mermet: sanoid: add pleroma
[sourcephile-nix.git] / nixos / profiles / hardware / cubieboard2.nix
index 25f469d1ba6741d84fb70bc4f4f597bf0cf606ba..d138c73f621cdf5e3490d7d8738fa278de955d01 100644 (file)
 { pkgs, lib, config, modulesPath, ... }:
 {
-imports = [
-  "${modulesPath}/installer/sd-card/sd-image-armv7l-multiplatform.nix"
-];
-#nixpkgs.config.allowUnfree = true;
-nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
-nixpkgs.overlays = [
-  (final: super: {
-    # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
-    mesa = super.mesa.override {
-      driDrivers = [];
-      eglPlatforms = ["x11"];
-      enableGalliumNine = false;
-      galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"];
-      vulkanDrivers = [];
-    };
-  })
-];
-boot.cleanTmpDir = true;
-boot.tmpOnTmpfs = lib.mkForce false;
-# TODO: is that needed?
-hardware.enableRedistributableFirmware = true;
-sdImage = {
-  postBuildCommands = ''
-    dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
-  '';
-  compressImage = true;
-  expandOnBoot = true;
-  firmwareSize = 1;
-  populateFirmwareCommands = lib.mkForce "";
-};
-boot.initrd.availableKernelModules = lib.mkForce [
-  "mmc_block"
-  "usbhid"
-  "hid_generic"
-  "hid_microsoft"
-];
-# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
-boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
-nixpkgs.overlays = [
-  (final: super: {
-    linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: {
-      kernel = ksuper.kernel.override {
-        defconfig = "sunxi_defconfig";
-        structuredExtraConfig = with lib.kernel; {
-          #
-          # File systems
-          #
-          PSTORE = yes;
-          VFAT_FS = yes;
-          EXT4_FS = yes;
-          EXT4_USE_FOR_EXT2 = yes;
+  imports = [
+    "${modulesPath}/installer/sd-card/sd-image.nix"
+  ];
 
-          #
-          # Networking options
-          #
-          TCP_CONG_BBR = module;
-          IPV6 = yes;
-          IPV6_ROUTER_PREF = yes;
-          IPV6_ROUTE_INFO = yes;
-          IPV6_OPTIMISTIC_DAD = yes;
-          INET6_AH = module;
-          INET6_ESP = module;
-          INET6_ESP_OFFLOAD = module;
-          INET6_ESPINTCP = yes;
-          INET6_IPCOMP = module;
-          IPV6_MIP6 = module;
-          IPV6_ILA = module;
-          INET6_XFRM_TUNNEL = module;
-          INET6_TUNNEL = module;
-          IPV6_VTI = module;
-          IPV6_SIT = module;
-          IPV6_SIT_6RD = yes;
-          IPV6_NDISC_NODETYPE = yes;
-          IPV6_TUNNEL = module;
-          IPV6_MULTIPLE_TABLES = yes;
-          IPV6_SUBTREES = yes;
-          IPV6_MROUTE = yes;
-          IPV6_MROUTE_MULTIPLE_TABLES = yes;
-          IPV6_PIMSM_V2 = yes;
-          IPV6_SEG6_LWTUNNEL = yes;
-          IPV6_SEG6_HMAC = yes;
-          IPV6_RPL_LWTUNNEL = yes;
-          # CONFIG_MPTCP is not set
-          # CONFIG_NETWORK_SECMARK is not set
-          NET_PTP_CLASSIFY = yes;
-          # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
-          NETFILTER = yes;
-          NETFILTER_ADVANCED = yes;
+  _module.args.CPUs = 2;
 
-          #
-          # Core Netfilter Configuration
-          #
-          NETFILTER_INGRESS = yes;
-          NETFILTER_NETLINK = module;
-          NETFILTER_FAMILY_ARP = yes;
-          NETFILTER_NETLINK_HOOK = module;
-          NETFILTER_NETLINK_ACCT = module;
-          NETFILTER_NETLINK_QUEUE = module;
-          NETFILTER_NETLINK_LOG = module;
-          NETFILTER_NETLINK_OSF = module;
-          NF_CONNTRACK = module;
-          NF_LOG_SYSLOG = module;
-          NETFILTER_CONNCOUNT = module;
-          NF_CONNTRACK_MARK = yes;
-          NF_CONNTRACK_ZONES = yes;
-          NF_CONNTRACK_PROCFS = yes;
-          NF_CONNTRACK_EVENTS = yes;
-          NF_CONNTRACK_TIMEOUT = yes;
-          NF_CONNTRACK_TIMESTAMP = yes;
-          NF_CONNTRACK_LABELS = yes;
-          NF_CT_PROTO_DCCP = yes;
-          NF_CT_PROTO_SCTP = yes;
-          NF_CT_PROTO_UDPLITE = yes;
-          # CONFIG_NF_CONNTRACK_AMANDA is not set
-          # CONFIG_NF_CONNTRACK_FTP is not set
-          # CONFIG_NF_CONNTRACK_H323 is not set
-          # CONFIG_NF_CONNTRACK_IRC is not set
-          # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
-          # CONFIG_NF_CONNTRACK_SNMP is not set
-          # CONFIG_NF_CONNTRACK_PPTP is not set
-          # CONFIG_NF_CONNTRACK_SANE is not set
-          # CONFIG_NF_CONNTRACK_SIP is not set
-          # CONFIG_NF_CONNTRACK_TFTP is not set
-          NF_CT_NETLINK = module;
-          NF_CT_NETLINK_TIMEOUT = module;
-          NF_CT_NETLINK_HELPER = module;
-          NETFILTER_NETLINK_GLUE_CT = yes;
-          NF_NAT = module;
-          NF_NAT_REDIRECT = yes;
-          NF_NAT_MASQUERADE = yes;
-          NETFILTER_SYNPROXY = module;
-          NF_TABLES = module;
-          NF_TABLES_INET = yes;
-          NF_TABLES_NETDEV = yes;
-          NFT_NUMGEN = module;
-          NFT_CT = module;
-          NFT_COUNTER = module;
-          NFT_CONNLIMIT = module;
-          NFT_LOG = module;
-          NFT_LIMIT = module;
-          NFT_MASQ = module;
-          NFT_REDIR = module;
-          NFT_NAT = module;
-          NFT_TUNNEL = module;
-          NFT_OBJREF = module;
-          NFT_QUEUE = module;
-          NFT_QUOTA = module;
-          NFT_REJECT = module;
-          NFT_REJECT_INET = module;
-          NFT_COMPAT = module;
-          NFT_HASH = module;
-          NFT_FIB = module;
-          NFT_FIB_INET = module;
-          NFT_XFRM = module;
-          NFT_SOCKET = module;
-          NFT_OSF = module;
