_RK3328 = no;
210 SND_SOC_RK817 = no;
211 SND_SOC_RL6231 = no;
212 SND_SOC_RT1308_SDW = no;
213 SND_SOC_RT1316_SDW = no;
214 SND_SOC_RT5616 = no;
215 SND_SOC_RT5631 = no;
216 SND_SOC_RT5640 = no;
217 SND_SOC_RT5645 = no;
218 SND_SOC_RT5659 = no;
219 SND_SOC_RT5682 = no;
220 SND_SOC_RT5682_SDW = no;
221 SND_SOC_RT700 = no;
222 SND_SOC_RT700_SDW = no;
223 SND_SOC_RT711 = no;
224 SND_SOC_RT711_SDW = no;
225 SND_SOC_RT711_SDCA_SDW = no;
226 SND_SOC_RT715 = no;
227 SND_SOC_RT715_SDW = no;
228 SND_SOC_RT715_SDCA_SDW = no;
229 SND_SOC_SGTL5000 = no;
230 SND_SOC_SIGMADSP = no;
231 SND_SOC_SIGMADSP_I2C = no;
232 SND_SOC_SIGMADSP_REGMAP = no;
233 SND_SOC_SIMPLE_AMPLIFIER = no;
234 SND_SOC_SIMPLE_MUX = no;
235 SND_SOC_SPDIF = no;
236 SND_SOC_SSM2305 = no;
237 SND_SOC_SSM2518 = no;
238 SND_SOC_SSM2602 = no;
239 SND_SOC_SSM2602_SPI = no;
240 SND_SOC_SSM2602_I2C = no;
241 SND_SOC_SSM4567 = no;
242 SND_SOC_STA32X = no;
243 SND_SOC_STA350 = no;
244 SND_SOC_STI_SAS = no;
245 SND_SOC_TAS2552 = no;
246 SND_SOC_TAS2562 = no;
247 SND_SOC_TAS2764 = no;
248 SND_SOC_TAS2770 = no;
249 SND_SOC_TAS5086 = no;
250 SND_SOC_TAS571X = no;
251 SND_SOC_TAS5720 = no;
252 SND_SOC_TAS6424 = no;
253 SND_SOC_TDA7419 = no;
254 SND_SOC_TFA9879 = no;
255 SND_SOC_TFA989X = no;
256 SND_SOC_TLV320AIC23 = no;
257 SND_SOC_TLV320AIC23_I2C = no;
258 SND_SOC_TLV320AIC23_SPI = no;
259 SND_SOC_TLV320AIC31XX = no;
260 SND_SOC_TLV320AIC32X4 = no;
261 SND_SOC_TLV320AIC32X4_I2C = no;
262 SND_SOC_TLV320AIC32X4_SPI = no;
263 SND_SOC_TLV320AIC3X = no;
264 SND_SOC_TLV320AIC3X_I2C = no;
265 SND_SOC_TLV320AIC3X_SPI = no;
266 SND_SOC_TLV320ADCX140 = no;
267 SND_SOC_TS3A227E = no;
268 SND_SOC_TSCS42XX = no;
269 SND_SOC_TSCS454 = no;
270 SND_SOC_UDA1334 = no;
271 SND_SOC_WCD9335 = no;
272 SND_SOC_WCD_MBHC = no;
273 SND_SOC_WCD934X = no;
274 SND_SOC_WCD938X = no;
275 SND_SOC_WCD938X_SDW = no;
276 SND_SOC_WM8510 = no;
277 SND_SOC_WM8523 = no;
278 SND_SOC_WM8524 = no;
279 SND_SOC_WM8580 = no;
280 SND_SOC_WM8711 = no;
281 SND_SOC_WM8728 = no;
282 SND_SOC_WM8731 = no;
283 SND_SOC_WM8737 = no;
284 SND_SOC_WM8741 = no;
285 SND_SOC_WM8750 = no;
286 SND_SOC_WM8753 = no;
287 SND_SOC_WM8770 = no;
288 SND_SOC_WM8776 = no;
289 SND_SOC_WM8782 = no;
290 SND_SOC_WM8804 = no;
291 SND_SOC_WM8804_I2C = no;
292 SND_SOC_WM8804_SPI = no;
293 SND_SOC_WM8903 = no;
294 SND_SOC_WM8904 = no;
295 SND_SOC_WM8960 = no;
296 SND_SOC_WM8962 = no;
