steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
infra/nix/os/devices/steveej-utilitepro/configuration.nix

280 lines
8.7 KiB
Nix
Raw Normal View History

*: add config
2015-10-23 01:26:53 +02:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
use git-encrypt for secrets
2018-01-26 11:54:50 +01:00
let
passwords = import ../common/passwords.crypt.nix;
in
*: add config
2015-10-23 01:26:53 +02:00
{
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
nix.maxJobs = 4;
nix.buildCores = 4;
nix.extraOptions = ''
gc-keep-outputs = true
gc-keep-derivations = true
'';
nixpkgs.config = {
packageOverrides = super: let self = super.pkgs; in {
linux_4_1 = super.linux_4_1.override {
kernelPatches = super.linux_4_1.kernelPatches ++ [
{ patch = ./patches/utilitepro-kernel-dts.patch; name = "utilitepro-dts"; }
{ patch = ./patches/utilitepro-kernel-dts-Makefile.patch; name = "utilitepro-dts-Makefile"; }
];
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
MACVLAN m
VETH m
BRIDGE m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
'';
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
};
allowUnfree = true;
};
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "steveej-utilitepro"; # Define your hostname.
#networking.wireless.enable = true; # Enables wireless support viawpa_supplicant.
boot.kernelPackages = pkgs.linuxPackages_4_1;
boot.extraKernelParams = [
"cm_fx6_v4l_msize=128M"
"vmalloc=256M"
"root=/dev/sda3"
"rootflags=subvol=nixos"
"console=ttymxc3,115200"
];
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.grub.enable = false;
# Select internationalisation properties.
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
environment.systemPackages = with pkgs; [
iptables
wget
vim
sshfsFuse
pastebinit
git
];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
# Disable CUPS to print documents.
services.printing.enable = false;
users.mutableUsers = false;
users.extraUsers.root = {
use git-encrypt for secrets
2018-01-26 11:54:50 +01:00
hashedPassword = passwords.users.root;
*: add config
2015-10-23 01:26:53 +02:00
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
users.extraUsers.steveej = {
uid = 1000;
isNormalUser = true;
home = "/home/steveej";
extraGroups = [ "wheel" "libvirtd" ];
use git-encrypt for secrets
2018-01-26 11:54:50 +01:00
hashedPassword = passwords.users.steveej;
*: add config
2015-10-23 01:26:53 +02:00
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
networking.firewall.enable = false;
networking.useNetworkd = true;
}
Reference in a new issue Copy permalink