{ pkgs, lib, config, modulesPath, ... }:
{
imports = [
"${modulesPath}/installer/sd-card/sd-image.nix"
];
boot.supportedFilesystems = [
#"btrfs"
#"reiserfs"
"vfat"
#"f2fs"
#"xfs"
#"zfs"
#"ntfs"
#"cifs"
];
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TK1)
# - ttymxc0: for i.MX6 (Wandboard)
# - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
# - ttyO0: for OMAP (BeagleBone Black)
# - ttySAC2: for Exynos (ODROID-XU3)
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttymxc0,115200n8"
"console=ttyAMA0,115200n8"
"console=ttyO0,115200n8"
"console=ttySAC2,115200n8"
"console=tty0"
];
#nixpkgs.config.allowUnfree = true;
nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
nixpkgs.overlays = [
(final: super: {
# https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
mesa = super.mesa.override {
driDrivers = [];
eglPlatforms = ["x11"];
enableGalliumNine = false;
galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"];
vulkanDrivers = [];
};
})
(final: super: {
linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: {
kernel = ksuper.kernel.override {
defconfig = "sunxi_defconfig";
structuredExtraConfig = with lib.kernel; {
#
# File systems
#
PSTORE = yes;
VFAT_FS = yes;
EXT4_FS = yes;
EXT4_USE_FOR_EXT2 = yes;
#
# Networking options
#
TCP_CONG_BBR = module;
IPV6 = yes;
IPV6_ROUTER_PREF = yes;
IPV6_ROUTE_INFO = yes;
IPV6_OPTIMISTIC_DAD = yes;
INET6_AH = module;
INET6_ESP = module;
INET6_ESP_OFFLOAD = module;
INET6_ESPINTCP = yes;
INET6_IPCOMP = module;
IPV6_MIP6 = module;
IPV6_ILA = module;
INET6_XFRM_TUNNEL = module;
INET6_TUNNEL = module;
IPV6_VTI = module;
IPV6_SIT = module;
IPV6_SIT_6RD = yes;
IPV6_NDISC_NODETYPE = yes;
IPV6_TUNNEL = module;
IPV6_MULTIPLE_TABLES = yes;
IPV6_SUBTREES = yes;
IPV6_MROUTE = yes;
IPV6_MROUTE_MULTIPLE_TABLES = yes;
IPV6_PIMSM_V2 = yes;
IPV6_SEG6_LWTUNNEL = yes;
IPV6_SEG6_HMAC = yes;
IPV6_RPL_LWTUNNEL = yes;
# CONFIG_MPTCP is not set
# CONFIG_NETWORK_SECMARK is not set
NET_PTP_CLASSIFY = yes;
# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
NETFILTER = yes;
NETFILTER_ADVANCED = yes;
#
# Core Netfilter Configuration
#
NETFILTER_INGRESS = yes;
NETFILTER_NETLINK = module;
NETFILTER_FAMILY_ARP = yes;
NETFILTER_NETLINK_HOOK = module;
NETFILTER_NETLINK_ACCT = module;
NETFILTER_NETLINK_QUEUE = module;
NETFILTER_NETLINK_LOG = module;
NETFILTER_NETLINK_OSF = module;
NF_CONNTRACK = module;
NF_LOG_SYSLOG = module;
NETFILTER_CONNCOUNT = module;
NF_CONNTRACK_MARK = yes;
NF_CONNTRACK_ZONES = yes;
NF_CONNTRACK_PROCFS = yes;
NF_CONNTRACK_EVENTS = yes;
NF_CONNTRACK_TIMEOUT = yes;
NF_CONNTRACK_TIMESTAMP = yes;
NF_CONNTRACK_LABELS = yes;
NF_CT_PROTO_DCCP = yes;
