colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

moby: refactor the kernel config into the actual kernel package and do less of that in the module system

Browse Source 
this makes it easier to swap Kconfigs verbatim from other distros, e.g.
This commit is contained in:
Colin 2024-05-21 10:09:02 +00:00
parent 2e07797065
commit 41b385b6ca
2 changed files with 175 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hosts/by-name/moby/kernel.nix
View File

@ -40,27 +40,25 @@ let
'';
in
{
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-postmarketos;
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-megous;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-manjaro;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
# alternatively, apply patches directly to stock nixos kernel:
# boot.kernelPatches = manjaroPatches ++ [
# (patchDefconfig kernelConfig)
# ];
# configure nixos to build a compressed kernel image, since it doesn't usually do that for aarch64 target.
# without this i run out of /boot space in < 10 generations
# nixpkgs.hostPlatform.linux-kernel becomes stdenv.hostPlatform.linux-kernel
nixpkgs.hostPlatform.linux-kernel = {
# defaults:
name = "aarch64-multiplatform";
baseConfig = "defconfig";
DTB = true;
autoModules = true;
preferBuiltin = true;
# extraConfig = ...
# ^-- raspberry pi stuff: we don't need it.
# baseConfig: defaults to "defconfig";
# baseConfig = "pinephone_defconfig"; #< N.B.: ignored by `pkgs.linux-megous`
DTB = true; #< DTB: compile device tree blobs
# autoModules (default: true): for config options not manually specified, answer `m` to anything which supports it.
# - this effectively builds EVERY MODULE SUPPORTED.
autoModules = true; #< N.B.: ignored by `pkgs.linux-megous`
# preferBuiltin (default: false; true for rpi): for config options which default to `Y` upstream, build them as `Y` (overriding `autoModules`)
# preferBuiltin = false;
# build a compressed kernel image: without this i run out of /boot space in < 10 generations
# target = "Image"; # <-- default
target = "Image.gz"; # <-- compress the kernel image
# target = "zImage"; # <-- confuses other parts of nixos :-(

192
pkgs/additional/linux-megous/default.nix
View File

@ -1,5 +1,12 @@
# BUILD THE CONFIG WITH:
# - `nix build '.#hostConfigs.moby.boot.kernelPackages.kernel.configfile'`
# - note that this config is patched, based on `config.nixpkgs.hostPlatform.linux-kernel`!
# - the host-independent config can be built with: `nix build '.#linux-megous.passthru.configfile'`
# however this unflavored config doesn't reflect what will actually be deployed!
# QUERY THE NIX-AWARE CONFIG WITH:
# - `hostConfigs.moby.boot.kernelPackages.kernel.configfile.passthru.structuredConfig...` in the nix repl
# BUILD THE KERNEL WITH:
# - `nix build '.#hostConfigs.moby.boot.kernelPackages.kernel'`
# other people using pinephone kernels:
# - postmarketOS (pmaports)
# - uses megi's kernel; their kernel config is embedded in their pmaports repo
@ -10,6 +17,11 @@
, pkgs
# modem_power is incompatible with eg25-manager: <https://gitlab.com/mobian1/eg25-manager/-/issues/38>
, withModemPower ? true
# WARNING: NOT ALL COMBINATIONS OF THESE FLAGS YIELDS A BOOTABLE SYSTEM.
# even the combinations you'd expect to work, often don't.
, withMegiPinephoneConfig ? false #< start with megi's pinephone_defconfig ?
, withNixpkgsConfig ? true #< apply default config options from <repo:nixos/nixpkgs:pkgs/os-specific/linux/kernel/common-config.nix> ?
, withFullConfig ? true #< try to build every unspecified option, as a module?
# something inside nixpkgs calls `override` on the kernel and passes in extra arguments
, ...
}@args:
@ -46,6 +58,9 @@ let
# set to empty if not a release candidate, else `-rc<N>`
rc = "";
major = lib.versions.major base;
minor = lib.versions.minor base;
# pinephone uses the linux dtb at arch/arm64/boot/dts/allwinner/sun50i-a64-pinephone.dtsi
# - this includes sun50i-a64.dtsi
# - and sun50i-a64-cpu-opp.dtsi
@ -55,14 +70,6 @@ let
# NB: nix adds the CONFIG_ prefix to each of these.
# if you add the prefix yourself nix will IGNORE YOUR CONFIG.
# optimize for faster builds.
# see <repo:kernel.org/linux:Documentation/admin-guide/quickly-build-trimmed-linux.rst>
DEBUG_KERNEL = lib.mkForce no; # option group which seems to just gate the other DEBUG_ opts?
