2015-10-23 01:26:53 +02:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
2024-11-15 10:17:56 +01:00
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
let
|
2023-02-07 18:24:28 +01:00
|
|
|
|
passwords = import ../common/passwords.crypt.nix;
|
2024-11-15 10:17:56 +01:00
|
|
|
|
in
|
|
|
|
|
|
{
|
2015-10-23 01:26:53 +02:00
|
|
|
|
# The NixOS release to be compatible with for stateful data such as databases.
|
|
|
|
|
|
system.stateVersion = "16.03";
|
2022-10-31 11:04:38 +01:00
|
|
|
|
nix.maxJobs = 4;
|
|
|
|
|
|
nix.buildCores = 4;
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2022-10-31 11:04:38 +01:00
|
|
|
|
nix.extraOptions = ''
|
2015-10-23 01:26:53 +02:00
|
|
|
|
gc-keep-outputs = true
|
|
|
|
|
|
gc-keep-derivations = true
|
2022-10-31 11:04:38 +01:00
|
|
|
|
'';
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2022-10-31 11:04:38 +01:00
|
|
|
|
nixpkgs.config = {
|
2024-11-15 10:17:56 +01:00
|
|
|
|
packageOverrides = super: {
|
2023-02-07 18:24:28 +01:00
|
|
|
|
linux_4_1 = super.linux_4_1.override {
|
2024-11-15 10:17:56 +01:00
|
|
|
|
kernelPatches = super.linux_4_1.kernelPatches ++ [
|
|
|
|
|
|
{
|
|
|
|
|
|
patch = ./patches/utilitepro-kernel-dts.patch;
|
|
|
|
|
|
name = "utilitepro-dts";
|
|
|
|
|
|
}
|
|
|
|
|
|
{
|
|
|
|
|
|
patch = ./patches/utilitepro-kernel-dts-Makefile.patch;
|
|
|
|
|
|
name = "utilitepro-dts-Makefile";
|
|
|
|
|
|
}
|
|
|
|
|
|
];
|
2023-02-07 18:24:28 +01:00
|
|
|
|
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
|
BTRFS_FS y
|
|
|
|
|
|
BTRFS_FS_POSIX_ACL y
|
|
|
|
|
|
FUSE_FS y
|
|
|
|
|
|
OVERLAY_FS y
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
BLK_DEV_DM y
|
|
|
|
|
|
DM_THIN_PROVISIONING y
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
NAMESPACES y
|
|
|
|
|
|
NET_NS y
|
|
|
|
|
|
PID_NS y
|
|
|
|
|
|
IPC_NS y
|
|
|
|
|
|
UTS_NS y
|
|
|
|
|
|
DEVPTS_MULTIPLE_INSTANCES y
|
|
|
|
|
|
CGROUPS y
|
|
|
|
|
|
CGROUP_CPUACCT y
|
|
|
|
|
|
CGROUP_DEVICE y
|
|
|
|
|
|
CGROUP_FREEZER y
|
|
|
|
|
|
CGROUP_SCHED y
|
|
|
|
|
|
CPUSETS y
|
|
|
|
|
|
MEMCG y
|
|
|
|
|
|
POSIX_MQUEUE y
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
MACVLAN m
|
|
|
|
|
|
VETH m
|
|
|
|
|
|
BRIDGE m
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
NF_TABLES m
|
|
|
|
|
|
NETFILTER y
|
|
|
|
|
|
NETFILTER_ADVANCED y
|
|
|
|
|
|
NF_NAT_IPV4 m
|
|
|
|
|
|
IP_NF_FILTER m
|
|
|
|
|
|
IP_NF_TARGET_MASQUERADE m
|
|
|
|
|
|
NETFILTER_XT_MATCH_ADDRTYPE m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CONNTRACK m
|
|
|
|
|
|
NF_NAT m
|
|
|
|
|
|
NF_NAT_NEEDED m
|
|
|
|
|
|
BRIDGE_NETFILTER m
|
|
|
|
|
|