297 SND_SOC_WM8974 = no;
298 SND_SOC_WM8978 = no;
299 SND_SOC_WM8985 = no;
300 SND_SOC_WSA881X = no;
301 SND_SOC_ZL38060 = no;
302 SND_SOC_MAX9759 = no;
303 SND_SOC_MT6351 = no;
304 SND_SOC_MT6358 = no;
305 SND_SOC_MT6660 = no;
306 SND_SOC_NAU8315 = no;
307 SND_SOC_NAU8540 = no;
308 SND_SOC_NAU8810 = no;
309 SND_SOC_NAU8822 = no;
310 SND_SOC_NAU8824 = no;
311 SND_SOC_TPA6130A2 = no;
312 SND_SOC_LPASS_WSA_MACRO = no;
313 SND_SOC_LPASS_VA_MACRO = no;
314 SND_SOC_LPASS_RX_MACRO = no;
315 SND_SOC_LPASS_TX_MACRO = no;
316 SND_SIMPLE_CARD_UTILS = no;
317 SND_SIMPLE_CARD = no;
318 SND_AUDIO_GRAPH_CARD = no;
319 SND_VIRTIO = no;
320 MOST_SND = no;
321
322 #
323 # Networking options
324 #
325 TCP_CONG_BBR = module;
326 #PPP = no;
327 #PPP_MULTILINK = lib.mkForce no;
328 #PPP_FILTER = lib.mkForce no;
329 #PPPOE = no;
330 NET_DSA = no;
331 L2TP = no;
332 PARPORT = no;
333 PARIDE = no;
334 CDROM = no;
335 GPIOLIB = no;
336 NEW_LEDS = no;
337 #LEDS_CLASS = no;
338
339 IPV6 = yes;
340 IPV6_ROUTER_PREF = yes;
341 IPV6_ROUTE_INFO = yes;
342 IPV6_OPTIMISTIC_DAD = yes;
343 INET6_AH = module;
344 INET6_ESP = module;
345 INET6_ESP_OFFLOAD = module;
346 INET6_ESPINTCP = yes;
347 INET6_IPCOMP = module;
348 IPV6_MIP6 = module;
349 IPV6_ILA = module;
350 INET6_XFRM_TUNNEL = module;
351 INET6_TUNNEL = module;
352 IPV6_VTI = module;
353 IPV6_SIT = module;
354 IPV6_SIT_6RD = yes;
355 IPV6_NDISC_NODETYPE = yes;
356 IPV6_TUNNEL = module;
357 IPV6_MULTIPLE_TABLES = yes;
358 IPV6_SUBTREES = yes;
359 IPV6_MROUTE = yes;
360 IPV6_MROUTE_MULTIPLE_TABLES = yes;
361 IPV6_PIMSM_V2 = yes;
362 IPV6_SEG6_LWTUNNEL = yes;
363 IPV6_SEG6_HMAC = yes;
364 IPV6_RPL_LWTUNNEL = yes;
365 # CONFIG_MPTCP is not set
366 # CONFIG_NETWORK_SECMARK is not set
367 NET_PTP_CLASSIFY = yes;
368 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
369 NETFILTER = yes;
370 NETFILTER_ADVANCED = yes;
371
372 #
373 # Core Netfilter Configuration
374 #
375 NETFILTER_INGRESS = yes;
376 NETFILTER_NETLINK = module;
377 NETFILTER_FAMILY_ARP = yes;
378 NETFILTER_NETLINK_HOOK = module;
379 NETFILTER_NETLINK_ACCT = module;
380 NETFILTER_NETLINK_QUEUE = module;
381 NETFILTER_NETLINK_LOG = module;
382 NETFILTER_NETLINK_OSF = module;
383 NF_CONNTRACK = module;
384 NF_LOG_SYSLOG = module;
385 NETFILTER_CONNCOUNT = module;
386 NF_CONNTRACK_MARK = yes;
387 NF_CONNTRACK_ZONES = yes;
388 NF_CONNTRACK_PROCFS = yes;
