From 0b9e33d4e4f3c549e8a8993fd88c6aec447aa5a3 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>
Date: Wed, 20 Oct 2021 02:41:34 +0200
Subject: [PATCH] nixos: remove fontconfig
---
hosts/carotte.nix | 19 +
hosts/carotte/hardware.nix | 8 +
hosts/carotte/networking.nix | 12 +
hosts/carotte/security.nix | 17 +
hosts/carotte/system.nix | 17 +
hosts/carotte/users.nix | 61 +++
hosts/carotte/xserver.nix | 50 +++
nixos/defaults.nix | 17 +-
nixos/defaults/security.nix | 4 +-
nixos/profiles/hardware/cubieboard2.nix | 431 ++++++++++++++++++++
nixos/profiles/systems/crossCompilation.nix | 53 +++
nixpkgs/patches.nix | 30 ++
12 files changed, 708 insertions(+), 11 deletions(-)
create mode 100644 hosts/carotte.nix
create mode 100644 hosts/carotte/hardware.nix
create mode 100644 hosts/carotte/networking.nix
create mode 100644 hosts/carotte/security.nix
create mode 100644 hosts/carotte/system.nix
create mode 100644 hosts/carotte/users.nix
create mode 100644 hosts/carotte/xserver.nix
create mode 100644 nixos/profiles/hardware/cubieboard2.nix
create mode 100644 nixos/profiles/systems/crossCompilation.nix
diff --git a/hosts/carotte.nix b/hosts/carotte.nix
new file mode 100644
index 0000000..6d6bb2f
--- /dev/null
+++ b/hosts/carotte.nix
@@ -0,0 +1,19 @@
+# NixOS configuration of carotte.sourcephile.fr
+{ inputs, hostName, ... }:
+{
+system = "x86_64-linux";
+extraArgs = {
+ CPUs = 2;
+};
+modules = [
+ ../nixos/defaults.nix
+ #carotte/fileSystems.nix
+ carotte/hardware.nix
+ carotte/networking.nix
+ carotte/security.nix
+ carotte/system.nix
+ carotte/users.nix
+ (inputs.secrets + "/hosts/${hostName}/users.nix")
+ carotte/xserver.nix
+];
+}
diff --git a/hosts/carotte/hardware.nix b/hosts/carotte/hardware.nix
new file mode 100644
index 0000000..54acb06
--- /dev/null
+++ b/hosts/carotte/hardware.nix
@@ -0,0 +1,8 @@
+{ pkgs, lib, config, hostName, ... }:
+{
+imports = [
+ ../../nixos/profiles/hardware/cubieboard2.nix
+ ../../nixos/profiles/systems/zramSwap.nix
+ ../../nixos/profiles/systems/crossCompilation.nix
+];
+}
diff --git a/hosts/carotte/networking.nix b/hosts/carotte/networking.nix
new file mode 100644
index 0000000..ac1fa0f
--- /dev/null
+++ b/hosts/carotte/networking.nix
@@ -0,0 +1,12 @@
+{ pkgs, lib, config, hostName, ... }:
+{
+networking = {
+ hostName = hostName;
+ domain = "sourcephile.fr";
+ firewall.enable = true;
+ firewall.allowedTCPPorts = [ 22 ];
+ #wireless.enable = true;
+ useDHCP = true;
+ #networkmanager.enable = true;
+};
+}
diff --git a/hosts/carotte/security.nix b/hosts/carotte/security.nix
new file mode 100644
index 0000000..1674b5e
--- /dev/null
+++ b/hosts/carotte/security.nix
@@ -0,0 +1,17 @@
+{ inputs, pkgs, lib, config, ... }:
+{
+security.lockKernelModules = false;
+security.virtualisation.flushL1DataCache = lib.mkForce null;
+/*
+security.gnupg.agent = {
+ keyring."9AA84E6F6D71F9163C46BF396B141A0806219077" = {};
+};
+services.openssh.extraConfig = ''
+ # This is for removing remote gpg-agent's socket
+ StreamLocalBindUnlink yes
+'';
+environment.systemPackages = [
+ pkgs.tshark
+];
+*/
