feat(nixos): init kompakt

20 files changed, 9094 insertions, 0 deletions

diff --git a/nixos/default.nix b/nixos/default.nix
index c113d42..f894772 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -21,4 +21,10 @@
       ./modules/security.nix
     ];
   };
+
+  kompakt = self.lib.mkSystem {
+    name = "kompakt";
+    system = "aarch64-linux";
+    nixpkgs = unstable-small;
+  };
 }
diff --git a/nixos/kompakt/configuration.nix b/nixos/kompakt/configuration.nix
new file mode 100644
index 0000000..837ee05
--- /dev/null
+++ b/nixos/kompakt/configuration.nix
@@ -0,0 +1,116 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../modules/apple-silicon-support
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = false;
+
+  boot.supportedFilesystems = [ "zfs" ];
+
+  networking.hostName = "kompakt"; # Define your hostname.
+  networking.hostId = "9c8c0140";
+
+
+  # Pick only one of the below networking options.
+  networking.wireless.iwd.enable = true;
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  time.timeZone = "Asia/Seoul";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+   font = "ter-v32n";
+   packages = with pkgs; [ terminus_font ];
+  };
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+
+
+
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = {
+  #   "eurosign:e";
+  #   "caps:escape" # map caps to escape.
+  # };
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.sefidel = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    initialPassword = "cube";
+    packages = with pkgs; [
+    ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  # environment.systemPackages = with pkgs; [
+  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #   wget
+  # ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}
+
diff --git a/nixos/kompakt/hardware-configuration.nix b/nixos/kompakt/hardware-configuration.nix
new file mode 100644
index 0000000..27c7ad8
--- /dev/null
+++ b/nixos/kompakt/hardware-configuration.nix
@@ -0,0 +1,54 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "usb_storage" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/local/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/01AC-1BF6";
+      fsType = "vfat";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/local/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/persist" =
+    { device = "rpool/safe/persist";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/safe/home";
+      fsType = "zfs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0f0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}
diff --git a/nixos/modules/apple-silicon-support/default.nix b/nixos/modules/apple-silicon-support/default.nix
new file mode 100644
index 0000000..71a5dd0
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  imports = [
+    ./modules/default.nix
+  ];
+}
diff --git a/nixos/modules/apple-silicon-support/modules/boot-m1n1/default.nix b/nixos/modules/apple-silicon-support/modules/boot-m1n1/default.nix
new file mode 100644
index 0000000..39e94c5
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/modules/boot-m1n1/default.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, lib, ... }:
+let
+  pkgs' = config.hardware.asahi.pkgs;
+
+  bootM1n1 = pkgs'.m1n1.override {
+    isRelease = true;
+    withTools = false;
+    customLogo = config.boot.m1n1CustomLogo;
+  };
+
+  bootUBoot = pkgs'.uboot-asahi.override {
+    m1n1 = bootM1n1;
+  };
+
+  bootFiles = {
+    "m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} ''
+      cat ${bootM1n1}/build/m1n1.bin > $out
+      cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
+      cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
+      if [ -n "${config.boot.m1n1ExtraOptions}" ]; then
+        echo '${config.boot.m1n1ExtraOptions}' >> $out
+      fi
+    '';
+  };
+in {
+  config = {
+    # install m1n1 with the boot loader
+    boot.loader.grub.extraFiles = bootFiles;
+    boot.loader.systemd-boot.extraFiles = bootFiles;
+
+    # ensure the installer has m1n1 in the image
+    system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
+    system.build.m1n1 = bootFiles."m1n1/boot.bin";
+  };
+
+  options.boot = {
+    m1n1ExtraOptions = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+      description = ''
+        Append extra options to the m1n1 boot binary. Might be useful for fixing
+        display problems on Mac minis.
+        https://github.com/AsahiLinux/m1n1/issues/159
+      '';
+    };
+
+    m1n1CustomLogo = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        Custom logo to build into m1n1. The path must point to a 256x256 PNG.