389 NF_CONNTRACK_EVENTS = yes;
390 NF_CONNTRACK_TIMEOUT = yes;
391 NF_CONNTRACK_TIMESTAMP = yes;
392 NF_CONNTRACK_LABELS = yes;
393 NF_CT_PROTO_DCCP = yes;
394 NF_CT_PROTO_SCTP = yes;
395 NF_CT_PROTO_UDPLITE = yes;
396 # CONFIG_NF_CONNTRACK_AMANDA is not set
397 # CONFIG_NF_CONNTRACK_FTP is not set
398 # CONFIG_NF_CONNTRACK_H323 is not set
399 # CONFIG_NF_CONNTRACK_IRC is not set
400 # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
401 # CONFIG_NF_CONNTRACK_SNMP is not set
402 # CONFIG_NF_CONNTRACK_PPTP is not set
403 # CONFIG_NF_CONNTRACK_SANE is not set
404 # CONFIG_NF_CONNTRACK_SIP is not set
405 # CONFIG_NF_CONNTRACK_TFTP is not set
406 NF_CT_NETLINK = module;
407 NF_CT_NETLINK_TIMEOUT = module;
408 NF_CT_NETLINK_HELPER = module;
409 NETFILTER_NETLINK_GLUE_CT = yes;
410 NF_NAT = module;
411 NF_NAT_REDIRECT = yes;
412 NF_NAT_MASQUERADE = yes;
413 NETFILTER_SYNPROXY = module;
414 NF_TABLES = module;
415 NF_TABLES_INET = yes;
416 NF_TABLES_NETDEV = yes;
417 NFT_NUMGEN = module;
418 NFT_CT = module;
419 NFT_COUNTER = module;
420 NFT_CONNLIMIT = module;
421 NFT_LOG = module;
422 NFT_LIMIT = module;
423 NFT_MASQ = module;
424 NFT_REDIR = module;
425 NFT_NAT = module;
426 NFT_TUNNEL = module;
427 NFT_OBJREF = module;
428 NFT_QUEUE = module;
429 NFT_QUOTA = module;
430 NFT_REJECT = module;
431 NFT_REJECT_INET = module;
432 NFT_COMPAT = module;
433 NFT_HASH = module;
434 NFT_FIB = module;
435 NFT_FIB_INET = module;
436 NFT_XFRM = module;
437 NFT_SOCKET = module;
438 NFT_OSF = module;
439 NFT_TPROXY = module;
440 NFT_SYNPROXY = module;
441 NF_DUP_NETDEV = module;
442 NFT_DUP_NETDEV = module;
443 NFT_FWD_NETDEV = module;
444 NFT_FIB_NETDEV = module;
445 NFT_REJECT_NETDEV = module;
446 # CONFIG_NF_FLOW_TABLE is not set
447 NETFILTER_XTABLES = module;
448
449 #
450 # Xtables combined modules
451 #
452 NETFILTER_XT_MARK = module;
453 NETFILTER_XT_CONNMARK = module;
454 NETFILTER_XT_SET = module;
455
456 #
457 # Xtables targets
458 #
459 NETFILTER_XT_TARGET_CHECKSUM = module;
460 NETFILTER_XT_TARGET_CLASSIFY = module;
461 NETFILTER_XT_TARGET_CONNMARK = module;
462 NETFILTER_XT_TARGET_CT = module;
463 NETFILTER_XT_TARGET_DSCP = module;
464 NETFILTER_XT_TARGET_HL = module;
465 NETFILTER_XT_TARGET_HMARK = module;
466 NETFILTER_XT_TARGET_IDLETIMER = module;
467 NETFILTER_XT_TARGET_LED = module;
468 NETFILTER_XT_TARGET_LOG = module;
469 NETFILTER_XT_TARGET_MARK = module;