+}
diff --git a/hosts/carotte/system.nix b/hosts/carotte/system.nix
new file mode 100644
index 0000000..34e5bd7
--- /dev/null
+++ b/hosts/carotte/system.nix
@@ -0,0 +1,17 @@
+{ pkgs, lib, config, ... }:
+{
+system.stateVersion = "21.05";
+
+#boot.initrd.kernelModules = [ "vc4" "bcm2835_dma" "i2c_bcm2835" ];
+
+nix.nixPath = lib.mkForce [];
+nix.gc.automatic = true;
+nix.package = lib.mkForce pkgs.nixUnstable;
+
+boot.enableContainers = false;
+documentation.enable = false;
+documentation.doc.enable = false;
+documentation.info.enable = false;
+documentation.nixos.enable = false;
+programs.command-not-found.enable = false;
+}
diff --git a/hosts/carotte/users.nix b/hosts/carotte/users.nix
new file mode 100644
index 0000000..9446bd6
--- /dev/null
+++ b/hosts/carotte/users.nix
@@ -0,0 +1,61 @@
+{ inputs, pkgs, lib, config, ... }:
+let
+ inherit (config.security) gnupg;
+ inherit (config.users) users;
+in
+{
+imports = [
+ ../../members/julm.nix
+];
+
+nix.trustedUsers = [
+ users."julm".name
+];
+
+users = {
+ mutableUsers = false;
+ users = {
+ root = {
+ openssh.authorizedKeys.keys =
+ users."julm".openssh.authorizedKeys.keys;
+ hashedPassword = "!";
+ };
+ /*
+ gnupg = {
+ openssh.authorizedKeys.keys =
+ users."root".openssh.authorizedKeys.keys;
+ };
+ */
+ };
+ groups = {
+ /*
+ adbusers.members = [ users."julm".name ];
+ dialout.members = [ users."julm".name ];
+ gpg-agent.members = [ users."julm".name ];
+ tor.members = [ users."julm".name ];
+ */
+ wheel.members = [ users."julm".name ];
+ };
+};
+
+#security.gnupg.secrets."/root/.ssh/id_ed25519" = {
+# gpg = "${gnupg.store}/ssh/root.ssh-ed25519.gpg";
+#};
+
+/*
+networking.nftables.ruleset = lib.concatMapStringsSep "\n"
+ (rule: "add rule inet filter fw2net meta skuid ${users.julm.name} " + rule) [
+ ''tcp dport {25,465} counter accept comment "SMTP"''
+ ''tcp dport 43 counter accept comment "Whois"''
+ ''tcp dport 993 counter accept comment "IMAPS"''
+ ''tcp dport 6697 counter accept comment "IRCS"''
+ ''tcp dport 2222 counter accept comment "SSH(boot)"''
+ ''tcp dport 5222 counter accept comment "XMPP"''
+ ''tcp dport 11371 counter accept comment "HKP"''
+ ''tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"''
+ ''udp dport 33434-33523 counter accept comment "traceroute"''
+ ''udp dport 60000-61000 counter accept comment "Mosh"''
+ #''ip protocol tcp counter accept comment "all"''
+];
+*/
+}
diff --git a/hosts/carotte/xserver.nix b/hosts/carotte/xserver.nix
new file mode 100644
index 0000000..867fefe
--- /dev/null
+++ b/hosts/carotte/xserver.nix
@@ -0,0 +1,50 @@
+{ pkgs, lib, config, hostName, ... }:
+let inherit (config.users) users; in
+{
+services.xserver = {
+ enable = true;
+ layout = "fr,us(altgr-intl)";
+ xkbOptions = "eurosign:e, compose:menu, grp:alt_space_toggle";
+ libinput.enable = true;
+ exportConfiguration = true; # link /usr/share/X11/ properly
+ desktopManager = {
+ session = [
+ # Let the session be generated by home-manager
+ { name = "home-manager";
+ start = ''
+ ${pkgs.runtimeShell} $HOME/.hm-xsession &
+ waitPID=$!