+      '';
+    };
+  };
+}
diff --git a/nixos/modules/apple-silicon-support/modules/default.nix b/nixos/modules/apple-silicon-support/modules/default.nix
new file mode 100644
index 0000000..1ae87bb
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/modules/default.nix
@@ -0,0 +1,61 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ./kernel
+    ./mesa
+    ./peripheral-firmware
+    ./boot-m1n1
+  ];
+
+  config =
+    let
+      cfg = config.hardware.asahi;
+    in {
+      nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
+
+      hardware.asahi.pkgs =
+        if cfg.pkgsSystem != "aarch64-linux"
+        then
+          import (pkgs.path) {
+            crossSystem.system = "aarch64-linux";
+            localSystem.system = cfg.pkgsSystem;
+            overlays = [ cfg.overlay ];
+          }
+        else pkgs;
+    };
+
+  options.hardware.asahi = {
+    pkgsSystem = lib.mkOption {
+      type = lib.types.str;
+      default = "aarch64-linux";
+      description = ''
+        System architecture that should be used to build the major Asahi
+        packages, if not the default aarch64-linux. This allows installing from
+        a cross-built ISO without rebuilding them during installation.
+      '';
+    };
+
+    pkgs = lib.mkOption {
+      type = lib.types.raw;
+      description = ''
+        Package set used to build the major Asahi packages. Defaults to the
+        ambient set if not cross-built, otherwise re-imports the ambient set
+        with the system defined by `hardware.asahi.pkgsSystem`.
+      '';
+    };
+
+    overlay = lib.mkOption {
+      type = lib.mkOptionType {
+        name = "nixpkgs-overlay";
+        description = "nixpkgs overlay";
+        check = lib.isFunction;
+        merge = lib.mergeOneOption;
+      };
+      default = import ../packages/overlay.nix;
+      defaultText = "overlay provided with the module";
+      description = ''
+        The nixpkgs overlay for asahi packages.
+      '';
+    };
+  };
+}
diff --git a/nixos/modules/apple-silicon-support/modules/kernel/default.nix b/nixos/modules/apple-silicon-support/modules/kernel/default.nix
new file mode 100644
index 0000000..7e60b47
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/modules/kernel/default.nix
@@ -0,0 +1,108 @@
+# the Asahi Linux kernel and options that must go along with it
+
+{ config, pkgs, lib, ... }:
+{
+  config = {
+    boot.kernelPackages = let
+      pkgs' = config.hardware.asahi.pkgs;
+    in
+      pkgs'.linux-asahi.override {
+        inherit (config.boot) kernelPatches;
+        _4KBuild = config.hardware.asahi.use4KPages;
+        withRust = config.hardware.asahi.withRust;
+      };
+
+    # we definitely want to use CONFIG_ENERGY_MODEL, and
+    # schedutil is a prerequisite for using it
+    # source: https://www.kernel.org/doc/html/latest/scheduler/sched-energy.html
+    powerManagement.cpuFreqGovernor = lib.mkOverride 800 "schedutil";
+
+    boot.initrd.includeDefaultModules = false;
+    boot.initrd.availableKernelModules = [
+      # list of initrd modules stolen from
+      # https://github.com/AsahiLinux/asahi-scripts/blob/f461f080a1d2575ae4b82879b5624360db3cff8c/initcpio/install/asahi
+      "apple-mailbox"
+      "nvme_apple"
+      "pinctrl-apple-gpio"
+      "macsmc"
+      "macsmc-rtkit"
+      "i2c-apple"
+      "tps6598x"
+      "apple-dart"
+      "dwc3"
+      "dwc3-of-simple"
+      "xhci-pci"
+      "pcie-apple"
+      "gpio_macsmc"
+      "phy-apple-atc"
+      "nvmem_apple_efuses"
+      "spi-apple"
+      "spi-hid-apple"
+      "spi-hid-apple-of"
+      "rtc-macsmc"
+      "simple-mfd-spmi"
+      "spmi-apple-controller"
+      "nvmem_spmi_mfd"
+      "apple-dockchannel"
+      "dockchannel-hid"
+      "apple-rtkit-helper"
+
+      # additional stuff necessary to boot off USB for the installer
+      # and if the initrd (i.e. stage 1) goes wrong
+      "usb-storage"
+      "xhci-plat-hcd"
+      "usbhid"
+      "hid_generic"
+    ];
+
+    boot.kernelParams = [
+      "earlycon"
+      "console=ttySAC0,1500000"
+      "console=tty0"
+      "boot.shell_on_fail"
+      # Apple's SSDs are slow (~dozens of ms) at processing flush requests which
+      # slows down programs that make a lot of fsync calls. This parameter sets
+      # a delay in ms before actually flushing so that such requests can be
+      # coalesced. Be warned that increasing this parameter above zero (default
+      # is 1000) has the potential, though admittedly unlikely, risk of
+      # UNBOUNDED data corruption in case of power loss!!!! Don't even think
+      # about it on desktops!!