-          NFT_TPROXY = module;
-          NFT_SYNPROXY = module;
-          NF_DUP_NETDEV = module;
-          NFT_DUP_NETDEV = module;
-          NFT_FWD_NETDEV = module;
-          NFT_FIB_NETDEV = module;
-          NFT_REJECT_NETDEV = module;
-          # CONFIG_NF_FLOW_TABLE is not set
-          NETFILTER_XTABLES = module;
+  # Too CPU hungry for this hardware, for too little Mio saved
+  nix.settings.auto-optimise-store = false;
 
-          #
-          # Xtables combined modules
-          #
-          NETFILTER_XT_MARK = module;
-          NETFILTER_XT_CONNMARK = module;
-          NETFILTER_XT_SET = module;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
 
-          #
-          # Xtables targets
-          #
-          NETFILTER_XT_TARGET_CHECKSUM = module;
-          NETFILTER_XT_TARGET_CLASSIFY = module;
-          NETFILTER_XT_TARGET_CONNMARK = module;
-          NETFILTER_XT_TARGET_CT = module;
-          NETFILTER_XT_TARGET_DSCP = module;
-          NETFILTER_XT_TARGET_HL = module;
-          NETFILTER_XT_TARGET_HMARK = module;
-          NETFILTER_XT_TARGET_IDLETIMER = module;
-          NETFILTER_XT_TARGET_LED = module;
-          NETFILTER_XT_TARGET_LOG = module;
-          NETFILTER_XT_TARGET_MARK = module;
-          NETFILTER_XT_NAT = module;
-          NETFILTER_XT_TARGET_NETMAP = module;
-          NETFILTER_XT_TARGET_NFLOG = module;
-          NETFILTER_XT_TARGET_NFQUEUE = module;
-          NETFILTER_XT_TARGET_NOTRACK = module;
-          NETFILTER_XT_TARGET_RATEEST = module;
-          NETFILTER_XT_TARGET_REDIRECT = module;
-          NETFILTER_XT_TARGET_MASQUERADE = module;
-          NETFILTER_XT_TARGET_TEE = module;
-          NETFILTER_XT_TARGET_TPROXY = module;
-          NETFILTER_XT_TARGET_TRACE = module;
-          NETFILTER_XT_TARGET_TCPMSS = module;
-          NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
+  boot.supportedFilesystems = [
+    #"btrfs"
+    #"reiserfs"
+    "vfat"
+    #"f2fs"
+    #"xfs"
+    #"zfs" # ZFS tools coredump with SIGSEGV
+    #"ntfs"
+    #"cifs"
+  ];
 
-          #
-          # Xtables matches
-          #
-          NETFILTER_XT_MATCH_ADDRTYPE = module;
-          NETFILTER_XT_MATCH_BPF = module;
-          NETFILTER_XT_MATCH_CGROUP = module;
-          NETFILTER_XT_MATCH_CLUSTER = module;
-          NETFILTER_XT_MATCH_COMMENT = module;
-          NETFILTER_XT_MATCH_CONNBYTES = module;
-          NETFILTER_XT_MATCH_CONNLABEL = module;
-          NETFILTER_XT_MATCH_CONNLIMIT = module;
-          NETFILTER_XT_MATCH_CONNMARK = module;
-          NETFILTER_XT_MATCH_CONNTRACK = module;
-          NETFILTER_XT_MATCH_CPU = module;
-          NETFILTER_XT_MATCH_DCCP = module;
-          NETFILTER_XT_MATCH_DEVGROUP = module;
-          NETFILTER_XT_MATCH_DSCP = module;
-          NETFILTER_XT_MATCH_ECN = module;
-          NETFILTER_XT_MATCH_ESP = module;
-          NETFILTER_XT_MATCH_HASHLIMIT = module;
-          NETFILTER_XT_MATCH_HELPER = module;
-          NETFILTER_XT_MATCH_HL = module;
-          NETFILTER_XT_MATCH_IPCOMP = module;
-          NETFILTER_XT_MATCH_IPRANGE = module;
-          NETFILTER_XT_MATCH_L2TP = module;
-          NETFILTER_XT_MATCH_LENGTH = module;
-          NETFILTER_XT_MATCH_LIMIT = module;
-          NETFILTER_XT_MATCH_MAC = module;
-          NETFILTER_XT_MATCH_MARK = module;
-          NETFILTER_XT_MATCH_MULTIPORT = module;
-          NETFILTER_XT_MATCH_NFACCT = module;
-          NETFILTER_XT_MATCH_OSF = module;
-          NETFILTER_XT_MATCH_OWNER = module;
-          # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
-          NETFILTER_XT_MATCH_PKTTYPE = module;
-          NETFILTER_XT_MATCH_QUOTA = module;
-          NETFILTER_XT_MATCH_RATEEST = module;
-          NETFILTER_XT_MATCH_REALM = module;
-          NETFILTER_XT_MATCH_RECENT = module;
-          NETFILTER_XT_MATCH_SCTP = module;
-          NETFILTER_XT_MATCH_SOCKET = module;
-          NETFILTER_XT_MATCH_STATE = module;
-          NETFILTER_XT_MATCH_STATISTIC = module;
-          NETFILTER_XT_MATCH_STRING = module;
-          NETFILTER_XT_MATCH_TCPMSS = module;
-          NETFILTER_XT_MATCH_TIME = module;
-          NETFILTER_XT_MATCH_U32 = module;
-          # end of Core Netfilter Configuration
+  # The serial ports listed here are:
+  # - ttyS0: for Tegra (Jetson TK1)
+  # - ttymxc0: for i.MX6 (Wandboard)
+  # - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
+  # - ttyO0: for OMAP (BeagleBone Black)
+  # - ttySAC2: for Exynos (ODROID-XU3)
+  boot.consoleLogLevel = lib.mkDefault 7;
+  boot.kernelParams = [
+    "console=ttyS0,115200n8"
+    "console=ttymxc0,115200n8"
+    "console=ttyAMA0,115200n8"
+    "console=ttyO0,115200n8"
+    "console=ttySAC2,115200n8"
+    "console=tty0"
+  ];
+  boot.kernelPatches = [
+    {
+      name = "0001-core_pattern-fix-too-small-CORENAME_MAX_SIZE";
+      patch = ../../../nixpkgs/patches/linux/0001-core_pattern-fix-too-small-CORENAME_MAX_SIZE.patch;
+      extraConfig = ''
+    '';
+    }
+  ];
 
-          IP_SET = module;
-          IP_SET_MAX.freeform = "256";
-          IP_SET_BITMAP_IP = module;
-          IP_SET_BITMAP_IPMAC = module;
-          IP_SET_BITMAP_PORT = module;
-          IP_SET_HASH_IP = module;
-          IP_SET_HASH_IPMARK = module;
-          IP_SET_HASH_IPPORT = module;
-          IP_SET_HASH_IPPORTIP = module;
-          IP_SET_HASH_IPPORTNET = module;
-          IP_SET_HASH_IPMAC = module;
-          IP_SET_HASH_MAC = module;
-          IP_SET_HASH_NETPORTNET = module;
-          IP_SET_HASH_NET = module;