+ '';
+ bgSupport = true;
+ }
+ ];
+ };
+ displayManager = {
+ defaultSession = "home-manager";
+ #defaultSession = "none+xmonad";
+ startx.enable = true;
+ #lightdm.enable = true;
+ #lightdm.greeter.enable = false;
+ #lightdm.greeters.tiny.enable = true;
+ autoLogin = {
+ enable = true;
+ user = users.julm.name;
+ };
+ };
+};
+environment.systemPackages = [
+ pkgs.arandr
+];
+console.useXkbConfig = true;
+sound.enable = true;
+hardware.pulseaudio.enable = true;
+/*
+services.x2goserver = {
+ enable = true;
+};
+environment.sessionVariables = {
+ PATH = [ "/usr/local/bin" ];
+};
+services.xserver.displayManager.xserverArgs = [ "+iglx" ];
+*/
+}
diff --git a/nixos/defaults.nix b/nixos/defaults.nix
index 5a8f54b..c4272f1 100644
--- a/nixos/defaults.nix
+++ b/nixos/defaults.nix
@@ -88,8 +88,8 @@ services = {
environment.systemPackages = with pkgs; [
binutils
bmon
+ config.boot.kernelPackages.cpupower
conntrack-tools
- #dnsutils
dstat
gnupg
htop
@@ -97,20 +97,16 @@ environment.systemPackages = with pkgs; [
inetutils
iotop
ldns
- linuxPackages.cpupower
lsof
- mailutils
+ #mailutils # builds guile
multitail
ncdu
nethogs
nload
nmon
- #ntop
pv
rdfind
smem
- #stress
- stress-ng
swaplist
tcpdump
tmux
@@ -118,6 +114,9 @@ environment.systemPackages = with pkgs; [
usbutils
vim
which
+ #dnsutils
+ #ntop
+ #stress
];
environment.variables.SYSTEMD_LESS = "FKMRX";
environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
@@ -168,8 +167,8 @@ programs = {
};
};
gnupg.agent.pinentryFlavor = "curses";
- mosh.enable = true;
- mtr.enable = true;
- traceroute.enable = true;
+ mosh.enable = lib.mkDefault true;
+ mtr.enable = lib.mkDefault true;
+ traceroute.enable = lib.mkDefault true;
};
}
diff --git a/nixos/defaults/security.nix b/nixos/defaults/security.nix
index 83234bc..fc7ce29 100644
--- a/nixos/defaults/security.nix
+++ b/nixos/defaults/security.nix
@@ -1,11 +1,11 @@
{ inputs, pkgs, lib, config, ... }:
{
-boot.kernelPackages = pkgs.linuxPackages_hardened;
+boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
#environment.memoryAllocator.provider = "libc";
nix.allowedUsers = [ "@users" ];
networking.firewall.pingLimit = "--limit 60/minute --limit-burst 5";
security.allowSimultaneousMultithreading = false;
-security.apparmor.enable = true;
+security.apparmor.enable = lib.mkDefault true;
security.forcePageTableIsolation = true;
security.lockKernelModules = lib.mkDefault true;
security.protectKernelImage = true;
diff --git a/nixos/profiles/hardware/cubieboard2.nix b/nixos/profiles/hardware/cubieboard2.nix
new file mode 100644
index 0000000..25f469d
--- /dev/null
+++ b/nixos/profiles/hardware/cubieboard2.nix
@@ -0,0 +1,431 @@
+{ pkgs, lib, config, modulesPath, ... }:
+{
+imports = [
+ "${modulesPath}/installer/sd-card/sd-image-armv7l-multiplatform.nix"
+];
+#nixpkgs.config.allowUnfree = true;
+nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform;
+nixpkgs.overlays = [
+ (final: super: {
+ # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build
+ mesa = super.mesa.override {
+ driDrivers = [];
+ eglPlatforms = ["x11"];
+ enableGalliumNine = false;
+ galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"];
+ vulkanDrivers = [];
+ };
+ })
+];
+boot.cleanTmpDir = true;
+boot.tmpOnTmpfs = lib.mkForce false;
+# TODO: is that needed?