+      "nvme_apple.flush_interval=0"
+    ];
+
+    # U-Boot does not support EFI variables
+    boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
+
+    # U-Boot does not support switching console mode
+    boot.loader.systemd-boot.consoleMode = "0";
+
+    # GRUB has to be installed as removable if the user chooses to use it
+    boot.loader.grub = lib.mkDefault {
+      version = 2;
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      device = "nodev";
+    };
+  };
+
+  imports = [
+    ./edge.nix
+  ];
+
+  options.hardware.asahi.use4KPages = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = ''
+      Build the Asahi Linux kernel with 4K pages to improve compatibility in
+      some cases at the cost of performance in others.
+    '';
+  };
+
+  options.hardware.asahi.withRust = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = ''
+      Build the Asahi Linux kernel with Rust support.
+    '';
+  };
+}
diff --git a/nixos/modules/apple-silicon-support/modules/kernel/edge.nix b/nixos/modules/apple-silicon-support/modules/kernel/edge.nix
new file mode 100644
index 0000000..9137e3b
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/modules/kernel/edge.nix
@@ -0,0 +1,52 @@
+# the Asahi Linux edge config and options that must go along with it
+
+{ config, pkgs, lib, ... }:
+{
+  config = lib.mkIf config.hardware.asahi.addEdgeKernelConfig {
+    boot.kernelPatches = [
+      {
+        name = "edge-config";
+        patch = null;
+        # derived from
+        # https://github.com/AsahiLinux/PKGBUILDs/blob/stable/linux-asahi/config.edge
+        extraConfig = ''
+          DRM_SIMPLEDRM_BACKLIGHT n
+          BACKLIGHT_GPIO n
+          DRM_APPLE m
+          APPLE_SMC m
+          APPLE_SMC_RTKIT m
+          APPLE_RTKIT m
+          APPLE_MAILBOX m
+          GPIO_MACSMC m
+          DRM_VGEM n
+          DRM_SCHED y
+          DRM_GEM_SHMEM_HELPER y
+          DRM_ASAHI m
+          SUSPEND y
+        '';
+      }
+    ];
+
+    # required for proper DRM setup even without GPU driver
+    services.xserver.config = ''
+      Section "OutputClass"
+          Identifier "appledrm"
+          MatchDriver "apple"
+          Driver "modesetting"
+          Option "PrimaryGPU" "true"
+      EndSection
+    '';
+
+    # required for edge drivers
+    hardware.asahi.withRust = true;
+  };
+
+  options.hardware.asahi.addEdgeKernelConfig = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = ''
+      Build the Asahi Linux kernel with additional experimental "edge"
+      configuration options.
+    '';
+  };
+}
diff --git a/nixos/modules/apple-silicon-support/modules/mesa/default.nix b/nixos/modules/apple-silicon-support/modules/mesa/default.nix
new file mode 100644
index 0000000..7dfea55
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/modules/mesa/default.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, lib, ... }:
+{
+  config = let
+    isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver
+        && config.hardware.asahi.experimentalGPUInstallMode == mode);
+  in lib.mkMerge [
+    (lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
+
+      # install the drivers
+      hardware.opengl.package = pkgs.mesa-asahi-edge.drivers;
+
+      # required for GPU kernel driver
+      hardware.asahi.addEdgeKernelConfig = true;
+    })
+    (lib.mkIf (isMode "replace") {
+      # replace the Mesa linked into system packages with the Asahi version
+      # without rebuilding them to avoid rebuilding the world.
+      system.replaceRuntimeDependencies = [
+        { original = pkgs.mesa;
+          replacement = pkgs.mesa-asahi-edge;
+        }
+      ];
+    })
+    (lib.mkIf (isMode "overlay") {
+      # replace the Mesa used in Nixpkgs with the Asahi version using an overlay,
+      # which requires rebuilding the world but ensures it is done faithfully
+      # (and in a way compatible with pure evaluation)
+      nixpkgs.overlays = [
+        (final: prev: {
+          mesa = final.mesa-asahi-edge;
+        })
+      ];
+    })
+  ];
+
+  options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = ''
+      Use the experimental Asahi Mesa GPU driver.