-          IP_SET_HASH_NETNET = module;
-          IP_SET_HASH_NETPORT = module;
-          IP_SET_HASH_NETIFACE = module;
-          IP_SET_LIST_SET = module;
-          # CONFIG_IP_VS is not set
+  #nixpkgs.config.allowUnfree = true;
+  nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
+  nixpkgs.overlays = [
+    (_final: super: {
+      # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
+      mesa = super.mesa.override {
+        driDrivers = [ ];
+        eglPlatforms = [ "x11" ];
+        enableGalliumNine = false;
+        galliumDrivers = [ "lima" "panfrost" "kmsro" "swrast" ];
+        vulkanDrivers = [ ];
+      };
+    })
+    (_final: super: {
+      linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (_kfinal: ksuper: {
+        kernel = ksuper.kernel.override {
+          defconfig = "sunxi_defconfig";
+          structuredExtraConfig = with lib.kernel; {
+            # Workaround https://github.com/NixOS/nixpkgs/pull/141942#issuecomment-954301443
+            DEBUG_INFO = lib.mkForce no;
+            DEBUG_INFO_BTF = lib.mkForce no;
+            SUSPEND = no;
+            PM = no;
+            PM_SLEEP = no;
+            NVME_CORE = no;
+            TORTURE_TEST = no; # TODO: check if it's possible
+            USB_SERIAL_CH341 = module;
+            USB_SERIAL_PL2303 = module;
+            REGULATOR = lib.mkForce no;
+            MFD_CORE = no;
+            PCI = yes;
+
+            #
+            # File systems
+            #
+            EXT4_FS = yes;
+            EXT4_USE_FOR_EXT2 = yes;
+            FUSE_FS = module;
+            PSTORE = yes;
+            CONFIGFS_FS = module;
+            VFAT_FS = yes;
+            ZSWAP = yes;
+
+            # misc
+            DAX = module;
+            DRM_DISPLAY_CONNECTOR = module;
+            FB_SIMPLE = lib.mkForce module;
+            NET_SCH_CODEL = module;
+            NET_SCH_FQ_CODEL = module;
+            UIO = module;
+
+            # WiFi
+            # Not built in the Cubieboard2, require an USB dongle
+            WIRELESS = yes;
+            CFG80211 = module;
+            LIB80211 = module;
+            LIB80211_CRYPT_CCMP = module;
+            MAC80211 = module;
+            MAC80211_HWSIM = module;
+            NETDEVICES = yes;
+            WLAN = yes;
+            WLAN_VENDOR_REALTEK = yes;
+            NET_VENDOR_REALTEK = yes;
+            REALTEK_PHY = yes;
+            RTL_CARDS = module;
+            RTL8188EE = module; # For 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]
+            RTLWIFI = module;
+            RTLWIFI_PCI = module;
+            RTLWIFI_DEBUG = yes;
+
+            # Sound options
+            SND_SOC_ADI = no;
+            SND_SOC_ADI_AXI_I2S = no;
+            SND_SOC_ADI_AXI_SPDIF = no;
+            SND_SOC_AMD_ACP = no;
+            SND_SOC_AMD_CZ_RT5645_MACH = no;
+            SND_ATMEL_SOC = no;
+            SND_SOC_MIKROE_PROTO = no;
+            SND_BCM63XX_I2S_WHISTLER = no;
+            SND_DESIGNWARE_I2S = no;
+            SND_SOC_FSL_ASRC = no;
+            SND_SOC_FSL_SAI = no;
+            SND_SOC_FSL_MQS = no;
+            SND_SOC_FSL_AUDMIX = no;
+            SND_SOC_FSL_SSI = no;
+            SND_SOC_FSL_SPDIF = no;
+            SND_SOC_FSL_ESAI = no;
+            SND_SOC_FSL_MICFIL = no;
+            SND_SOC_FSL_EASRC = no;
+            SND_SOC_FSL_XCVR = no;
+            SND_SOC_FSL_RPMSG = no;
+            SND_SOC_IMX_AUDMUX = no;
+            SND_I2S_HI6210_I2S = no;
+            SND_SOC_MTK_BTCVSD = no;
+            SND_SOC_XILINX_I2S = no;
+            SND_SOC_XILINX_AUDIO_FORMATTER = no;
+            SND_SOC_XILINX_SPDIF = no;
+            SND_SOC_XTFPGA_I2S = no;
+            SND_SOC_AC97_CODEC = no;
+            SND_SOC_ADAU_UTILS = no;
+            SND_SOC_ADAU1372 = no;
+            SND_SOC_ADAU1372_I2C = no;
+            SND_SOC_ADAU1372_SPI = no;
+            SND_SOC_ADAU1701 = no;
+            SND_SOC_ADAU17X1 = no;
+            SND_SOC_ADAU1761 = no;
+            SND_SOC_ADAU1761_I2C = no;
+            SND_SOC_ADAU1761_SPI = no;
+            SND_SOC_ADAU7002 = no;
+            SND_SOC_ADAU7118 = no;
+            SND_SOC_ADAU7118_HW = no;
+            SND_SOC_ADAU7118_I2C = no;
+            SND_SOC_AK4104 = no;
+            SND_SOC_AK4118 = no;
+            SND_SOC_AK4458 = no;
+            SND_SOC_AK4554 = no;
+            SND_SOC_AK4613 = no;
+            SND_SOC_AK4642 = no;
+            SND_SOC_AK5386 = no;
+            SND_SOC_AK5558 = no;
+            SND_SOC_ALC5623 = no;
+            SND_SOC_BD28623 = no;
+            SND_SOC_BT_SCO = no;
+            SND_SOC_CPCAP = no;
+            SND_SOC_CS35L32 = no;
+            SND_SOC_CS35L33 = no;
+            SND_SOC_CS35L34 = no;
+            SND_SOC_CS35L35 = no;
+            SND_SOC_CS35L36 = no;
+            SND_SOC_CS42L42 = no;
+            SND_SOC_CS42L51 = no;
+            SND_SOC_CS42L51_I2C = no;
+            SND_SOC_CS42L52 = no;
+            SND_SOC_CS42L56 = no;
+            SND_SOC_CS42L73 = no;
+            SND_SOC_CS4234 = no;
+            SND_SOC_CS4265 = no;
+            SND_SOC_CS4270 = no;
+            SND_SOC_CS4271 = no;
+            SND_SOC_CS4271_I2C = no;
+            SND_SOC_CS4271_SPI = no;
+            SND_SOC_CS42XX8 = no;
+            SND_SOC_CS42XX8_I2C = no;
+            SND_SOC_CS43130 = no;
+            SND_SOC_CS4341 = no;
+            SND_SOC_CS4349 = no;
+            SND_SOC_CS53L30 = no;
+            SND_SOC_CX2072X = no;
+            SND_SOC_DA7213 = no;
+            SND_SOC_DMIC = no;
+            SND_SOC_HDMI_CODEC = no;