DEBUG_INFO = lib.mkForce no; # for gdb debugging
DEBUG_INFO_BTF = lib.mkForce no; # BPF debug symbols. rec by <https://nixos.wiki/wiki/Linux_kernel#Too_high_ram_usage>
# SCHED_DEBUG = lib.mkForce no; # determines /sys/kernel/debug/sched
# SUNRPC_DEBUG = lib.mkForce no; # i use NFS though
MODEM_POWER = lib.mkIf (!withModemPower) no;
# normally a module; try inline? for vibration/haptics
# INPUT_GPIO_VIBRA = yes;
@ -73,7 +80,7 @@ let
# DRM_SUN8I_MIXER = yes;
# DRM_SUN6I_DSI = yes;
# taken from mobile-nixos config?? or upstream megous config??
# taken from upstream linux pinephone_defconfig
RTL8723CS = module;
# BT_HCIUART_3WIRE = yes;
# BT_HCIUART_RTL = yes;
@ -82,19 +89,7 @@ let
# BT_BNEP_PROTO_FILTER = yes;
# BT_HS = yes;
# BT_LE = yes;
#
### BUILD FIXES, NOT SPECIFIC TO MY PREFERENCES
#
# disabling the sun5i_eink driver avoids this compilation error:
# CC [M] drivers/video/fbdev/sun5i-eink-neon.o
# aarch64-unknown-linux-gnu-gcc: error: unrecognized command line option '-mfloat-abi=softfp'
# aarch64-unknown-linux-gnu-gcc: error: unrecognized command line option '-mfpu=neon'
# make[3]: *** [../scripts/Makefile.build:289: drivers/video/fbdev/sun5i-eink-neon.o] Error 1
FB_SUN5I_EINK = no;
# used by the pinephone pro, but fails to compile with:
# ../drivers/media/i2c/ov8858.c:1834:27: error: implicit declaration of function 'compat_ptr'
# VIDEO_OV8858 = no;
BES2600 = no; # fails to compile (implicit declaration of function 'ieee80211_tx_status'; did you mean 'ieee80211_tx_status_ni')
### RUNTIME FIXES AFTER <https://github.com/NixOS/nixpkgs/pull/298332>
# pmOS kernel config is in pmaports repo:
# - CONFIG_FB_SIMPLE=y
@ -110,12 +105,140 @@ let
# DRM_KMS_HELPER = lib.mkForce module;
# AGP = lib.mkForce no; # "Accelerated Graphics Port" (idk)
# borrowed from megi (arch/arm64/configs/pinephone_defconfig), speculatively
# ARM64_VA_BITS_39 = yes; # nix sets ARM64_VA_BITS_52, which i expect overrides this.
# SERIAL_8250_RUNTIME_UARTS = freeform "8";
# MFD_SUN6I_PRCM = yes;
# USB_LED_TRIG = yes;
# USB_ANNOUNCE_NEW_DEVICES = yes;
# MUSB_PIO_ONLY = yes;
# DMABUF_HEAPS_SYSTEM = yes;
# borrowed from postmarketOS, "to enable libcamera development"
DMABUF_HEAPS = yes;
DMABUF_HEAPS_CMA = yes;
# borrowed from postmarketOS, speculatively, as i debug megapixels camera
# CMA_AREAS = "CMA allows to create CMA areas for particular purpose, mainly, used as device private area."
# "If unsure, leave the default value "8" in UMA and "20" in NUMA."
# - pinephone in mainline linux, postmarketOS, defaults to 7
# - nixos defaults to ... 19?
CMA_AREAS = freeform "7";