NF_CT_PROTO_SCTP = yes;
NF_CT_PROTO_UDPLITE = yes;
# CONFIG_NF_CONNTRACK_AMANDA is not set
# CONFIG_NF_CONNTRACK_FTP is not set
# CONFIG_NF_CONNTRACK_H323 is not set
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_SNMP is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
NF_CT_NETLINK = module;
NF_CT_NETLINK_TIMEOUT = module;
NF_CT_NETLINK_HELPER = module;
NETFILTER_NETLINK_GLUE_CT = yes;
NF_NAT = module;
NF_NAT_REDIRECT = yes;
NF_NAT_MASQUERADE = yes;
NETFILTER_SYNPROXY = module;
NF_TABLES = module;
NF_TABLES_INET = yes;
NF_TABLES_NETDEV = yes;
NFT_NUMGEN = module;
NFT_CT = module;
NFT_COUNTER = module;
NFT_CONNLIMIT = module;
NFT_LOG = module;
NFT_LIMIT = module;
NFT_MASQ = module;
NFT_REDIR = module;
NFT_NAT = module;
NFT_TUNNEL = module;
NFT_OBJREF = module;
NFT_QUEUE = module;
NFT_QUOTA = module;
NFT_REJECT = module;
NFT_REJECT_INET = module;
NFT_COMPAT = module;
NFT_HASH = module;
NFT_FIB = module;
NFT_FIB_INET = module;
NFT_XFRM = module;
NFT_SOCKET = module;
NFT_OSF = module;
NFT_TPROXY = module;
NFT_SYNPROXY = module;
NF_DUP_NETDEV = module;
NFT_DUP_NETDEV = module;
NFT_FWD_NETDEV = module;
NFT_FIB_NETDEV = module;
NFT_REJECT_NETDEV = module;
# CONFIG_NF_FLOW_TABLE is not set
NETFILTER_XTABLES = module;
#
# Xtables combined modules
#
NETFILTER_XT_MARK = module;
NETFILTER_XT_CONNMARK = module;
NETFILTER_XT_SET = module;
#
# Xtables targets
#
NETFILTER_XT_TARGET_CHECKSUM = module;
NETFILTER_XT_TARGET_CLASSIFY = module;
NETFILTER_XT_TARGET_CONNMARK = module;
NETFILTER_XT_TARGET_CT = module;
NETFILTER_XT_TARGET_DSCP = module;
NETFILTER_XT_TARGET_HL = module;
NETFILTER_XT_TARGET_HMARK = module;
NETFILTER_XT_TARGET_IDLETIMER = module;
NETFILTER_XT_TARGET_LED = module;
NETFILTER_XT_TARGET_LOG = module;
NETFILTER_XT_TARGET_MARK = module;
NETFILTER_XT_NAT = module;
NETFILTER_XT_TARGET_NETMAP = module;
NETFILTER_XT_TARGET_NFLOG = module;
NETFILTER_XT_TARGET_NFQUEUE = module;
NETFILTER_XT_TARGET_NOTRACK = module;
NETFILTER_XT_TARGET_RATEEST = module;
NETFILTER_XT_TARGET_REDIRECT = module;
NETFILTER_XT_TARGET_MASQUERADE = module;
NETFILTER_XT_TARGET_TEE = module;
NETFILTER_XT_TARGET_TPROXY = module;
NETFILTER_XT_TARGET_TRACE = module;
NETFILTER_XT_TARGET_TCPMSS = module;
NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
#
# Xtables matches
#
NETFILTER_XT_MATCH_ADDRTYPE = module;
NETFILTER_XT_MATCH_BPF = module;
NETFILTER_XT_MATCH_CGROUP = module;
NETFILTER_XT_MATCH_CLUSTER = module;
NETFILTER_XT_MATCH_COMMENT = module;
NETFILTER_XT_MATCH_CONNBYTES = module;
NETFILTER_XT_MATCH_CONNLABEL = module;
NETFILTER_XT_MATCH_CONNLIMIT = module;
NETFILTER_XT_MATCH_CONNMARK = module;
NETFILTER_XT_MATCH_CONNTRACK = module;