+            SND_SOC_ES7134 = no;
+            SND_SOC_ES7241 = no;
+            SND_SOC_ES8316 = no;
+            SND_SOC_ES8328 = no;
+            SND_SOC_ES8328_I2C = no;
+            SND_SOC_ES8328_SPI = no;
+            SND_SOC_GTM601 = no;
+            SND_SOC_INNO_RK3036 = no;
+            SND_SOC_MAX98088 = no;
+            SND_SOC_MAX98357A = no;
+            SND_SOC_MAX98504 = no;
+            SND_SOC_MAX9867 = no;
+            SND_SOC_MAX98927 = no;
+            SND_SOC_MAX98373 = no;
+            SND_SOC_MAX98373_I2C = no;
+            SND_SOC_MAX98373_SDW = no;
+            SND_SOC_MAX98390 = no;
+            SND_SOC_MAX9860 = no;
+            SND_SOC_MSM8916_WCD_ANALOG = no;
+            SND_SOC_MSM8916_WCD_DIGITAL = no;
+            SND_SOC_PCM1681 = no;
+            SND_SOC_PCM1789 = no;
+            SND_SOC_PCM1789_I2C = no;
+            SND_SOC_PCM179X = no;
+            SND_SOC_PCM179X_I2C = no;
+            SND_SOC_PCM179X_SPI = no;
+            SND_SOC_PCM186X = no;
+            SND_SOC_PCM186X_I2C = no;
+            SND_SOC_PCM186X_SPI = no;
+            SND_SOC_PCM3060 = no;
+            SND_SOC_PCM3060_I2C = no;
+            SND_SOC_PCM3060_SPI = no;
+            SND_SOC_PCM3168A = no;
+            SND_SOC_PCM3168A_I2C = no;
+            SND_SOC_PCM3168A_SPI = no;
+            SND_SOC_PCM5102A = no;
+            SND_SOC_PCM512x = no;
+            SND_SOC_PCM512x_I2C = no;
+            SND_SOC_PCM512x_SPI = no;
+            SND_SOC_RK3328 = no;
+            SND_SOC_RK817 = no;
+            SND_SOC_RL6231 = no;
+            SND_SOC_RT1308_SDW = no;
+            SND_SOC_RT1316_SDW = no;
+            SND_SOC_RT5616 = no;
+            SND_SOC_RT5631 = no;
+            SND_SOC_RT5640 = no;
+            SND_SOC_RT5645 = no;
+            SND_SOC_RT5659 = no;
+            SND_SOC_RT5682 = no;
+            SND_SOC_RT5682_SDW = no;
+            SND_SOC_RT700 = no;
+            SND_SOC_RT700_SDW = no;
+            SND_SOC_RT711 = no;
+            SND_SOC_RT711_SDW = no;
+            SND_SOC_RT711_SDCA_SDW = no;
+            SND_SOC_RT715 = no;
+            SND_SOC_RT715_SDW = no;
+            SND_SOC_RT715_SDCA_SDW = no;
+            SND_SOC_SGTL5000 = no;
+            SND_SOC_SIGMADSP = no;
+            SND_SOC_SIGMADSP_I2C = no;
+            SND_SOC_SIGMADSP_REGMAP = no;
+            SND_SOC_SIMPLE_AMPLIFIER = no;
+            SND_SOC_SIMPLE_MUX = no;
+            SND_SOC_SPDIF = no;
+            SND_SOC_SSM2305 = no;
+            SND_SOC_SSM2518 = no;
+            SND_SOC_SSM2602 = no;
+            SND_SOC_SSM2602_SPI = no;
+            SND_SOC_SSM2602_I2C = no;
+            SND_SOC_SSM4567 = no;
+            SND_SOC_STA32X = no;
+            SND_SOC_STA350 = no;
+            SND_SOC_STI_SAS = no;
+            SND_SOC_TAS2552 = no;
+            SND_SOC_TAS2562 = no;
+            SND_SOC_TAS2764 = no;
+            SND_SOC_TAS2770 = no;
+            SND_SOC_TAS5086 = no;
+            SND_SOC_TAS571X = no;
+            SND_SOC_TAS5720 = no;
+            SND_SOC_TAS6424 = no;
+            SND_SOC_TDA7419 = no;
+            SND_SOC_TFA9879 = no;
+            SND_SOC_TFA989X = no;
+            SND_SOC_TLV320AIC23 = no;
+            SND_SOC_TLV320AIC23_I2C = no;
+            SND_SOC_TLV320AIC23_SPI = no;
+            SND_SOC_TLV320AIC31XX = no;
+            SND_SOC_TLV320AIC32X4 = no;
+            SND_SOC_TLV320AIC32X4_I2C = no;
+            SND_SOC_TLV320AIC32X4_SPI = no;
+            SND_SOC_TLV320AIC3X = no;
+            SND_SOC_TLV320AIC3X_I2C = no;
+            SND_SOC_TLV320AIC3X_SPI = no;
+            SND_SOC_TLV320ADCX140 = no;
+            SND_SOC_TS3A227E = no;
+            SND_SOC_TSCS42XX = no;
+            SND_SOC_TSCS454 = no;
+            SND_SOC_UDA1334 = no;
+            SND_SOC_WCD9335 = no;
+            SND_SOC_WCD_MBHC = no;
+            SND_SOC_WCD934X = no;
+            SND_SOC_WCD938X = no;
+            SND_SOC_WCD938X_SDW = no;
+            SND_SOC_WM8510 = no;
+            SND_SOC_WM8523 = no;
+            SND_SOC_WM8524 = no;
+            SND_SOC_WM8580 = no;
+            SND_SOC_WM8711 = no;
+            SND_SOC_WM8728 = no;
+            SND_SOC_WM8731 = no;
+            SND_SOC_WM8737 = no;
+            SND_SOC_WM8741 = no;
+            SND_SOC_WM8750 = no;
+            SND_SOC_WM8753 = no;
+            SND_SOC_WM8770 = no;
+            SND_SOC_WM8776 = no;
+            SND_SOC_WM8782 = no;
+            SND_SOC_WM8804 = no;
+            SND_SOC_WM8804_I2C = no;
+            SND_SOC_WM8804_SPI = no;
+            SND_SOC_WM8903 = no;
+            SND_SOC_WM8904 = no;
+            SND_SOC_WM8960 = no;
+            SND_SOC_WM8962 = no;
+            SND_SOC_WM8974 = no;
+            SND_SOC_WM8978 = no;
+            SND_SOC_WM8985 = no;
+            SND_SOC_WSA881X = no;
+            SND_SOC_ZL38060 = no;
+            SND_SOC_MAX9759 = no;
+            SND_SOC_MT6351 = no;
+            SND_SOC_MT6358 = no;
+            SND_SOC_MT6660 = no;
+            SND_SOC_NAU8315 = no;
+            SND_SOC_NAU8540 = no;
+            SND_SOC_NAU8810 = no;
+            SND_SOC_NAU8822 = no;
+            SND_SOC_NAU8824 = no;
+            SND_SOC_TPA6130A2 = no;
+            SND_SOC_LPASS_WSA_MACRO = no;
+            SND_SOC_LPASS_VA_MACRO = no;
+            SND_SOC_LPASS_RX_MACRO = no;
+            SND_SOC_LPASS_TX_MACRO = no;
+            SND_SIMPLE_CARD_UTILS = no;
+            SND_SIMPLE_CARD = no;
+            SND_AUDIO_GRAPH_CARD = no;
+            SND_VIRTIO = no;
+            MOST_SND = no;
+
+            #