# DRM_ACCEL = lib.mkForce no;
# USB_CONFIGFS_F_TCM = yes;
# LEDS_BRIGHTNESS_HW_CHANGED = yes; #< TODO: module?
# VIDEO_SUNXI = yes; #< TODO: module?
# # CONFIG_VIDEO_SUNXI_CEDRUS=y #< implied by VIDEO_SUNXI (but as a module)
# SUN50I_IOMMU = yes;
# VALIDATE_FS_PARSER = yes;
# consider: `DMA_SUN6I = yes;` (instead of the default, module)
# try to fix "systemd[1]: bpf-lsm: Failed to load BPF object: No such process".
# see: <https://github.com/anthraxx/linux-hardened/issues/93#issuecomment-1996742297>
# somehow setting SECURITY_SELINUX, SECURITY_SEXLINUX_BOOTPARAM, LSM doesn't seem to actually fix this.
# i wonder if i need `BPF_JIT_ALWAYS_ON=y`? or if systemd's bpf-lsm doesn't cross compile / doesn't support aarch64
# SECURITY_SELINUX = yes;
# SECURITY_SELINUX_BOOTPARAM = yes;
# LSM = freeform "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf";
};
### options not necessary for a bootable system
qualityOfLife = with lib.kernel; {
# optimize for faster builds.
# see <repo:kernel.org/linux:Documentation/admin-guide/quickly-build-trimmed-linux.rst>
# note that several options can re-enable DEBUG_KERNEL (such as DEBUG_LIST)
# DEBUG_KERNEL = lib.mkForce no; # option group which seems to just gate the other DEBUG_ opts?
DEBUG_INFO = lib.mkForce no; # for gdb debugging (does it impact kernel stacktraces, too?)
# DEBUG_INFO_NONE = lib.mkForce no;
DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = lib.mkForce no;
# DEBUG_LIST = lib.mkForce no;
# DEBUG_MISC = lib.mkForce no;
# DEBUG_FS = no;
DEBUG_INFO_BTF = lib.mkForce no; # BPF debug symbols. rec by <https://nixos.wiki/wiki/Linux_kernel#Too_high_ram_usage>
# SCHED_DEBUG = lib.mkForce no; # determines /sys/kernel/debug/sched
# SUNRPC_DEBUG = lib.mkForce no; # i use NFS though
# shave 500ms off boot time (dmesg | grep raid6)
# - by default raid6 (on behalf of btrfs) will compute the fastest algorithms at boot.
# - AFAICT, this only comes into effect if using raid (i don't).
# - in any case, on moby, the fastest benchmark happens to be the default anyway.
# - on lappy/servo/desko, the default is about 3% slower than the fastest. but they compute this in < 100ms.
RAID6_PQ_BENCHMARK = no;
};
### OPTIONS ONLY NEEDED IF `withFullConfig`/`autoModules` IS TRUE:
fullConfigFixes = with lib.kernel; {
### BUILD FIXES, NOT SPECIFIC TO MY PREFERENCES
#
# disabling the sun5i_eink driver avoids this compilation error:
# CC [M] drivers/video/fbdev/sun5i-eink-neon.o
# aarch64-unknown-linux-gnu-gcc: error: unrecognized command line option '-mfloat-abi=softfp'
# aarch64-unknown-linux-gnu-gcc: error: unrecognized command line option '-mfpu=neon'
# make[3]: *** [../scripts/Makefile.build:289: drivers/video/fbdev/sun5i-eink-neon.o] Error 1
FB_SUN5I_EINK = no;
BES2600 = no; # fails to compile (implicit declaration of function 'ieee80211_tx_status'; did you mean 'ieee80211_tx_status_ni')
};
megiFixes = with lib.kernel; {
# pinephone_defconfig specifies CONFIG_LSM, but without landlock. fix that:
LSM = freeform "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf";
};
# options needed if `withNixpkgsConfig` is enabled... even if `withFullConfig` is as well
nixpkgsFixes = with lib.kernel; {
SUN8I_DE2_CCU = lib.mkForce module; #< nixos' default `Y` confuses its own config parser
#v XXX: required for e.g. SECURITY_LANDLOCK (specified by upstream nixpkgs) to take effect if `autoModules = false`
#v seems that upstream linux (the defconfigs?), it defaults to Yes for:
# - arch/x86/configs/x86_64_defconfig
# - arch/arm64/configs/defconfig
# but that it's left unset for e.g. arch/arm64/configs/pinephone_defconfig. TODO: upstream to nixpkgs
SECURITY = yes;
SECURITY_SELINUX = yes; #< not sure if actually required; it would usually be enabled by autoModules
SECURITY_SELINUX_BOOTPARAM = yes;