+hardware.enableRedistributableFirmware = true;
+sdImage = {
+ postBuildCommands = ''
+ dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
+ '';
+ compressImage = true;
+ expandOnBoot = true;
+ firmwareSize = 1;
+ populateFirmwareCommands = lib.mkForce "";
+};
+boot.initrd.availableKernelModules = lib.mkForce [
+ "mmc_block"
+ "usbhid"
+ "hid_generic"
+ "hid_microsoft"
+];
+# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile
+boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2;
+nixpkgs.overlays = [
+ (final: super: {
+ linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: {
+ kernel = ksuper.kernel.override {
+ defconfig = "sunxi_defconfig";
+ structuredExtraConfig = with lib.kernel; {
+ #
+ # File systems
+ #
+ PSTORE = yes;
+ VFAT_FS = yes;
+ EXT4_FS = yes;
+ EXT4_USE_FOR_EXT2 = yes;
+
+ #
+ # Networking options
+ #
+ TCP_CONG_BBR = module;
+ IPV6 = yes;
+ IPV6_ROUTER_PREF = yes;
+ IPV6_ROUTE_INFO = yes;
+ IPV6_OPTIMISTIC_DAD = yes;
+ INET6_AH = module;
+ INET6_ESP = module;
+ INET6_ESP_OFFLOAD = module;
+ INET6_ESPINTCP = yes;
+ INET6_IPCOMP = module;
+ IPV6_MIP6 = module;
+ IPV6_ILA = module;
+ INET6_XFRM_TUNNEL = module;
+ INET6_TUNNEL = module;
+ IPV6_VTI = module;
+ IPV6_SIT = module;
+ IPV6_SIT_6RD = yes;
+ IPV6_NDISC_NODETYPE = yes;
+ IPV6_TUNNEL = module;
+ IPV6_MULTIPLE_TABLES = yes;
+ IPV6_SUBTREES = yes;
+ IPV6_MROUTE = yes;
+ IPV6_MROUTE_MULTIPLE_TABLES = yes;
+ IPV6_PIMSM_V2 = yes;
+ IPV6_SEG6_LWTUNNEL = yes;
+ IPV6_SEG6_HMAC = yes;
+ IPV6_RPL_LWTUNNEL = yes;
+ # CONFIG_MPTCP is not set
+ # CONFIG_NETWORK_SECMARK is not set
+ NET_PTP_CLASSIFY = yes;
+ # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+ NETFILTER = yes;
+ NETFILTER_ADVANCED = yes;
+
+ #
+ # Core Netfilter Configuration
+ #
+ NETFILTER_INGRESS = yes;
+ NETFILTER_NETLINK = module;
+ NETFILTER_FAMILY_ARP = yes;
+ NETFILTER_NETLINK_HOOK = module;
+ NETFILTER_NETLINK_ACCT = module;
+ NETFILTER_NETLINK_QUEUE = module;
+ NETFILTER_NETLINK_LOG = module;
+ NETFILTER_NETLINK_OSF = module;
+ NF_CONNTRACK = module;
+ NF_LOG_SYSLOG = module;
+ NETFILTER_CONNCOUNT = module;
+ NF_CONNTRACK_MARK = yes;
+ NF_CONNTRACK_ZONES = yes;
+ NF_CONNTRACK_PROCFS = yes;
+ NF_CONNTRACK_EVENTS = yes;
+ NF_CONNTRACK_TIMEOUT = yes;
+ NF_CONNTRACK_TIMESTAMP = yes;
+ NF_CONNTRACK_LABELS = yes;
+ NF_CT_PROTO_DCCP = yes;
+ NF_CT_PROTO_SCTP = yes;
+ NF_CT_PROTO_UDPLITE = yes;
+ # CONFIG_NF_CONNTRACK_AMANDA is not set
+ # CONFIG_NF_CONNTRACK_FTP is not set
+ # CONFIG_NF_CONNTRACK_H323 is not set
+ # CONFIG_NF_CONNTRACK_IRC is not set
+ # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+ # CONFIG_NF_CONNTRACK_SNMP is not set
+ # CONFIG_NF_CONNTRACK_PPTP is not set
+ # CONFIG_NF_CONNTRACK_SANE is not set
+ # CONFIG_NF_CONNTRACK_SIP is not set
+ # CONFIG_NF_CONNTRACK_TFTP is not set