470 NETFILTER_XT_NAT = module;
471 NETFILTER_XT_TARGET_NETMAP = module;
472 NETFILTER_XT_TARGET_NFLOG = module;
473 NETFILTER_XT_TARGET_NFQUEUE = module;
474 NETFILTER_XT_TARGET_NOTRACK = module;
475 NETFILTER_XT_TARGET_RATEEST = module;
476 NETFILTER_XT_TARGET_REDIRECT = module;
477 NETFILTER_XT_TARGET_MASQUERADE = module;
478 NETFILTER_XT_TARGET_TEE = module;
479 NETFILTER_XT_TARGET_TPROXY = module;
480 NETFILTER_XT_TARGET_TRACE = module;
481 NETFILTER_XT_TARGET_TCPMSS = module;
482 NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
483
484 #
485 # Xtables matches
486 #
487 NETFILTER_XT_MATCH_ADDRTYPE = module;
488 NETFILTER_XT_MATCH_BPF = module;
489 NETFILTER_XT_MATCH_CGROUP = module;
490 NETFILTER_XT_MATCH_CLUSTER = module;
491 NETFILTER_XT_MATCH_COMMENT = module;
492 NETFILTER_XT_MATCH_CONNBYTES = module;
493 NETFILTER_XT_MATCH_CONNLABEL = module;
494 NETFILTER_XT_MATCH_CONNLIMIT = module;
495 NETFILTER_XT_MATCH_CONNMARK = module;
496 NETFILTER_XT_MATCH_CONNTRACK = module;
497 NETFILTER_XT_MATCH_CPU = module;
498 NETFILTER_XT_MATCH_DCCP = module;
499 NETFILTER_XT_MATCH_DEVGROUP = module;
500 NETFILTER_XT_MATCH_DSCP = module;
501 NETFILTER_XT_MATCH_ECN = module;
502 NETFILTER_XT_MATCH_ESP = module;
503 NETFILTER_XT_MATCH_HASHLIMIT = module;
504 NETFILTER_XT_MATCH_HELPER = module;
505 NETFILTER_XT_MATCH_HL = module;
506 NETFILTER_XT_MATCH_IPCOMP = module;
507 NETFILTER_XT_MATCH_IPRANGE = module;
508 NETFILTER_XT_MATCH_L2TP = module;
509 NETFILTER_XT_MATCH_LENGTH = module;
510 NETFILTER_XT_MATCH_LIMIT = module;
511 NETFILTER_XT_MATCH_MAC = module;
512 NETFILTER_XT_MATCH_MARK = module;
513 NETFILTER_XT_MATCH_MULTIPORT = module;
514 NETFILTER_XT_MATCH_NFACCT = module;
515 NETFILTER_XT_MATCH_OSF = module;
516 NETFILTER_XT_MATCH_OWNER = module;
517 # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
518 NETFILTER_XT_MATCH_PKTTYPE = module;
519 NETFILTER_XT_MATCH_QUOTA = module;
520 NETFILTER_XT_MATCH_RATEEST = module;
521 NETFILTER_XT_MATCH_REALM = module;
522 NETFILTER_XT_MATCH_RECENT = module;
523 NETFILTER_XT_MATCH_SCTP = module;
524 NETFILTER_XT_MATCH_SOCKET = module;
525 NETFILTER_XT_MATCH_STATE = module;
526 NETFILTER_XT_MATCH_STATISTIC = module;
527 NETFILTER_XT_MATCH_STRING = module;
528 NETFILTER_XT_MATCH_TCPMSS = module;
529 NETFILTER_XT_MATCH_TIME = module;
530 NETFILTER_XT_MATCH_U32 = module;