NETFILTER_INGRESS y
|
|
|
|
|
|
NETFILTER_NETLINK m
|
|
|
|
|
|
NETFILTER_NETLINK_ACCT m
|
|
|
|
|
|
NETFILTER_NETLINK_QUEUE m
|
|
|
|
|
|
NETFILTER_NETLINK_LOG m
|
|
|
|
|
|
NETFILTER_SYNPROXY m
|
|
|
|
|
|
NETFILTER_XTABLES m
|
|
|
|
|
|
NETFILTER_XT_MARK m
|
|
|
|
|
|
NETFILTER_XT_CONNMARK m
|
|
|
|
|
|
NETFILTER_XT_SET m
|
|
|
|
|
|
NETFILTER_XT_TARGET_AUDIT m
|
|
|
|
|
|
NETFILTER_XT_TARGET_CHECKSUM m
|
|
|
|
|
|
NETFILTER_XT_TARGET_CLASSIFY m
|
|
|
|
|
|
NETFILTER_XT_TARGET_CONNMARK m
|
|
|
|
|
|
NETFILTER_XT_TARGET_CONNSECMARK m
|
|
|
|
|
|
NETFILTER_XT_TARGET_CT m
|
|
|
|
|
|
NETFILTER_XT_TARGET_DSCP m
|
|
|
|
|
|
NETFILTER_XT_TARGET_HL m
|
|
|
|
|
|
NETFILTER_XT_TARGET_HMARK m
|
|
|
|
|
|
NETFILTER_XT_TARGET_IDLETIMER m
|
|
|
|
|
|
NETFILTER_XT_TARGET_LED m
|
|
|
|
|
|
NETFILTER_XT_TARGET_LOG m
|
|
|
|
|
|
NETFILTER_XT_TARGET_MARK m
|
|
|
|
|
|
NETFILTER_XT_NAT m
|
|
|
|
|
|
NETFILTER_XT_TARGET_NETMAP m
|
|
|
|
|
|
NETFILTER_XT_TARGET_NFLOG m
|
|
|
|
|
|
NETFILTER_XT_TARGET_NFQUEUE m
|
|
|
|
|
|
NETFILTER_XT_TARGET_NOTRACK m
|
|
|
|
|
|
NETFILTER_XT_TARGET_RATEEST m
|
|
|
|
|
|
NETFILTER_XT_TARGET_REDIRECT m
|
|
|
|
|
|
NETFILTER_XT_TARGET_TEE m
|
|
|
|
|
|
NETFILTER_XT_TARGET_TPROXY m
|
|
|
|
|
|
NETFILTER_XT_TARGET_TRACE m
|
|
|
|
|
|
NETFILTER_XT_TARGET_SECMARK m
|
|
|
|
|
|
NETFILTER_XT_TARGET_TCPMSS m
|
|
|
|
|
|
NETFILTER_XT_TARGET_TCPOPTSTRIP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_ADDRTYPE m
|
|
|
|
|
|
NETFILTER_XT_MATCH_BPF m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CGROUP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CLUSTER m
|
|
|
|
|
|
NETFILTER_XT_MATCH_COMMENT m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CONNBYTES m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CONNLABEL m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CONNLIMIT m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CONNMARK m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CONNTRACK m
|
|
|
|
|
|
NETFILTER_XT_MATCH_CPU m
|
|
|
|
|
|
NETFILTER_XT_MATCH_DCCP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_DEVGROUP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_DSCP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_ECN m
|
|
|
|
|
|
NETFILTER_XT_MATCH_ESP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_HASHLIMIT m
|
|
|
|
|
|
NETFILTER_XT_MATCH_HELPER m
|
|
|
|
|
|
NETFILTER_XT_MATCH_HL m
|
|
|
|
|
|
NETFILTER_XT_MATCH_IPCOMP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_IPRANGE m
|
|
|
|
|
|
NETFILTER_XT_MATCH_IPVS m
|
|
|
|
|
|
NETFILTER_XT_MATCH_L2TP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_LENGTH m
|