+ NF_CT_NETLINK = module;
+ NF_CT_NETLINK_TIMEOUT = module;
+ NF_CT_NETLINK_HELPER = module;
+ NETFILTER_NETLINK_GLUE_CT = yes;
+ NF_NAT = module;
+ NF_NAT_REDIRECT = yes;
+ NF_NAT_MASQUERADE = yes;
+ NETFILTER_SYNPROXY = module;
+ NF_TABLES = module;
+ NF_TABLES_INET = yes;
+ NF_TABLES_NETDEV = yes;
+ NFT_NUMGEN = module;
+ NFT_CT = module;
+ NFT_COUNTER = module;
+ NFT_CONNLIMIT = module;
+ NFT_LOG = module;
+ NFT_LIMIT = module;
+ NFT_MASQ = module;
+ NFT_REDIR = module;
+ NFT_NAT = module;
+ NFT_TUNNEL = module;
+ NFT_OBJREF = module;
+ NFT_QUEUE = module;
+ NFT_QUOTA = module;
+ NFT_REJECT = module;
+ NFT_REJECT_INET = module;
+ NFT_COMPAT = module;
+ NFT_HASH = module;
+ NFT_FIB = module;
+ NFT_FIB_INET = module;
+ NFT_XFRM = module;
+ NFT_SOCKET = module;
+ NFT_OSF = module;
+ NFT_TPROXY = module;
+ NFT_SYNPROXY = module;
+ NF_DUP_NETDEV = module;
+ NFT_DUP_NETDEV = module;
+ NFT_FWD_NETDEV = module;
+ NFT_FIB_NETDEV = module;
+ NFT_REJECT_NETDEV = module;
+ # CONFIG_NF_FLOW_TABLE is not set
+ NETFILTER_XTABLES = module;
+
+ #
+ # Xtables combined modules
+ #
+ NETFILTER_XT_MARK = module;
+ NETFILTER_XT_CONNMARK = module;
+ NETFILTER_XT_SET = module;
+
+ #
+ # Xtables targets
+ #
+ NETFILTER_XT_TARGET_CHECKSUM = module;
+ NETFILTER_XT_TARGET_CLASSIFY = module;
+ NETFILTER_XT_TARGET_CONNMARK = module;
+ NETFILTER_XT_TARGET_CT = module;
+ NETFILTER_XT_TARGET_DSCP = module;
+ NETFILTER_XT_TARGET_HL = module;
+ NETFILTER_XT_TARGET_HMARK = module;
+ NETFILTER_XT_TARGET_IDLETIMER = module;
+ NETFILTER_XT_TARGET_LED = module;
+ NETFILTER_XT_TARGET_LOG = module;
+ NETFILTER_XT_TARGET_MARK = module;
+ NETFILTER_XT_NAT = module;
+ NETFILTER_XT_TARGET_NETMAP = module;
+ NETFILTER_XT_TARGET_NFLOG = module;
+ NETFILTER_XT_TARGET_NFQUEUE = module;
+ NETFILTER_XT_TARGET_NOTRACK = module;
+ NETFILTER_XT_TARGET_RATEEST = module;
+ NETFILTER_XT_TARGET_REDIRECT = module;
+ NETFILTER_XT_TARGET_MASQUERADE = module;
+ NETFILTER_XT_TARGET_TEE = module;
+ NETFILTER_XT_TARGET_TPROXY = module;
+ NETFILTER_XT_TARGET_TRACE = module;
+ NETFILTER_XT_TARGET_TCPMSS = module;
+ NETFILTER_XT_TARGET_TCPOPTSTRIP = module;
+
+ #
+ # Xtables matches
+ #
+ NETFILTER_XT_MATCH_ADDRTYPE = module;
+ NETFILTER_XT_MATCH_BPF = module;
+ NETFILTER_XT_MATCH_CGROUP = module;
+ NETFILTER_XT_MATCH_CLUSTER = module;
+ NETFILTER_XT_MATCH_COMMENT = module;
+ NETFILTER_XT_MATCH_CONNBYTES = module;
+ NETFILTER_XT_MATCH_CONNLABEL = module;
+ NETFILTER_XT_MATCH_CONNLIMIT = module;
+ NETFILTER_XT_MATCH_CONNMARK = module;
+ NETFILTER_XT_MATCH_CONNTRACK = module;
+ NETFILTER_XT_MATCH_CPU = module;
+ NETFILTER_XT_MATCH_DCCP = module;
+ NETFILTER_XT_MATCH_DEVGROUP = module;
+ NETFILTER_XT_MATCH_DSCP = module;
+ NETFILTER_XT_MATCH_ECN = module;
+ NETFILTER_XT_MATCH_ESP = module;