531 # end of Core Netfilter Configuration
532
533 IP_SET = module;
534 IP_SET_MAX.freeform = "256";
535 IP_SET_BITMAP_IP = module;
536 IP_SET_BITMAP_IPMAC = module;
537 IP_SET_BITMAP_PORT = module;
538 IP_SET_HASH_IP = module;
539 IP_SET_HASH_IPMARK = module;
540 IP_SET_HASH_IPPORT = module;
541 IP_SET_HASH_IPPORTIP = module;
542 IP_SET_HASH_IPPORTNET = module;
543 IP_SET_HASH_IPMAC = module;
544 IP_SET_HASH_MAC = module;
545 IP_SET_HASH_NETPORTNET = module;
546 IP_SET_HASH_NET = module;
547 IP_SET_HASH_NETNET = module;
548 IP_SET_HASH_NETPORT = module;
549 IP_SET_HASH_NETIFACE = module;
550 IP_SET_LIST_SET = module;
551 # CONFIG_IP_VS is not set
552
553 #
554 # IP: Netfilter Configuration
555 #
556 NF_DEFRAG_IPV4 = module;
557 NF_SOCKET_IPV4 = module;
558 NF_TPROXY_IPV4 = module;
559 NF_TABLES_IPV4 = yes;
560 NFT_REJECT_IPV4 = module;
561 NFT_DUP_IPV4 = module;
562 NFT_FIB_IPV4 = module;
563 # CONFIG_NF_TABLES_ARP is not set
564 NF_DUP_IPV4 = module;
565 # CONFIG_NF_LOG_ARP is not set
566 # CONFIG_NF_LOG_IPV4 is not set
567 NF_REJECT_IPV4 = module;
568 IP_NF_IPTABLES = module;
569 IP_NF_MATCH_AH = module;
570 IP_NF_MATCH_ECN = module;
571 IP_NF_MATCH_RPFILTER = module;
572 IP_NF_MATCH_TTL = module;
573 IP_NF_FILTER = module;
574 IP_NF_TARGET_REJECT = module;
575 IP_NF_TARGET_SYNPROXY = module;
576 IP_NF_NAT = module;
577 IP_NF_TARGET_MASQUERADE = module;
578 IP_NF_TARGET_NETMAP = module;
579 IP_NF_TARGET_REDIRECT = module;
580 IP_NF_MANGLE = module;
581 IP_NF_TARGET_CLUSTERIP = module;
582 IP_NF_TARGET_ECN = module;
583 IP_NF_TARGET_TTL = module;
584 # CONFIG_IP_NF_RAW is not set
585 # CONFIG_IP_NF_ARPTABLES is not set
586 # end of IP: Netfilter Configuration
587
588 #
589 # IPv6: Netfilter Configuration
590 #
591 NF_SOCKET_IPV6 = module;
592 NF_TPROXY_IPV6 = module;
593 NF_TABLES_IPV6 = yes;
594 NFT_REJECT_IPV6 = module;
595 NFT_DUP_IPV6 = module;
596 NFT_FIB_IPV6 = module;
597 NF_DUP_IPV6 = module;
598 NF_REJECT_IPV6 = module;
599 NF_LOG_IPV6 = module;
600 IP6_NF_IPTABLES = module;
601 IP6_NF_MATCH_AH = module;
602 IP6_NF_MATCH_EUI64 = module;
603 IP6_NF_MATCH_FRAG = module;
604 IP6_NF_MATCH_OPTS = module;
605 IP6_NF_MATCH_HL = module;
606 IP6_NF_MATCH_IPV6HEADER = module;
607 IP6_NF_MATCH_MH = module;
608 IP6_NF_MATCH_RPFILTER = module;
609 IP6_NF_MATCH_RT = module;
610 IP6_NF_MATCH_SRH = module;
611 IP6_NF_TARGET_HL = module;
612 IP6_NF_FILTER = module;