+
+      Do not report issues using this driver under NixOS to the Asahi project.
+    '';
+  };
+
+  options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
+    type = lib.types.enum [ "driver" "replace" "overlay" ];
+    default = "replace";
+    description = ''
+      Mode to use to install the experimental GPU driver into the system.
+
+      driver: install only as a driver, do not replace system Mesa.
+        Causes issues with certain programs like Plasma Wayland.
+
+      replace (default): use replaceRuntimeDependencies to replace system Mesa with Asahi Mesa.
+        Does not work in pure evaluation context (i.e. in flakes by default).
+
+      overlay: overlay system Mesa with Asahi Mesa
+        Requires rebuilding the world.
+    '';
+  };
+}
diff --git a/nixos/modules/apple-silicon-support/modules/peripheral-firmware/default.nix b/nixos/modules/apple-silicon-support/modules/peripheral-firmware/default.nix
new file mode 100644
index 0000000..2a478e6
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/modules/peripheral-firmware/default.nix
@@ -0,0 +1,69 @@
+{ config, pkgs, lib, ... }:
+{
+  config = {
+    assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
+      { assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
+        message = ''
+          Asahi peripheral firmware extraction is enabled but the firmware
+          location appears incorrect.
+        '';
+      }
+    ];
+
+    hardware.firmware = let
+      pkgs' = config.hardware.asahi.pkgs;
+    in
+      lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
+          && config.hardware.asahi.extractPeripheralFirmware) [
+        (pkgs.stdenv.mkDerivation {
+          name = "asahi-peripheral-firmware";
+
+          nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
+
+          buildCommand = ''
+            mkdir extracted
+            asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
+
+            mkdir -p $out/lib/firmware
+            cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
+            mv vendorfw/* $out/lib/firmware
+          '';
+        })
+      ];
+  };
+
+  options.hardware.asahi = {
+    extractPeripheralFirmware = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = ''
+        Automatically extract the non-free non-redistributable peripheral
+        firmware necessary for features like Wi-Fi.
+      '';
+    };
+
+    peripheralFirmwareDirectory = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+
+      default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null
+        [
+          # path when the system is operating normally
+          /boot/asahi
+          # path when the system is mounted in the installer
+          /mnt/boot/asahi
+        ];
+
+      description = ''
+        Path to the directory containing the non-free non-redistributable
+        peripheral firmware necessary for features like Wi-Fi. Ordinarily, this
+        will automatically point to the appropriate location on the ESP. Flake
+        users and those interested in maximum purity will want to copy those
+        files elsewhere and specify this manually.
+
+        Currently, this consists of the files `all-firmware.tar.gz` and
+        `kernelcache*`. The official Asahi Linux installer places these files
+        in the `asahi` directory of the EFI system partition when creating it.
+      '';
+    };
+  };
+}
diff --git a/nixos/modules/apple-silicon-support/packages/asahi-fwextract/add_entry_point.patch b/nixos/modules/apple-silicon-support/packages/asahi-fwextract/add_entry_point.patch
new file mode 100644
index 0000000..3c808fe