+ NETFILTER_XT_MATCH_HASHLIMIT = module;
+ NETFILTER_XT_MATCH_HELPER = module;
+ NETFILTER_XT_MATCH_HL = module;
+ NETFILTER_XT_MATCH_IPCOMP = module;
+ NETFILTER_XT_MATCH_IPRANGE = module;
+ NETFILTER_XT_MATCH_L2TP = module;
+ NETFILTER_XT_MATCH_LENGTH = module;
+ NETFILTER_XT_MATCH_LIMIT = module;
+ NETFILTER_XT_MATCH_MAC = module;
+ NETFILTER_XT_MATCH_MARK = module;
+ NETFILTER_XT_MATCH_MULTIPORT = module;
+ NETFILTER_XT_MATCH_NFACCT = module;
+ NETFILTER_XT_MATCH_OSF = module;
+ NETFILTER_XT_MATCH_OWNER = module;
+ # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
+ NETFILTER_XT_MATCH_PKTTYPE = module;
+ NETFILTER_XT_MATCH_QUOTA = module;
+ NETFILTER_XT_MATCH_RATEEST = module;
+ NETFILTER_XT_MATCH_REALM = module;
+ NETFILTER_XT_MATCH_RECENT = module;
+ NETFILTER_XT_MATCH_SCTP = module;
+ NETFILTER_XT_MATCH_SOCKET = module;
+ NETFILTER_XT_MATCH_STATE = module;
+ NETFILTER_XT_MATCH_STATISTIC = module;
+ NETFILTER_XT_MATCH_STRING = module;
+ NETFILTER_XT_MATCH_TCPMSS = module;
+ NETFILTER_XT_MATCH_TIME = module;
+ NETFILTER_XT_MATCH_U32 = module;
+ # end of Core Netfilter Configuration
+
+ IP_SET = module;
+ IP_SET_MAX.freeform = "256";
+ IP_SET_BITMAP_IP = module;
+ IP_SET_BITMAP_IPMAC = module;
+ IP_SET_BITMAP_PORT = module;
+ IP_SET_HASH_IP = module;
+ IP_SET_HASH_IPMARK = module;
+ IP_SET_HASH_IPPORT = module;
+ IP_SET_HASH_IPPORTIP = module;
+ IP_SET_HASH_IPPORTNET = module;
+ IP_SET_HASH_IPMAC = module;
+ IP_SET_HASH_MAC = module;
+ IP_SET_HASH_NETPORTNET = module;
+ IP_SET_HASH_NET = module;
+ IP_SET_HASH_NETNET = module;
+ IP_SET_HASH_NETPORT = module;
+ IP_SET_HASH_NETIFACE = module;
+ IP_SET_LIST_SET = module;
+ # CONFIG_IP_VS is not set
+
+ #
+ # IP: Netfilter Configuration
+ #
+ NF_DEFRAG_IPV4 = module;
+ NF_SOCKET_IPV4 = module;
+ NF_TPROXY_IPV4 = module;
+ NF_TABLES_IPV4 = yes;
+ NFT_REJECT_IPV4 = module;
+ NFT_DUP_IPV4 = module;
+ NFT_FIB_IPV4 = module;
+ # CONFIG_NF_TABLES_ARP is not set
+ NF_DUP_IPV4 = module;
+ # CONFIG_NF_LOG_ARP is not set
+ # CONFIG_NF_LOG_IPV4 is not set
+ NF_REJECT_IPV4 = module;
+ IP_NF_IPTABLES = module;
+ IP_NF_MATCH_AH = module;
+ IP_NF_MATCH_ECN = module;
+ IP_NF_MATCH_RPFILTER = module;
+ IP_NF_MATCH_TTL = module;
+ IP_NF_FILTER = module;
+ IP_NF_TARGET_REJECT = module;
+ IP_NF_TARGET_SYNPROXY = module;
+ IP_NF_NAT = module;
+ IP_NF_TARGET_MASQUERADE = module;
+ IP_NF_TARGET_NETMAP = module;
+ IP_NF_TARGET_REDIRECT = module;
+ IP_NF_MANGLE = module;
+ IP_NF_TARGET_CLUSTERIP = module;
+ IP_NF_TARGET_ECN = module;
+ IP_NF_TARGET_TTL = module;
+ # CONFIG_IP_NF_RAW is not set
+ # CONFIG_IP_NF_ARPTABLES is not set
+ # end of IP: Netfilter Configuration
+
+ #
+ # IPv6: Netfilter Configuration
+ #
+ NF_SOCKET_IPV6 = module;
+ NF_TPROXY_IPV6 = module;
+ NF_TABLES_IPV6 = yes;
+ NFT_REJECT_IPV6 = module;