613 IP6_NF_TARGET_REJECT = module;
614 IP6_NF_TARGET_SYNPROXY = module;
615 IP6_NF_MANGLE = module;
616 IP6_NF_RAW = module;
617 IP6_NF_NAT = module;
618 IP6_NF_TARGET_MASQUERADE = module;
619 IP6_NF_TARGET_NPT = module;
620 # end of IPv6: Netfilter Configuration
621
622 NF_DEFRAG_IPV6 = module;
623
624 #
625 # Disabling
626 #
627 ADFS_FS = no;
628 AFFS_FS = no;
629 BEFS_FS = no;
630 BFS_FS = no;
631 BTRFS = no;
632 BTRFS_FS = no;
633 CEPH_FS = no;
634 CIFS = no;
635 CRAMFS = no;
636 ECRYPT_FS = no;
637 EFS_FS = no;
638 EROFS_FS = no;
639 EXT2_FS = no;
640 EXT3_FS = no;
641 F2FS_FS = lib.mkForce no;
642 GFS2_FS = no;
643 HFSPLUS_FS = no;
644 HFS_FS = no;
645 HPFS_FS = no;
646 JFS_FS = no;
647 MINIX_FS = no;
648 NET_9P = no;
649 NFSD = no;
650 NFS_FS = no;
651 NILFS2_FS = no;
652 OMFS_FS = no;
653 ORANGEFS_FS = no;
654 QNX4FS_FS = no;
655 QNX6FS_FS = no;
656 REISERFS_FS = no;
657 ROMFS_FS = no;
658 SQUASHFS = no;
659 SYSV_FS = no;
660 UFS_FS = no;
661 VXFS_FS = no;
662 XFS_FS = no;
663
664 MISC_FILESYSTEMS = no;
665
666 DECNET = no;
667 SCTP = no;
668 RDS = no;
669 DCCP = no;
670 TIPC = no;
671 CAIF = no;
672 CEPH = no;
673 VMW_SOCK = no;
674 HSR = no;
675 QRTR = no;
676 MPI = no;
677 RAID6 = no;
678 STAGING = lib.mkForce no;
679
680 "6LOWPAN" = no;
681 ARCNET = no;
682 B53 = no;
683 BATMAN_ADV = no;
684 BT = no;
685 CAN = no;
686 COMEDI = no;
687 DRM_STM = lib.mkForce no;
688 DRM_PANEL = lib.mkForce no;
689
690 DRM_BRIDGE = no;
691 DRM_PANEL_BRIDGE = no;
692 DRM_CDNS_DSI = no;
693 DRM_CHIPONE_ICN6211 = no;
694 DRM_CHRONTEL_CH7033 = no;
695 #DRM_DISPLAY_CONNECTOR = no;
696 DRM_LONTIUM_LT8912B = no;
697 DRM_LONTIUM_LT9611 = no;
698 DRM_LONTIUM_LT9611UXC = no;
699 DRM_ITE_IT66121 = no;
700 DRM_LVDS_CODEC = no;
701 DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW = no;
702 DRM_NWL_MIPI_DSI = no;
703 DRM_NXP_PTN3460 = no;
704 DRM_PARADE_PS8622 = no;
705 DRM_PARADE_PS8640 = no;
706 DRM_SIL_SII8620 = no;
707 DRM_SII902X = no;
708 DRM_SII9234 = no;
709 DRM_SIMPLE_BRIDGE = no;
710 DRM_THINE_THC63LVD1024 = no;
711 DRM_TOSHIBA_TC358762 = no;
712 DRM_TOSHIBA_TC358764 = no;
713 DRM_TOSHIBA_TC358767 = no;
714 DRM_TOSHIBA_TC358768 = no;
715 DRM_TOSHIBA_TC358775 = no;
716 DRM_TI_TFP410 = no;
717 DRM_TI_SN65DSI83 = no;
718 DRM_TI_SN65DSI86 = no;
719 DRM_TI_TPD12S015 = no;
720 DRM_ANALOGIX_ANX6345 = no;
721 DRM_ANALOGIX_ANX78XX = no;
722 DRM_ANALOGIX_DP = no;