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/packages/asahi-fwextract/add_entry_point.patch
@@ -0,0 +1,31 @@
+diff --git a/asahi_firmware/update.py b/asahi_firmware/update.py
+index 45f1acf..e87e26e 100644
+--- a/asahi_firmware/update.py
++++ b/asahi_firmware/update.py
+@@ -35,7 +35,7 @@ def update_firmware(source, dest):
+ 
+     pkg.save_manifest(os.path.join(dest, "manifest.txt"))
+ 
+-if __name__ == "__main__":
++def main():
+     import argparse
+     import logging
+     logging.basicConfig()
+@@ -49,3 +49,7 @@ if __name__ == "__main__":
+     args = parser.parse_args()
+ 
+     update_firmware(args.source, args.dest)
++
++if __name__ == "__main__":
++    main()
++
+diff --git a/setup.py b/setup.py
+index 45ada19..1b371ba 100644
+--- a/setup.py
++++ b/setup.py
+@@ -9,4 +9,5 @@ setup(name='asahi_firmware',
+       author_email='marcan@marcan.st',
+       url='https://github.com/AsahiLinux/asahi-installer/',
+       packages=['asahi_firmware'],
++      entry_points={"console_scripts": ["asahi-fwextract = asahi_firmware.update:main"]}
+      )
diff --git a/nixos/modules/apple-silicon-support/packages/asahi-fwextract/default.nix b/nixos/modules/apple-silicon-support/packages/asahi-fwextract/default.nix
new file mode 100755
index 0000000..992d250
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/packages/asahi-fwextract/default.nix
@@ -0,0 +1,36 @@
+{ lib
+, python3
+, fetchFromGitHub
+, gzip
+, gnutar
+, lzfse
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "asahi-fwextract";
+  version = "0.5pre2";
+
+  # tracking version: https://github.com/AsahiLinux/PKGBUILDs/blob/main/asahi-fwextract/PKGBUILD
+  src = fetchFromGitHub {
+    owner = "AsahiLinux";
+    repo = "asahi-installer";
+    rev = "v${version}";
+    hash = "sha256-p34eN2iE1s8rupdysjyf6GN8kHkVG9NDw31YKPDNXbk=";
+  };
+
+  patches = [
+    ./add_entry_point.patch
+  ];
+
+  postPatch = ''
+    substituteInPlace asahi_firmware/img4.py \
+      --replace 'liblzfse.so' '${lzfse}/lib/liblzfse.so'
+    substituteInPlace asahi_firmware/update.py \
+      --replace '"tar"' '"${gnutar}/bin/tar"' \
+      --replace '"xf"' '"-x", "-I", "${gzip}/bin/gzip", "-f"'
+  '';
+
+  nativeBuildInputs = [ python3.pkgs.setuptools ];
+
+  doCheck = false;
+}
diff --git a/nixos/modules/apple-silicon-support/packages/linux-asahi/config b/nixos/modules/apple-silicon-support/packages/linux-asahi/config
new file mode 100644
index 0000000..1306cf3
--- /dev/null
+++ b/nixos/modules/apple-silicon-support/packages/linux-asahi/config
@@ -0,0 +1,7673 @@
+# from https://github.com/AsahiLinux/PKGBUILDs/blob/stable/linux-asahi/config
+# note that this file is not passed to the kernel verbatim, it is parsed and run through `make config`, so stuff below like compiler version will be automatically adjusted for NixOS
+
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/arm64 6.1.0-rc7 Kernel Configuration
+#
+CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0"
+CONFIG_CC_IS_GCC=y
+CONFIG_GCC_VERSION=120100
+CONFIG_CLANG_VERSION=0
+CONFIG_AS_IS_GNU=y
+CONFIG_AS_VERSION=23800
+CONFIG_LD_IS_BFD=y
+CONFIG_LD_VERSION=23800
+CONFIG_LLD_VERSION=0
+CONFIG_RUST_IS_AVAILABLE=y
+CONFIG_CC_CAN_LINK=y
+CONFIG_CC_CAN_LINK_STATIC=y
+CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
+CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
+CONFIG_CC_HAS_ASM_INLINE=y
+CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
+CONFIG_PAHOLE_VERSION=124
+CONFIG_CONSTRUCTORS=y
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_TABLE_SORT=y
+CONFIG_THREAD_INFO_IN_TASK=y
+
+#
+# General setup
+#
+CONFIG_INIT_ENV_ARG_LIMIT=32
+# CONFIG_COMPILE_TEST is not set
+# CONFIG_WERROR is not set