+            # Networking options
+            #
+            TCP_CONG_BBR = module;
+            #PPP = no;
+            #PPP_MULTILINK = lib.mkForce no;
+            #PPP_FILTER = lib.mkForce no;
+            #PPPOE = no;
+            NET_DSA = no;
+            L2TP = no;
+            PARPORT = no;
+            PARIDE = no;
+            CDROM = no;
+            GPIOLIB = no;
+            NEW_LEDS = no;
+            #LEDS_CLASS = no;
+
+            IPV6 = yes;
+            IPV6_ROUTER_PREF = yes;
+            IPV6_ROUTE_INFO = yes;
+            IPV6_OPTIMISTIC_DAD = yes;
+            INET6_AH = module;
+            INET6_ESP = module;
+            INET6_ESP_OFFLOAD = module;
+            INET6_ESPINTCP = yes;
+            INET6_IPCOMP = module;
+            IPV6_MIP6 = module;
+            IPV6_ILA = module;
+            INET6_XFRM_TUNNEL = module;
+            INET6_TUNNEL = module;
+            IPV6_VTI = module;
+            IPV6_SIT = module;
+            IPV6_SIT_6RD = yes;
+            IPV6_NDISC_NODETYPE = yes;
+            IPV6_TUNNEL = module;
+            IPV6_MULTIPLE_TABLES = yes;
+            IPV6_SUBTREES = yes;
+            IPV6_MROUTE = yes;
+            IPV6_MROUTE_MULTIPLE_TABLES = yes;
+            IPV6_PIMSM_V2 = yes;
+            IPV6_SEG6_LWTUNNEL = yes;
+            IPV6_SEG6_HMAC = yes;
+            IPV6_RPL_LWTUNNEL = yes;
+            # CONFIG_MPTCP is not set
+            # CONFIG_NETWORK_SECMARK is not set
+            NET_PTP_CLASSIFY = yes;
+            # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+            NETFILTER = yes;
+            NETFILTER_ADVANCED = yes;
+
+            #
+            # Core Netfilter Configuration
+            #
+            NETFILTER_INGRESS = yes;
+            NETFILTER_NETLINK = module;
+            NETFILTER_FAMILY_ARP = yes;
+            NETFILTER_NETLINK_HOOK = module;
+            NETFILTER_NETLINK_ACCT = module;
+            NETFILTER_NETLINK_QUEUE = module;
+            NETFILTER_NETLINK_LOG = module;
+            NETFILTER_NETLINK_OSF = module;
+            NF_CONNTRACK = module;
+            NF_LOG_SYSLOG = module;
+            NETFILTER_CONNCOUNT = module;
+            NF_CONNTRACK_MARK = yes;
+            NF_CONNTRACK_ZONES = yes;
+            NF_CONNTRACK_PROCFS = yes;
+            NF_CONNTRACK_EVENTS = yes;
+            NF_CONNTRACK_TIMEOUT = yes;
+            NF_CONNTRACK_TIMESTAMP = yes;
+            NF_CONNTRACK_LABELS = yes;
+            NF_CT_PROTO_DCCP = yes;
+            NF_CT_PROTO_SCTP = yes;
+            NF_CT_PROTO_UDPLITE = yes;
+            # CONFIG_NF_CONNTRACK_AMANDA is not set
+            # CONFIG_NF_CONNTRACK_FTP is not set
+            # CONFIG_NF_CONNTRACK_H323 is not set
+            # CONFIG_NF_CONNTRACK_IRC is not set
+            # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+            # CONFIG_NF_CONNTRACK_SNMP is not set
+            # CONFIG_NF_CONNTRACK_PPTP is not set
+            # CONFIG_NF_CONNTRACK_SANE is not set
+            # CONFIG_NF_CONNTRACK_SIP is not set
+            # CONFIG_NF_CONNTRACK_TFTP is not set
+            NF_CT_NETLINK = module;
+            NF_CT_NETLINK_TIMEOUT = module;
+            NF_CT_NETLINK_HELPER = module;
+            NETFILTER_NETLINK_GLUE_CT = yes;
+            NF_NAT = module;
+            NF_NAT_REDIRECT = yes;
+            NF_NAT_MASQUERADE = yes;
+            NETFILTER_SYNPROXY = module;
+            NF_TABLES = module;
+            NF_TABLES_INET = yes;
+            NF_TABLES_NETDEV = yes;
+            NFT_NUMGEN = module;
+            NFT_CT = module;
+            NFT_COUNTER = module;
+            NFT_CONNLIMIT = module;
+            NFT_LOG = module;
+            NFT_LIMIT = module;
+            NFT_MASQ = module;
+            NFT_REDIR = module;
+            NFT_NAT = module;
+            NFT_TUNNEL = module;
+            NFT_OBJREF = module;
+            NFT_QUEUE = module;
+            NFT_QUOTA = module;
+            NFT_REJECT = module;
+            NFT_REJECT_INET = module;
+            NFT_COMPAT = module;
+            NFT_HASH = module;
+            NFT_FIB = module;
+            NFT_FIB_INET = module;
+            NFT_XFRM = module;
+            NFT_SOCKET = module;
+            NFT_OSF = module;
+            NFT_TPROXY = module;
+            NFT_SYNPROXY = module;
+            NF_DUP_NETDEV = module;
+            NFT_DUP_NETDEV = module;
+            NFT_FWD_NETDEV = module;
+            NFT_FIB_NETDEV = module;
+            NFT_REJECT_NETDEV = module;
+            # CONFIG_NF_FLOW_TABLE is not set
+            NETFILTER_XTABLES = module;
 
-          #
-          # IP: Netfilter Configuration
-          #
-          NF_DEFRAG_IPV4 = module;
-          NF_SOCKET_IPV4 = module;
-          NF_TPROXY_IPV4 = module;
-          NF_TABLES_IPV4 = yes;
-          NFT_REJECT_IPV4 = module;
-          NFT_DUP_IPV4 = module;
-          NFT_FIB_IPV4 = module;
-          # CONFIG_NF_TABLES_ARP is not set
-          NF_DUP_IPV4 = module;
-          # CONFIG_NF_LOG_ARP is not set
-          # CONFIG_NF_LOG_IPV4 is not set
-          NF_REJECT_IPV4 = module;
-          IP_NF_IPTABLES = module;
-          IP_NF_MATCH_AH = module;
-          IP_NF_MATCH_ECN = module;
-          IP_NF_MATCH_RPFILTER = module;
-          IP_NF_MATCH_TTL = module;
-          IP_NF_FILTER = module;
-          IP_NF_TARGET_REJECT = module;
-          IP_NF_TARGET_SYNPROXY = module;
-          IP_NF_NAT = module;
-          IP_NF_TARGET_MASQUERADE = module;
-          IP_NF_TARGET_NETMAP = module;
-          IP_NF_TARGET_REDIRECT = module;