723 DRM_ANALOGIX_ANX7625 = no;
724 DRM_I2C_ADV7511 = no;
725 DRM_I2C_ADV7511_CEC = no;
726 DRM_CDNS_MHDP8546 = no;
727 DRM_DW_HDMI = no;
728 DRM_DW_HDMI_AHB_AUDIO = no;
729 DRM_DW_HDMI_I2S_AUDIO = no;
730 DRM_DW_HDMI_CEC = no;
731 DRM_STI = no;
732 DRM_IMX = no;
733 DRM_IMX_PARALLEL_DISPLAY = no;
734 DRM_IMX_TVE = no;
735 DRM_IMX_LDB = no;
736 DRM_IMX_HDMI = no;
737 DRM_ETNAVIV = no;
738 DRM_ETNAVIV_THERMAL = no;
739 DRM_MXS = no;
740 DRM_MXSFB = no;
741 DRM_ARCPGU = no;
742 DRM_GM12U320 = no;
743 TINYDRM_HX8357D = no;
744 TINYDRM_ILI9225 = no;
745 TINYDRM_ILI9341 = no;
746 TINYDRM_ILI9486 = no;
747 TINYDRM_MI0283QT = no;
748 TINYDRM_REPAPER = no;
749 TINYDRM_ST7586 = no;
750 TINYDRM_ST7735R = no;
751 DRM_PL111 = no;
752 DRM_TVE200 = no;
753 DRM_LIMA = no;
754 DRM_PANFROST = no;
755 DRM_MCDE = no;
756 DRM_TIDSS = no;
757 DRM_GUD = no;
758 DRM_EXPORT_FOR_TESTS = no;
759 DRM_PANEL_ORIENTATION_QUIRKS = no;
760 DRM_LIB_RANDOM = no;
761
762 INFINIBAND = no;
763 INPUT_TOUCHSCREEN = no;
764 MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
765 MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
766 MEDIA_TUNER = no;
767 MPLS = no;
768 MPTCP = lib.mkForce no;
769 NFC = no;
770 NF_TABLES_BRIDGE = lib.mkForce no;
771 NVME = no;
772 OPENVSWITCH = no;
773 PARAVIRT = lib.mkForce no;
774 POWER_SUPPLY = no;
775 USB_GSPCA = lib.mkForce no;
776 VIDEO_STK1160_COMMON = lib.mkForce no;
777 XEN = lib.mkForce no;
778 #NVME_CORE = no;
779 };
780 features.debug = false;
781 #ignoreConfigErrors = true;
782 };
783 });
784 })
785 ];
786 boot.cleanTmpDir = true;
787 boot.tmpOnTmpfs = lib.mkForce false;
788 # TODO: is that needed?
789 hardware.enableRedistributableFirmware = true;
790 sdImage = {
791 postBuildCommands = ''
792 dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
793 '';
794 compressImage = true;
795 expandOnBoot = true;
796 firmwareSize = 1;
797 populateFirmwareCommands = "";
798 populateRootCommands = ''
799 mkdir -p ./files/boot
800 ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
801 '';
802 };
803 boot.loader.grub.enable = false;
804 boot.loader.generic-extlinux-compatible.enable = true;
805 # nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
806 boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
807 boot.initrd.availableKernelModules = lib.mkForce [
808 "mmc_block"
809 "usbhid"
810 "hid_generic"
811 "hid_microsoft"
812 ];
813 }