+# CONFIG_LOCALVERSION="-ARCH"
+# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_BUILD_SALT=""
+CONFIG_DEFAULT_INIT=""
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+CONFIG_WATCH_QUEUE=y
+CONFIG_CROSS_MEMORY_ATTACH=y
+# CONFIG_USELIB is not set
+CONFIG_AUDIT=y
+CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+CONFIG_AUDITSYSCALL=y
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_GENERIC_IRQ_SHOW_LEVEL=y
+CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y
+CONFIG_GENERIC_IRQ_MIGRATION=y
+CONFIG_GENERIC_IRQ_INJECTION=y
+CONFIG_HARDIRQS_SW_RESEND=y
+CONFIG_IRQ_DOMAIN=y
+CONFIG_IRQ_DOMAIN_HIERARCHY=y
+CONFIG_GENERIC_IRQ_IPI=y
+CONFIG_GENERIC_MSI_IRQ=y
+CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
+CONFIG_IRQ_MSI_IOMMU=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+# CONFIG_GENERIC_IRQ_DEBUGFS is not set
+# end of IRQ subsystem
+
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_ARCH_HAS_TICK_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y
+CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y
+CONFIG_CONTEXT_TRACKING=y
+CONFIG_CONTEXT_TRACKING_IDLE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+# CONFIG_NO_HZ_IDLE is not set
+CONFIG_NO_HZ_FULL=y
+CONFIG_CONTEXT_TRACKING_USER=y
+# CONFIG_CONTEXT_TRACKING_USER_FORCE is not set
+# CONFIG_NO_HZ is not set
+CONFIG_HIGH_RES_TIMERS=y
+# end of Timers subsystem
+
+CONFIG_BPF=y
+CONFIG_HAVE_EBPF_JIT=y
+CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
+
+#
+# BPF subsystem
+#
+CONFIG_BPF_SYSCALL=y
+CONFIG_BPF_JIT=y
+# CONFIG_BPF_JIT_ALWAYS_ON is not set
+CONFIG_BPF_JIT_DEFAULT_ON=y
+# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
+CONFIG_USERMODE_DRIVER=y
+# CONFIG_BPF_PRELOAD is not set
+# end of BPF subsystem
+
+CONFIG_PREEMPT_BUILD=y
+# CONFIG_PREEMPT_NONE is not set
+# CONFIG_PREEMPT_VOLUNTARY is not set
+CONFIG_PREEMPT=y
+CONFIG_PREEMPT_COUNT=y
+CONFIG_PREEMPTION=y
+CONFIG_PREEMPT_DYNAMIC=y
+# CONFIG_SCHED_CORE is not set
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_VIRT_CPU_ACCOUNTING=y
+CONFIG_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_SCHED_AVG_IRQ=y
+CONFIG_SCHED_THERMAL_PRESSURE=y
+CONFIG_BSD_PROCESS_ACCT=y
+CONFIG_BSD_PROCESS_ACCT_V3=y
+CONFIG_TASKSTATS=y
+CONFIG_TASK_DELAY_ACCT=y
+CONFIG_TASK_XACCT=y
+CONFIG_TASK_IO_ACCOUNTING=y
+CONFIG_PSI=y
+# CONFIG_PSI_DEFAULT_DISABLED is not set
+# end of CPU/Task time and stats accounting
+
+CONFIG_CPU_ISOLATION=y
+
+#
+# RCU Subsystem
+#
+CONFIG_TREE_RCU=y
+CONFIG_PREEMPT_RCU=y
+# CONFIG_RCU_EXPERT is not set
+CONFIG_SRCU=y
+CONFIG_TREE_SRCU=y
+CONFIG_TASKS_RCU_GENERIC=y
+CONFIG_TASKS_RCU=y
+CONFIG_TASKS_TRACE_RCU=y
+CONFIG_RCU_STALL_COMMON=y
+CONFIG_RCU_NEED_SEGCBLIST=y
+CONFIG_RCU_NOCB_CPU=y
+# CONFIG_RCU_NOCB_CPU_DEFAULT_ALL is not set
+# end of RCU Subsystem
+
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+# CONFIG_IKHEADERS is not set
+CONFIG_LOG_BUF_SHIFT=18
+CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
+CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13
+# CONFIG_PRINTK_INDEX is not set
+CONFIG_GENERIC_SCHED_CLOCK=y
+
+#
+# Scheduler features
+#
+# CONFIG_UCLAMP_TASK is not set
+# end of Scheduler features
+
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_CC_HAS_INT128=y
+CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
+CONFIG_GCC12_NO_ARRAY_BOUNDS=y
+CONFIG_CC_NO_ARRAY_BOUNDS=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+CONFIG_CGROUPS=y
+CONFIG_PAGE_COUNTER=y
+# CONFIG_CGROUP_FAVOR_DYNMODS is not set
+CONFIG_MEMCG=y
+CONFIG_MEMCG_KMEM=y
+CONFIG_BLK_CGROUP=y
+CONFIG_CGROUP_WRITEBACK=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_RDMA=y
+CONFIG_CGROUP_FREEZER=y
+