|
|
|
|
|
NETFILTER_XT_MATCH_LIMIT m
|
|
|
|
|
|
NETFILTER_XT_MATCH_MAC m
|
|
|
|
|
|
NETFILTER_XT_MATCH_MARK m
|
|
|
|
|
|
NETFILTER_XT_MATCH_MULTIPORT m
|
|
|
|
|
|
NETFILTER_XT_MATCH_NFACCT m
|
|
|
|
|
|
NETFILTER_XT_MATCH_OSF m
|
|
|
|
|
|
NETFILTER_XT_MATCH_OWNER m
|
|
|
|
|
|
NETFILTER_XT_MATCH_POLICY m
|
|
|
|
|
|
NETFILTER_XT_MATCH_PHYSDEV m
|
|
|
|
|
|
NETFILTER_XT_MATCH_PKTTYPE m
|
|
|
|
|
|
NETFILTER_XT_MATCH_QUOTA m
|
|
|
|
|
|
NETFILTER_XT_MATCH_RATEEST m
|
|
|
|
|
|
NETFILTER_XT_MATCH_REALM m
|
|
|
|
|
|
NETFILTER_XT_MATCH_RECENT m
|
|
|
|
|
|
NETFILTER_XT_MATCH_SCTP m
|
|
|
|
|
|
NETFILTER_XT_MATCH_SOCKET m
|
|
|
|
|
|
NETFILTER_XT_MATCH_STATE m
|
|
|
|
|
|
NETFILTER_XT_MATCH_STATISTIC m
|
|
|
|
|
|
NETFILTER_XT_MATCH_STRING m
|
|
|
|
|
|
NETFILTER_XT_MATCH_TCPMSS m
|
|
|
|
|
|
NETFILTER_XT_MATCH_TIME m
|
|
|
|
|
|
NETFILTER_XT_MATCH_U32 m
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
MEMCG_KMEM y
|
|
|
|
|
|
MEMCG_SWAP y
|
|
|
|
|
|
MEMCG_SWAP_ENABLED y
|
|
|
|
|
|
BLK_CGROUP y
|
|
|
|
|
|
IOSCHED_CFQ y
|
|
|
|
|
|
BLK_DEV_THROTTLING y
|
|
|
|
|
|
CGROUP_PERF y
|
|
|
|
|
|
CGROUP_HUGETLB y
|
|
|
|
|
|
NET_CLS_CGROUP y
|
|
|
|
|
|
CGROUP_NET_PRIO y
|
|
|
|
|
|
CFS_BANDWIDTH y
|
|
|
|
|
|
FAIR_GROUP_SCHED y
|
|
|
|
|
|
RT_GROUP_SCHED y
|
|
|
|
|
|
EXT3_FS y
|
|
|
|
|
|
EXT3_FS_XATTR y
|
|
|
|
|
|
EXT3_FS_POSIX_ACL y
|
|
|
|
|
|
EXT3_FS_SECURITY y
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
PPP_FILTER y
|
|
|
|
|
|
HAVE_IMX_ANATOP y
|
|
|
|
|
|
HAVE_IMX_GPC y
|
|
|
|
|
|
HAVE_IMX_MMDC y
|
|
|
|
|
|
HAVE_IMX_SRC y
|
|
|
|
|
|
SOC_IMX6 y
|
|
|
|
|
|
SOC_IMX6Q y
|
|
|
|
|
|
SOC_IMX6SL y
|
|
|
|
|
|
PCI_IMX6 y
|
|
|
|
|
|
ARM_IMX6Q_CPUFREQ y
|
|
|
|
|
|
IMX_WEIM y
|
|
|
|
|
|
AHCI_IMX y
|
|
|
|
|
|
SERIAL_IMX y
|
|
|
|
|
|
SERIAL_IMX_CONSOLE y
|
|
|
|
|
|
I2C_IMX y
|
|
|
|
|
|
SPI_IMX y
|
|
|
|
|
|
PINCTRL_IMX y
|
|
|
|
|
|
PINCTRL_IMX6Q y
|
|
|
|
|
|
PINCTRL_IMX6SL y
|
|
|
|
|
|
POWER_RESET_IMX y
|
|
|
|
|
|
IMX_THERMAL y
|
|
|
|
|
|
IMX2_WDT y
|
|
|
|
|
|
IMX_IPUV3_CORE y
|
|
|
|
|
|
DRM_IMX y
|
|
|
|
|
|
DRM_IMX_FB_HELPER y
|
|
|
|
|
|
DRM_IMX_PARALLEL_DISPLAY y
|
|
|
|
|
|
DRM_IMX_TVE y
|
|
|
|
|
|
DRM_IMX_LDB y
|
|
|
|
|
|
DRM_IMX_IPUV3 y
|
|
|
|
|
|
DRM_IMX_HDMI y
|
|
|
|
|
|
MMC_SDHCI_ESDHC_IMX y
|
|
|
|
|
|
IMX_SDMA y
|
|
|
|
|
|
PWM_IMX y
|
|
|
|
|
|
DEBUG_IMX6Q_UART y
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
'';
|
2015-10-23 01:26:53 +02:00
|
|
|
|
};
|
2023-02-07 18:24:28 +01:00
|
|
|
|
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
|
|
|
|
|
|
};
|
2022-10-31 11:04:38 +01:00
|
|
|
|
allowUnfree = true;
|
|
|
|
|
|
};