NETFILTER_XT_MATCH_CPU = module;
NETFILTER_XT_MATCH_DCCP = module;
NETFILTER_XT_MATCH_DEVGROUP = module;
NETFILTER_XT_MATCH_DSCP = module;
NETFILTER_XT_MATCH_ECN = module;
NETFILTER_XT_MATCH_ESP = module;
NETFILTER_XT_MATCH_HASHLIMIT = module;
NETFILTER_XT_MATCH_HELPER = module;
NETFILTER_XT_MATCH_HL = module;
NETFILTER_XT_MATCH_IPCOMP = module;
NETFILTER_XT_MATCH_IPRANGE = module;
NETFILTER_XT_MATCH_L2TP = module;
NETFILTER_XT_MATCH_LENGTH = module;
NETFILTER_XT_MATCH_LIMIT = module;
NETFILTER_XT_MATCH_MAC = module;
NETFILTER_XT_MATCH_MARK = module;
NETFILTER_XT_MATCH_MULTIPORT = module;
NETFILTER_XT_MATCH_NFACCT = module;
NETFILTER_XT_MATCH_OSF = module;
NETFILTER_XT_MATCH_OWNER = module;
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
NETFILTER_XT_MATCH_PKTTYPE = module;
NETFILTER_XT_MATCH_QUOTA = module;
NETFILTER_XT_MATCH_RATEEST = module;
NETFILTER_XT_MATCH_REALM = module;
NETFILTER_XT_MATCH_RECENT = module;
NETFILTER_XT_MATCH_SCTP = module;
NETFILTER_XT_MATCH_SOCKET = module;
NETFILTER_XT_MATCH_STATE = module;
NETFILTER_XT_MATCH_STATISTIC = module;
NETFILTER_XT_MATCH_STRING = module;
NETFILTER_XT_MATCH_TCPMSS = module;
NETFILTER_XT_MATCH_TIME = module;
NETFILTER_XT_MATCH_U32 = module;
# end of Core Netfilter Configuration
IP_SET = module;
IP_SET_MAX.freeform = "256";
IP_SET_BITMAP_IP = module;
IP_SET_BITMAP_IPMAC = module;
IP_SET_BITMAP_PORT = module;
IP_SET_HASH_IP = module;
IP_SET_HASH_IPMARK = module;
IP_SET_HASH_IPPORT = module;
IP_SET_HASH_IPPORTIP = module;
IP_SET_HASH_IPPORTNET = module;
IP_SET_HASH_IPMAC = module;
IP_SET_HASH_MAC = module;
IP_SET_HASH_NETPORTNET = module;
IP_SET_HASH_NET = module;
IP_SET_HASH_NETNET = module;
IP_SET_HASH_NETPORT = module;
IP_SET_HASH_NETIFACE = module;
IP_SET_LIST_SET = module;
# CONFIG_IP_VS is not set
#
# IP: Netfilter Configuration
#
NF_DEFRAG_IPV4 = module;
NF_SOCKET_IPV4 = module;
NF_TPROXY_IPV4 = module;
NF_TABLES_IPV4 = yes;
NFT_REJECT_IPV4 = module;
NFT_DUP_IPV4 = module;
NFT_FIB_IPV4 = module;
# CONFIG_NF_TABLES_ARP is not set
NF_DUP_IPV4 = module;
# CONFIG_NF_LOG_ARP is not set
# CONFIG_NF_LOG_IPV4 is not set
NF_REJECT_IPV4 = module;
IP_NF_IPTABLES = module;
IP_NF_MATCH_AH = module;
IP_NF_MATCH_ECN = module;
IP_NF_MATCH_RPFILTER = module;
IP_NF_MATCH_TTL = module;
IP_NF_FILTER = module;
IP_NF_TARGET_REJECT = module;
IP_NF_TARGET_SYNPROXY = module;
IP_NF_NAT = module;
IP_NF_TARGET_MASQUERADE = module;
IP_NF_TARGET_NETMAP = module;
IP_NF_TARGET_REDIRECT = module;
IP_NF_MANGLE = module;
IP_NF_TARGET_CLUSTERIP = module;
IP_NF_TARGET_ECN = module;
IP_NF_TARGET_TTL = module;
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set