# PCI needed because of the dependency on module `ahci`
# like SECURITY, it's present for the default x86, arm64 defconfigs, but not the flavored ones.
PCI = yes;
};
### OPTIONS ONLY NEEDED IF `withFullConfig`/`autoModules` IS FALSE:
nixpkgsRequirements = with lib.kernel; {
# necessary for nixpkgs' initrd to build.
# see <repo:nixos/nixpkgs:nixos/modules/system/boot/kernel.nix> for a list of the default modules it includes in the initrd
ATA = module;
PCI = yes;
SATA_AHCI = module;
SATA_NV = module;
SATA_VIA = module;
SATA_SIS = module;
SATA_ULI = module;
ATA_PIIX = module;
PATA_MARVELL = module;
BLK_DEV_NVME = module;
BLK_DEV_SD = module;
BLK_DEV_SR = module;
MMC_BLOCK = module;
USB_UHCI_HCD = module;
USB_EHCI_HCD = module;
USB_EHCI_PCI = module;
USB_OHCI_HCD = module;
USB_OHCI_HCD_PCI = module; #< yep, HCD_PCI -- not just PCI
USB_XHCI_HCD = module;
USB_XHCI_PCI = module;
HID_APPLE = module;
HID_CHERRY = module;
HID_CORSAIR = module;
HID_LENOVO = module;
HID_LOGITECH = module;
HID_LOGITECH_DJ = module;
HID_LOGITECH_HIDPP = module;
HID_MICROSOFT = module;
HID_ROCCAT = module;
# for iio, see: <nixos/modules/hardware/sensor/iio.nix>
HID_SENSOR_HUB = module;
# see: <nixos/modules/system/etc/etc-activation.nix>
EROFS_FS = module;
# for unl0kr, see: <nixos/tests/systemd-initrd-luks-unl0kr.nix>
DRM_BOCHS = module;
### RELEVANT CONFIGS INHERITED FROM NIXOS DEFAULTS (OR ABOVE ADDITIONS):
#
# CONFIG_BT=m
@ -173,9 +296,7 @@ let
# `pkgs.kernelPatches` is a set of common patches
# while `kernelPatches` callarg is a list.
# weird idiom, means we have to access pkgs.kernelPatches to access the actual patch directory:
extraKernelPatches = [
pkgs.kernelPatches.bridge_stp_helper
pkgs.kernelPatches.request_key_helper
extraKernelPatches = pkgs."linux_${major}_${minor}".kernelPatches ++ [
# (patchDefconfig kernelConfig)
# wake on wireless lan (WOWLAN) patches:
# see: <https://gist.github.com/Peetz0r/bf8fd93a60962b4afcf2daeb4305da40>
@ -273,7 +394,7 @@ let
# extraStructuredConfig = config;
# };
in buildLinux (args // {
in (buildLinux {
version = base + rc;
# modDirVersion needs to be x.y.z, where `z` could be `Z-rcN`
@ -289,8 +410,23 @@ in buildLinux (args // {
repo = "linux";
inherit rev hash;
};
}).override (args // {
kernelPatches = (args.kernelPatches or []) ++ extraKernelPatches;
structuredExtraConfig = (args.structuredExtraConfig or {}) // kernelConfig;
defconfig = if withMegiPinephoneConfig then "pinephone_defconfig" else "defconfig";
structuredExtraConfig =
lib.optionalAttrs withMegiPinephoneConfig megiFixes
// lib.optionalAttrs (!withFullConfig) nixpkgsRequirements
// lib.optionalAttrs withNixpkgsConfig nixpkgsFixes
// lib.optionalAttrs withFullConfig fullConfigFixes
// qualityOfLife
// (args.structuredExtraConfig or {})
// kernelConfig;
#v build a minimal kernel, without the options from <repo:nixos/nixpkgs:pkgs/os-specific/linux/kernel/common-config.nix>?
#v but this will lack features like e.g. landlock, which my userspace depends on
enableCommonConfig = withNixpkgsConfig;
autoModules = withFullConfig;
preferBuiltin = withFullConfig; #< TODO: set this to false! it's the more extreme version of autoModules, which answers `Y` to everything which would default to `Y` (wait, that sounds ok, actually?)
})