+ NFT_DUP_IPV6 = module;
+ NFT_FIB_IPV6 = module;
+ NF_DUP_IPV6 = module;
+ NF_REJECT_IPV6 = module;
+ NF_LOG_IPV6 = module;
+ IP6_NF_IPTABLES = module;
+ IP6_NF_MATCH_AH = module;
+ IP6_NF_MATCH_EUI64 = module;
+ IP6_NF_MATCH_FRAG = module;
+ IP6_NF_MATCH_OPTS = module;
+ IP6_NF_MATCH_HL = module;
+ IP6_NF_MATCH_IPV6HEADER = module;
+ IP6_NF_MATCH_MH = module;
+ IP6_NF_MATCH_RPFILTER = module;
+ IP6_NF_MATCH_RT = module;
+ IP6_NF_MATCH_SRH = module;
+ IP6_NF_TARGET_HL = module;
+ IP6_NF_FILTER = module;
+ IP6_NF_TARGET_REJECT = module;
+ IP6_NF_TARGET_SYNPROXY = module;
+ IP6_NF_MANGLE = module;
+ IP6_NF_RAW = module;
+ IP6_NF_NAT = module;
+ IP6_NF_TARGET_MASQUERADE = module;
+ IP6_NF_TARGET_NPT = module;
+ # end of IPv6: Netfilter Configuration
+
+ NF_DEFRAG_IPV6 = module;
+
+ #
+ # Disabling
+ #
+ ADFS_FS = no;
+ AFFS_FS = no;
+ BEFS_FS = no;
+ BFS_FS = no;
+ BTRFS = no;
+ BTRFS_FS = no;
+ CEPH_FS = no;
+ CIFS = no;
+ CRAMFS = no;
+ ECRYPT_FS = no;
+ EFS_FS = no;
+ EROFS_FS = no;
+ EXT2_FS = no;
+ EXT3_FS = no;
+ F2FS_FS = lib.mkForce no;
+ GFS2_FS = no;
+ HFSPLUS_FS = no;
+ HFS_FS = no;
+ HPFS_FS = no;
+ JFS_FS = no;
+ MINIX_FS = no;
+ NET_9P = no;
+ NFSD = no;
+ NFS_FS = no;
+ NILFS2_FS = no;
+ OMFS_FS = no;
+ ORANGEFS_FS = no;
+ QNX4FS_FS = no;
+ QNX6FS_FS = no;
+ REISERFS_FS = no;
+ ROMFS_FS = no;
+ SQUASHFS = no;
+ SYSV_FS = no;
+ UFS_FS = no;
+ VXFS_FS = no;
+ XFS_FS = no;
+
+ MISC_FILESYSTEMS = no;
+
+ DECNET = no;
+ SCTP = no;
+ RDS = no;
+ DCCP = no;
+ TIPC = no;
+ CAIF = no;
+ CEPH = no;
+ VMW_SOCK = no;
+ HSR = no;
+ QRTR = no;
+ MPI = no;
+ RAID6 = no;
+ STAGING = lib.mkForce no;
+
+ "6LOWPAN" = no;
+ ARCNET = no;
+ B53 = no;
+ BATMAN_ADV = no;
+ BT = no;
+ CAN = no;
+ COMEDI = no;
+ DRM_STM = lib.mkForce no;
+ INFINIBAND = no;
+ INPUT_TOUCHSCREEN = no;
+ MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
+ MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
+ MEDIA_TUNER = no;
+ MPLS = no;
+ MPTCP = lib.mkForce no;
+ NFC = no;
+ NF_TABLES_BRIDGE = lib.mkForce no;
+ NVME = no;
+ OPENVSWITCH = no;
+ PARAVIRT = lib.mkForce no;
+ POWER_SUPPLY = no;
+ USB_GSPCA = lib.mkForce no;
+ VIDEO_STK1160_COMMON = lib.mkForce no;
+ XEN = lib.mkForce no;
+ #NVME_CORE = no;
+ };
+ #ignoreConfigErrors = true;
+ };
+ });
+ })
+];
+}
diff --git a/nixos/profiles/systems/crossCompilation.nix b/nixos/profiles/systems/crossCompilation.nix
new file mode 100644
index 0000000..4ea06f8
--- /dev/null
+++ b/nixos/profiles/systems/crossCompilation.nix
@@ -0,0 +1,53 @@
+{ pkgs, lib, config, ... }:
+{
+nixpkgs.overlays = [
+ (final: super: {
+ # TODO: remove after liburing-2.1
+ liburing = super.liburing.overrideAttrs (old: {
+ src = super.fetchgit {
+ url = "http://git.kernel.dk/${old.pname}";
+ rev = "cb350a8989adbd65db574325d9a86d5437d800da";