-          IP_NF_MANGLE = module;
-          IP_NF_TARGET_CLUSTERIP = module;
-          IP_NF_TARGET_ECN = module;
-          IP_NF_TARGET_TTL = module;
-          # CONFIG_IP_NF_RAW is not set
-          # CONFIG_IP_NF_ARPTABLES is not set
-          # end of IP: Netfilter Configuration
+            #
+            # Xtables combined modules
+            #
+            NETFILTER_XT_MARK = module;
+            NETFILTER_XT_CONNMARK = module;
+            NETFILTER_XT_SET = module;
 
-          #
-          # IPv6: Netfilter Configuration
-          #
-          NF_SOCKET_IPV6 = module;
-          NF_TPROXY_IPV6 = module;
-          NF_TABLES_IPV6 = yes;
-          NFT_REJECT_IPV6 = module;
-          NFT_DUP_IPV6 = module;
-          NFT_FIB_IPV6 = module;
-          NF_DUP_IPV6 = module;
-          NF_REJECT_IPV6 = module;
-          NF_LOG_IPV6 = module;
-          IP6_NF_IPTABLES = module;
-          IP6_NF_MATCH_AH = module;
-          IP6_NF_MATCH_EUI64 = module;
-          IP6_NF_MATCH_FRAG = module;
-          IP6_NF_MATCH_OPTS = module;
-          IP6_NF_MATCH_HL = module;
-          IP6_NF_MATCH_IPV6HEADER = module;
-          IP6_NF_MATCH_MH = module;
-          IP6_NF_MATCH_RPFILTER = module;
-          IP6_NF_MATCH_RT = module;
-          IP6_NF_MATCH_SRH = module;
-          IP6_NF_TARGET_HL = module;
-          IP6_NF_FILTER = module;
-          IP6_NF_TARGET_REJECT = module;
-          IP6_NF_TARGET_SYNPROXY = module;
-          IP6_NF_MANGLE = module;
-          IP6_NF_RAW = module;
-          IP6_NF_NAT = module;
-          IP6_NF_TARGET_MASQUERADE = module;
-          IP6_NF_TARGET_NPT = module;
-          # end of IPv6: Netfilter Configuration
+            #
+            # Xtables targets
+            #
+            NETFILTER_XT_TARGET_CHECKSUM = module;
+            NETFILTER_XT_TARGET_CLASSIFY = module;
+            NETFILTER_XT_TARGET_CONNMARK = module;
+            NETFILTER_XT_TARGET_CT = module;
+            NETFILTER_XT_TARGET_DSCP = module;
+            NETFILTER_XT_TARGET_HL = module;
+            NETFILTER_XT_TARGET_HMARK = module;
+            NETFILTER_XT_TARGET_IDLETIMER = module;
+            NETFILTER_XT_TARGET_LED = module;
+            NETFILTER_XT_TARGET_LOG = module;
+            NETFILTER_XT_TARGET_MARK = module;
+            NETFILTER_XT_NAT = module;
+            NETFILTER_XT_TARGET_NETMAP = module;
+            NETFILTER_XT_TARGET_NFLOG = module;
+            NETFILTER_XT_TARGET_NFQUEUE = module;
+            NETFILTER_XT_TARGET_NOTRACK = module;
+            NETFILTER_XT_TARGET_RATEEST = module;
+            NETFILTER_XT_TARGET_REDIRECT = module;
+            NETFILTER_XT_TARGET_MASQUERADE = module;
+            NETFILTER_XT_TARGET_TEE = module;
+            NETFILTER_XT_TARGET_TPROXY = module;
+            NETFILTER_XT_TARGET_TRACE = module;
+            NETFILTER_XT_TARGET_TCPMSS = module;
+            NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
 
-          NF_DEFRAG_IPV6 = module;
+            #
+            # Xtables matches
+            #
+            NETFILTER_XT_MATCH_ADDRTYPE = module;
+            NETFILTER_XT_MATCH_BPF = module;
+            NETFILTER_XT_MATCH_CGROUP = module;
+            NETFILTER_XT_MATCH_CLUSTER = module;
+            NETFILTER_XT_MATCH_COMMENT = module;
+            NETFILTER_XT_MATCH_CONNBYTES = module;
+            NETFILTER_XT_MATCH_CONNLABEL = module;
+            NETFILTER_XT_MATCH_CONNLIMIT = module;
+            NETFILTER_XT_MATCH_CONNMARK = module;
+            NETFILTER_XT_MATCH_CONNTRACK = module;
+            NETFILTER_XT_MATCH_CPU = module;
+            NETFILTER_XT_MATCH_DCCP = module;
+            NETFILTER_XT_MATCH_DEVGROUP = module;
+            NETFILTER_XT_MATCH_DSCP = module;
+            NETFILTER_XT_MATCH_ECN = module;
+            NETFILTER_XT_MATCH_ESP = module;
+            NETFILTER_XT_MATCH_HASHLIMIT = module;
+            NETFILTER_XT_MATCH_HELPER = module;
+            NETFILTER_XT_MATCH_HL = module;
+            NETFILTER_XT_MATCH_IPCOMP = module;
+            NETFILTER_XT_MATCH_IPRANGE = module;
+            NETFILTER_XT_MATCH_L2TP = module;
+            NETFILTER_XT_MATCH_LENGTH = module;
+            NETFILTER_XT_MATCH_LIMIT = module;
+            NETFILTER_XT_MATCH_MAC = module;
+            NETFILTER_XT_MATCH_MARK = module;
+            NETFILTER_XT_MATCH_MULTIPORT = module;
+            NETFILTER_XT_MATCH_NFACCT = module;
+            NETFILTER_XT_MATCH_OSF = module;
+            NETFILTER_XT_MATCH_OWNER = module;
+            # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
+            NETFILTER_XT_MATCH_PKTTYPE = module;
+            NETFILTER_XT_MATCH_QUOTA = module;
+            NETFILTER_XT_MATCH_RATEEST = module;
+            NETFILTER_XT_MATCH_REALM = module;
+            NETFILTER_XT_MATCH_RECENT = module;
+            NETFILTER_XT_MATCH_SCTP = module;
+            NETFILTER_XT_MATCH_SOCKET = module;
+            NETFILTER_XT_MATCH_STATE = module;
+            NETFILTER_XT_MATCH_STATISTIC = module;
+            NETFILTER_XT_MATCH_STRING = module;
+            NETFILTER_XT_MATCH_TCPMSS = module;
+            NETFILTER_XT_MATCH_TIME = module;
+            NETFILTER_XT_MATCH_U32 = module;
+            # end of Core Netfilter Configuration
 
-          #
-          # Disabling
-          #
-          ADFS_FS = no;
-          AFFS_FS = no;
-          BEFS_FS = no;
-          BFS_FS = no;
-          BTRFS = no;
-          BTRFS_FS = no;
-          CEPH_FS = no;
-          CIFS = no;
-          CRAMFS = no;
-          ECRYPT_FS = no;