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2023-02-07 18:24:28 +01:00
|
|
|
|
imports = [
|
|
|
|
|
|
# Include the results of the hardware scan.
|
2022-10-31 11:04:38 +01:00
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
|
];
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
|
|
|
|
|
networking.hostName = "steveej-utilitepro"; # Define your hostname.
|
2022-10-31 11:04:38 +01:00
|
|
|
|
#networking.wireless.enable = true; # Enables wireless support viawpa_supplicant.
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
2022-10-31 11:04:38 +01:00
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_4_1;
|
2015-10-23 01:26:53 +02:00
|
|
|
|
boot.extraKernelParams = [
|
|
|
|
|
|
"cm_fx6_v4l_msize=128M"
|
|
|
|
|
|
"vmalloc=256M"
|
|
|
|
|
|
"root=/dev/sda3"
|
|
|
|
|
|
"rootflags=subvol=nixos"
|
|
|
|
|
|
"console=ttymxc3,115200"
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
boot.loader.generic-extlinux-compatible.enable = true;
|
|
|
|
|
|
boot.loader.grub.enable = false;
|
|
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
|
i18n = {
|
|
|
|
|
|
consoleFont = "Lat2-Terminus16";
|
|
|
|
|
|
consoleKeyMap = "us";
|
|
|
|
|
|
defaultLocale = "en_US.UTF-8";
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
|
|
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search by name, run:
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
|
iptables
|
|
|
|
|
|
wget
|
|
|
|
|
|
vim
|
|
|
|
|
|
sshfsFuse
|
|
|
|
|
|
pastebinit
|
|
|
|
|
|
git
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
services.openssh.permitRootLogin = "yes";
|
|
|
|
|
|
|
|
|
|
|
|
# Disable CUPS to print documents.
|
|
|
|
|
|
services.printing.enable = false;
|
|
|
|
|
|
|
|
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
|
users.extraUsers.root = {
|
2023-07-09 20:15:06 +02:00
|
|
|
|
# FIXME: this is deprecated but so is this device probably
|
2018-01-26 11:54:50 +01:00
|
|
|
|
hashedPassword = passwords.users.root;
|
2022-10-31 11:04:38 +01:00
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"
|
|
|
|
|
|
];
|
2015-10-23 01:26:53 +02:00
|
|
|
|
};
|
|
|
|
|
|
users.extraUsers.steveej = {
|
|
|
|
|
|
uid = 1000;
|
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
|
home = "/home/steveej";
|
2024-11-15 10:17:56 +01:00
|
|
|
|
extraGroups = [
|
|
|
|
|
|
"wheel"
|
|
|
|
|
|
"libvirtd"
|
|
|
|
|
|
];
|
2023-07-09 20:15:06 +02:00
|
|
|
|
# FIXME: this is deprecated but so is this device probably
|
2018-01-26 11:54:50 +01:00
|
|
|
|
hashedPassword = passwords.users.steveej;
|
2022-10-31 11:04:38 +01:00
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"
|
|
|
|
|
|
];
|
|
|
|
|
|
};
|
2015-10-23 01:26:53 +02:00
|
|
|
|
|
|
|
|
|
|
networking.firewall.enable = false;
|
2022-10-31 11:04:38 +01:00
|
|
|
|
networking.useNetworkd = true;
|
2015-10-23 01:26:53 +02:00
|
|
|
|
}
|