+ sha256 = "sha256-ZMev2RjiswuR9seVwHbnVUtnpaPW/XJbelBgvIuYiGg=";
+ };
+ });
+ gnupg = super.gnupg.override {
+ # Wants polkit which wants spidermonkey (slow to compile)
+ pcsclite = null;
+ };
+ systemd = super.systemd.override {
+ # Wants tpm2-tss which does not cross-compile
+ withTpm2Tss = false;
+ # Does not cross-compile :(
+ withEfi = false;
+ };
+ # https://logs.nix.samueldr.com/nixos/2019-07-23#2416964;
+ xorg = super.xorg.overrideScope' (ofinal: osuper: {
+ fontadobe100dpi = final.hello;
+ fontadobe75dpi = final.hello;
+ fontcursormisc = final.hello;
+ fontmiscmisc = final.hello;
+ });
+ # Perl's ModuleBuild does not cross-compile
+ # https://github.com/NixOS/nixpkgs/issues/66741#issuecomment-944831760
+ xdg-utils = final.hello;
+ procmail = final.hello;
+ noto-fonts-emoji = final.hello;
+ x11_ssh_askpass = final.hello;
+ dconf = super.dconf.overrideAttrs (old: {
+ doCheck = false;
+ });
+ # Need gobject-instrospection which does not cross-compile
+ arandr = final.hello;
+ # Depends on judy which does not cross-compile
+ stress-ng = final.hello;
+ })
+];
+#environment.noXlibs = true;
+fonts.fontconfig.enable = false;
+# lesspipe does not cross-compile
+programs.less.enable = lib.mkForce false;
+programs.mosh.enable = false;
+programs.traceroute.enable = false;
+security.apparmor.enable = false;
+services.udisks2.enable = false;
+}
diff --git a/nixpkgs/patches.nix b/nixpkgs/patches.nix
index 6fde2df..9d4613d 100644
--- a/nixpkgs/patches.nix
+++ b/nixpkgs/patches.nix
@@ -31,4 +31,34 @@
url = "https://github.com/NixOS/nixpkgs/pull/128014.diff";
sha256 = "sha256-1iJ46NXslDxsP/uO0cSaCzO3A5VF338M6d027G7sK3o=";
}
+{
+ meta.description = "xorg.xinit: fix cross-compiling";
+ url = "https://github.com/NixOS/nixpkgs/pull/141903.diff";
+ sha256 = "sha256-1Bv7UwoYkWSNQ6MlSnm9ZmUV4wZQwEL6zM3JDoAauoo=";
+}
+{
+ meta.description = "nmon: fix cross-compiling";
+ url = "https://github.com/NixOS/nixpkgs/pull/142242.diff";
+ sha256 = "sha256-5Rsuhzup2a4v7OrQRGOeyO2LMQfBCWS7ei5ZD57p0Wk=";
+}
+{
+ meta.description = "nethogs: fix cross-compiling";
+ url = "https://github.com/NixOS/nixpkgs/pull/142268.diff";
+ sha256 = "sha256-jJ+wpGoFhvoGI7eyVz+7jZbnjqC6WYeL2M/0RSdG1s4=";
+}
+{
+ meta.description = "nixos/console: fix cross-compiling";
+ url = "https://github.com/NixOS/nixpkgs/pull/142272.diff";
+ sha256 = "sha256-Hwld3JxZ+D1Pz1xcwfBy0zR8WoQluUKsbG0kdiDNDK4=";
+}
+{
+ meta.description = "nixos/display-managers: fix cross-compiling";
+ url = "https://github.com/NixOS/nixpkgs/pull/142273.diff";
+ sha256 = "sha256-M8PyGa7cweRkUFauVf4t5Jf2IHynesV5MnDXXzjCvKY=";
+}
+{
+ meta.description = "uboot: add Cubieboard2 target";
+ url = "https://github.com/NixOS/nixpkgs/pull/142274.diff";
+ sha256 = "sha256-vB9aComj3ldlkPTX84xKdUrhY64l7ZRnJJAIxdqNrRs=";
+}
]
--
2.47.2