-          EFS_FS = no;
-          EROFS_FS = no;
-          EXT2_FS = no;
-          EXT3_FS = no;
-          F2FS_FS = lib.mkForce no;
-          GFS2_FS = no;
-          HFSPLUS_FS = no;
-          HFS_FS = no;
-          HPFS_FS = no;
-          JFS_FS = no;
-          MINIX_FS = no;
-          NET_9P = no;
-          NFSD = no;
-          NFS_FS = no;
-          NILFS2_FS = no;
-          OMFS_FS = no;
-          ORANGEFS_FS = no;
-          QNX4FS_FS = no;
-          QNX6FS_FS = no;
-          REISERFS_FS = no;
-          ROMFS_FS = no;
-          SQUASHFS = no;
-          SYSV_FS = no;
-          UFS_FS = no;
-          VXFS_FS = no;
-          XFS_FS = no;
+            IP_SET = module;
+            IP_SET_MAX.freeform = "256";
+            IP_SET_BITMAP_IP = module;
+            IP_SET_BITMAP_IPMAC = module;
+            IP_SET_BITMAP_PORT = module;
+            IP_SET_HASH_IP = module;
+            IP_SET_HASH_IPMARK = module;
+            IP_SET_HASH_IPPORT = module;
+            IP_SET_HASH_IPPORTIP = module;
+            IP_SET_HASH_IPPORTNET = module;
+            IP_SET_HASH_IPMAC = module;
+            IP_SET_HASH_MAC = module;
+            IP_SET_HASH_NETPORTNET = module;
+            IP_SET_HASH_NET = module;
+            IP_SET_HASH_NETNET = module;
+            IP_SET_HASH_NETPORT = module;
+            IP_SET_HASH_NETIFACE = module;
+            IP_SET_LIST_SET = module;
+            # CONFIG_IP_VS is not set
 
-          MISC_FILESYSTEMS = no;
+            #
+            # IP: Netfilter Configuration
+            #
+            NF_DEFRAG_IPV4 = module;
+            NF_SOCKET_IPV4 = module;
+            NF_TPROXY_IPV4 = module;
+            NF_TABLES_IPV4 = yes;
+            NFT_REJECT_IPV4 = module;
+            NFT_DUP_IPV4 = module;
+            NFT_FIB_IPV4 = module;
+            # CONFIG_NF_TABLES_ARP is not set
+            NF_DUP_IPV4 = module;
+            # CONFIG_NF_LOG_ARP is not set
+            # CONFIG_NF_LOG_IPV4 is not set
+            NF_REJECT_IPV4 = module;
+            IP_NF_IPTABLES = module;
+            IP_NF_MATCH_AH = module;
+            IP_NF_MATCH_ECN = module;
+            IP_NF_MATCH_RPFILTER = module;
+            IP_NF_MATCH_TTL = module;
+            IP_NF_FILTER = module;
+            IP_NF_TARGET_REJECT = module;
+            IP_NF_TARGET_SYNPROXY = module;
+            IP_NF_NAT = module;
+            IP_NF_TARGET_MASQUERADE = module;
+            IP_NF_TARGET_NETMAP = module;
+            IP_NF_TARGET_REDIRECT = module;
+            IP_NF_MANGLE = module;
+            IP_NF_TARGET_CLUSTERIP = module;
+            IP_NF_TARGET_ECN = module;
+            IP_NF_TARGET_TTL = module;
+            # CONFIG_IP_NF_RAW is not set
+            # CONFIG_IP_NF_ARPTABLES is not set
+            # end of IP: Netfilter Configuration
 
-          DECNET = no;
-          SCTP = no;
-          RDS = no;
-          DCCP = no;
-          TIPC = no;
-          CAIF = no;
-          CEPH = no;
-          VMW_SOCK = no;
-          HSR = no;
-          QRTR = no;
-          MPI = no;
-          RAID6 = no;
-          STAGING = lib.mkForce no;
+            #
+            # IPv6: Netfilter Configuration
+            #
+            NF_SOCKET_IPV6 = module;
+            NF_TPROXY_IPV6 = module;
+            NF_TABLES_IPV6 = yes;
+            NFT_REJECT_IPV6 = module;
+            NFT_DUP_IPV6 = module;
+            NFT_FIB_IPV6 = module;
+            NF_DUP_IPV6 = module;
+            NF_REJECT_IPV6 = module;
+            NF_LOG_IPV6 = module;
+            IP6_NF_IPTABLES = module;
+            IP6_NF_MATCH_AH = module;
+            IP6_NF_MATCH_EUI64 = module;
+            IP6_NF_MATCH_FRAG = module;
+            IP6_NF_MATCH_OPTS = module;
+            IP6_NF_MATCH_HL = module;
+            IP6_NF_MATCH_IPV6HEADER = module;
+            IP6_NF_MATCH_MH = module;
+            IP6_NF_MATCH_RPFILTER = module;
+            IP6_NF_MATCH_RT = module;
+            IP6_NF_MATCH_SRH = module;
+            IP6_NF_TARGET_HL = module;
+            IP6_NF_FILTER = module;
+            IP6_NF_TARGET_REJECT = module;
+            IP6_NF_TARGET_SYNPROXY = module;
+            IP6_NF_MANGLE = module;
+            IP6_NF_RAW = module;
+            IP6_NF_NAT = module;
+            IP6_NF_TARGET_MASQUERADE = module;
+            IP6_NF_TARGET_NPT = module;
+            # end of IPv6: Netfilter Configuration
 
-          "6LOWPAN" = no;
-          ARCNET = no;
-          B53 = no;
-          BATMAN_ADV = no;
-          BT = no;
-          CAN = no;
-          COMEDI = no;
-          DRM_STM = lib.mkForce no;
-          INFINIBAND = no;
-          INPUT_TOUCHSCREEN = no;
-          MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
-          MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
-          MEDIA_TUNER = no;
-          MPLS = no;
-          MPTCP = lib.mkForce no;
-          NFC = no;
-          NF_TABLES_BRIDGE = lib.mkForce no;
-          NVME = no;
-          OPENVSWITCH = no;
-          PARAVIRT = lib.mkForce no;
-          POWER_SUPPLY = no;
-          USB_GSPCA = lib.mkForce no;
-          VIDEO_STK1160_COMMON = lib.mkForce no;
-          XEN = lib.mkForce no;
-          #NVME_CORE = no;
+            NF_DEFRAG_IPV6 = module;
+
+            #
+            # Disabling
+            #
+            ADFS_FS = no;
+            AFFS_FS = no;
+            BEFS_FS = no;
+            BFS_FS = no;
+            BTRFS = no;
+            BTRFS_FS = no;
+            CEPH_FS = no;
+            CIFS = no;
+            CRAMFS = no;