# end of IP: Netfilter Configuration
#
# IPv6: Netfilter Configuration
#
NF_SOCKET_IPV6 = module;
NF_TPROXY_IPV6 = module;
NF_TABLES_IPV6 = yes;
NFT_REJECT_IPV6 = module;
NFT_DUP_IPV6 = module;
NFT_FIB_IPV6 = module;
NF_DUP_IPV6 = module;
NF_REJECT_IPV6 = module;
NF_LOG_IPV6 = module;
IP6_NF_IPTABLES = module;
IP6_NF_MATCH_AH = module;
IP6_NF_MATCH_EUI64 = module;
IP6_NF_MATCH_FRAG = module;
IP6_NF_MATCH_OPTS = module;
IP6_NF_MATCH_HL = module;
IP6_NF_MATCH_IPV6HEADER = module;
IP6_NF_MATCH_MH = module;
IP6_NF_MATCH_RPFILTER = module;
IP6_NF_MATCH_RT = module;
IP6_NF_MATCH_SRH = module;
IP6_NF_TARGET_HL = module;
IP6_NF_FILTER = module;
IP6_NF_TARGET_REJECT = module;
IP6_NF_TARGET_SYNPROXY = module;
IP6_NF_MANGLE = module;
IP6_NF_RAW = module;
IP6_NF_NAT = module;
IP6_NF_TARGET_MASQUERADE = module;
IP6_NF_TARGET_NPT = module;
# end of IPv6: Netfilter Configuration
NF_DEFRAG_IPV6 = module;
#
# Disabling
#
ADFS_FS = no;
AFFS_FS = no;
BEFS_FS = no;
BFS_FS = no;
BTRFS = no;
BTRFS_FS = no;
CEPH_FS = no;
CIFS = no;
CRAMFS = no;
ECRYPT_FS = no;
EFS_FS = no;
EROFS_FS = no;
EXT2_FS = no;
EXT3_FS = no;
F2FS_FS = lib.mkForce no;
GFS2_FS = no;
HFSPLUS_FS = no;
HFS_FS = no;
HPFS_FS = no;
JFS_FS = no;
MINIX_FS = no;
NET_9P = no;
NFSD = no;
NFS_FS = no;
NILFS2_FS = no;
OMFS_FS = no;
ORANGEFS_FS = no;
QNX4FS_FS = no;
QNX6FS_FS = no;
REISERFS_FS = no;
ROMFS_FS = no;
SQUASHFS = no;
SYSV_FS = no;
UFS_FS = no;
VXFS_FS = no;
XFS_FS = no;
MISC_FILESYSTEMS = no;
DECNET = no;
SCTP = no;
RDS = no;
DCCP = no;
TIPC = no;
CAIF = no;
CEPH = no;
VMW_SOCK = no;
HSR = no;
QRTR = no;
MPI = no;
RAID6 = no;
STAGING = lib.mkForce no;
"6LOWPAN" = no;
ARCNET = no;
B53 = no;
BATMAN_ADV = no;
BT = no;
CAN = no;
COMEDI = no;
DRM_STM = lib.mkForce no;
INFINIBAND = no;
INPUT_TOUCHSCREEN = no;
MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
MEDIA_TUNER = no;
MPLS = no;
MPTCP = lib.mkForce no;
NFC = no;
NF_TABLES_BRIDGE = lib.mkForce no;
NVME = no;
OPENVSWITCH = no;
PARAVIRT = lib.mkForce no;
POWER_SUPPLY = no;
USB_GSPCA = lib.mkForce no;
VIDEO_STK1160_COMMON = lib.mkForce no;
XEN = lib.mkForce no;
#NVME_CORE = no;
};
#ignoreConfigErrors = true;
};
});
})
];
boot.cleanTmpDir = true;
boot.tmpOnTmpfs = lib.mkForce false;
# TODO: is that needed?
hardware.enableRedistributableFirmware = true;
sdImage = {
postBuildCommands = ''
dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
'';
compressImage = true;
expandOnBoot = true;
firmwareSize = 1;
populateFirmwareCommands = "";
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
boot.initrd.availableKernelModules = lib.mkForce [
"mmc_block"
"usbhid"
"hid_generic"
"hid_microsoft"
];
}