+            ECRYPT_FS = no;
+            EFS_FS = no;
+            EROFS_FS = no;
+            EXT2_FS = no;
+            EXT3_FS = no;
+            F2FS_FS = lib.mkForce no;
+            GFS2_FS = no;
+            HFSPLUS_FS = no;
+            HFS_FS = no;
+            HPFS_FS = no;
+            JFS_FS = no;
+            MINIX_FS = no;
+            NET_9P = no;
+            NFSD = no;
+            NFS_FS = no;
+            NILFS2_FS = no;
+            OMFS_FS = no;
+            ORANGEFS_FS = no;
+            QNX4FS_FS = no;
+            QNX6FS_FS = no;
+            REISERFS_FS = no;
+            ROMFS_FS = no;
+            SQUASHFS = no;
+            SYSV_FS = no;
+            UFS_FS = no;
+            VXFS_FS = no;
+            XFS_FS = no;
+
+            MISC_FILESYSTEMS = no;
+
+            DECNET = no;
+            SCTP = no;
+            RDS = no;
+            DCCP = no;
+            TIPC = no;
+            CAIF = no;
+            CEPH = no;
+            VMW_SOCK = no;
+            HSR = no;
+            QRTR = no;
+            MPI = no;
+            RAID6 = no;
+            STAGING = lib.mkForce no;
+            ATH11K_PCI = no;
+
+            "6LOWPAN" = no;
+            ARCNET = no;
+            B53 = no;
+            BATMAN_ADV = no;
+            BT = no;
+            CAN = no;
+            COMEDI = no;
+            DRM_STM = lib.mkForce no;
+            DRM_PANEL = lib.mkForce no;
+
+            DRM_BRIDGE = no;
+            DRM_PANEL_BRIDGE = no;
+            DRM_CDNS_DSI = no;
+            DRM_CHIPONE_ICN6211 = no;
+            DRM_CHRONTEL_CH7033 = no;
+            #DRM_DISPLAY_CONNECTOR = no;
+            DRM_LONTIUM_LT8912B = no;
+            DRM_LONTIUM_LT9611 = no;
+            DRM_LONTIUM_LT9611UXC = no;
+            DRM_ITE_IT66121 = no;
+            DRM_LVDS_CODEC = no;
+            DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW = no;
+            DRM_NWL_MIPI_DSI = no;
+            DRM_NXP_PTN3460 = no;
+            DRM_PARADE_PS8622 = no;
+            DRM_PARADE_PS8640 = no;
+            DRM_SIL_SII8620 = no;
+            DRM_SII902X = no;
+            DRM_SII9234 = no;
+            DRM_SIMPLE_BRIDGE = no;
+            DRM_THINE_THC63LVD1024 = no;
+            DRM_TOSHIBA_TC358762 = no;
+            DRM_TOSHIBA_TC358764 = no;
+            DRM_TOSHIBA_TC358767 = no;
+            DRM_TOSHIBA_TC358768 = no;
+            DRM_TOSHIBA_TC358775 = no;
+            DRM_TI_TFP410 = no;
+            DRM_TI_SN65DSI83 = no;
+            DRM_TI_SN65DSI86 = no;
+            DRM_TI_TPD12S015 = no;
+            DRM_ANALOGIX_ANX6345 = no;
+            DRM_ANALOGIX_ANX78XX = no;
+            DRM_ANALOGIX_DP = no;
+            DRM_ANALOGIX_ANX7625 = no;
+            DRM_I2C_ADV7511 = no;
+            DRM_I2C_ADV7511_CEC = no;
+            DRM_CDNS_MHDP8546 = no;
+            DRM_DW_HDMI = no;
+            DRM_DW_HDMI_AHB_AUDIO = no;
+            DRM_DW_HDMI_I2S_AUDIO = no;
+            DRM_DW_HDMI_CEC = no;
+            DRM_STI = no;
+            DRM_IMX = no;
+            DRM_IMX_PARALLEL_DISPLAY = no;
+            DRM_IMX_TVE = no;
+            DRM_IMX_LDB = no;
+            DRM_IMX_HDMI = no;
+            DRM_ETNAVIV = no;
+            DRM_ETNAVIV_THERMAL = no;
+            DRM_MXS = no;
+            DRM_MXSFB = no;
+            DRM_ARCPGU = no;
+            DRM_GM12U320 = no;
+            TINYDRM_HX8357D = no;
+            TINYDRM_ILI9225 = no;
+            TINYDRM_ILI9341 = no;
+            TINYDRM_ILI9486 = no;
+            TINYDRM_MI0283QT = no;
+            TINYDRM_REPAPER = no;
+            TINYDRM_ST7586 = no;
+            TINYDRM_ST7735R = no;
+            DRM_PL111 = no;
+            DRM_TVE200 = no;
+            DRM_LIMA = no;
+            DRM_PANFROST = no;
+            DRM_MCDE = no;
+            DRM_TIDSS = no;
+            DRM_GUD = no;
+            DRM_EXPORT_FOR_TESTS = no;
+            DRM_PANEL_ORIENTATION_QUIRKS = no;
+            DRM_LIB_RANDOM = no;
+
+            INFINIBAND = no;
+            INPUT_TOUCHSCREEN = no;
+            MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
+            MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
+            MEDIA_TUNER = no;
+            MPLS = no;
+            MPTCP = lib.mkForce no;
+            NFC = no;
+            NF_TABLES_BRIDGE = lib.mkForce no;
+            NVME = no;
+            OPENVSWITCH = no;
+            PARAVIRT = lib.mkForce no;
+            POWER_SUPPLY = no;
+            USB_GSPCA = lib.mkForce no;
+            VIDEO_STK1160_COMMON = lib.mkForce no;
+            XEN = lib.mkForce no;
+            #NVME_CORE = no;
+          };
+          features.debug = false;
+          #ignoreConfigErrors = true;
         };
-        #ignoreConfigErrors = true;
-      };
-    });
-  })
-];
+      });
+    })
+  ];
+  boot.cleanTmpDir = true;
+  boot.tmpOnTmpfs = lib.mkForce false;
+  # TODO: is that needed?
+  hardware.enableRedistributableFirmware = true;
+  sdImage = {
+    postBuildCommands = ''
+      dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
+    '';
+    compressImage = true;
+    expandOnBoot = true;
+    firmwareSize = 1;
+    populateFirmwareCommands = "";
+    populateRootCommands = ''
+      mkdir -p ./files/boot
+      ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
+    '';
+  };
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+  # nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
+  boot.initrd.availableKernelModules = lib.mkForce [
+    "mmc_block"
+    "usbhid"
+    "hid_generic"
+    "hid_microsoft"
+  ];
 }