From 530d03bc1434f78cdb910130d54ae997f35b5215 Mon Sep 17 00:00:00 2001
From: Anton Bambura <jenneron@protonmail.com>
Date: Fri, 6 Aug 2021 01:52:08 +0300
Subject: [PATCH] ARM: pmos.config: Add defconfig

besides generic needed options:
- built-in stuff needed for cryptsetup
- anbox support (is broken on armv7, but we hope it will be fixed)
- nftables
- containers (docker, lxc)
- zram

Link: https://github.com/grate-driver/linux/pull/69#issue-983722210
Signed-off-by: Anton Bambura <jenneron@protonmail.com>
---
 kernel/configs/pmos.config | 135 +++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 kernel/configs/pmos.config

diff --git a/kernel/configs/pmos.config b/kernel/configs/pmos.config
new file mode 100644
index 0000000000000..b48991bb9bd21
--- /dev/null
+++ b/kernel/configs/pmos.config
@@ -0,0 +1,135 @@
+# general
+CONFIG_LOCALVERSION="-postmarketos-grate"
+CONFIG_BLK_DEV_INITRD=y
+CONFIG_CGROUPS=y
+CONFIG_CRYPTO_XTS=y
+CONFIG_DEVTMPFS=y
+CONFIG_DM_CRYPT=m
+CONFIG_EXT4_FS=m
+CONFIG_F2FS_FS=m
+CONFIG_BTRFS_FS=m
+CONFIG_SYSVIPC=y
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_VT=y
+CONFIG_UEVENT_HELPER=y
+CONFIG_USER_NS=y
+
+# osk-sdl
+CONFIG_MD=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_AES=y
+
+# nftables
+CONFIG_NETFILTER=y
+CONFIG_NF_CONNTRACK=m
+CONFIG_NF_TABLES=m
+CONFIG_NF_TABLES_INET=y
+CONFIG_NFT_CT=m
+CONFIG_NFT_COUNTER=m
+CONFIG_NFT_LOG=m
+CONFIG_NFT_LIMIT=m
+CONFIG_NFT_MASQ=m
+CONFIG_NFT_NAT=m
+CONFIG_NFT_REJECT=m
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NF_REJECT_IPV4=m
+CONFIG_IP_NF_IPTABLES=m
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_TARGET_REJECT=m
+CONFIG_IP_NF_NAT=m
+CONFIG_NF_TABLES_IPV6=y
+CONFIG_NF_REJECT_IPV6=m
+CONFIG_IP6_NF_IPTABLES=m
+CONFIG_IP6_NF_FILTER=m
+CONFIG_IP6_NF_TARGET_REJECT=m
+CONFIG_IP6_NF_NAT=m
+
+# anbox
+CONFIG_SQUASHFS=m
+CONFIG_SQUASHFS_XZ=y
+CONFIG_SQUASHFS_XATTR=y
+CONFIG_TMPFS_XATTR=y
+CONFIG_ASHMEM=y
+CONFIG_ANDROID=y
+CONFIG_ANDROID_BINDER_IPC=y
+CONFIG_ANDROID_BINDERFS=n
+CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder"
+CONFIG_NETFILTER_XTABLES=m
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
+CONFIG_IP_NF_MANGLE=m
+CONFIG_FUSE_FS=m
+CONFIG_BLK_DEV_LOOP=m
+CONFIG_TUN=m
+CONFIG_VETH=m
+CONFIG_VLAN_8021Q=m  # prerequisite for bridge
+CONFIG_BRIDGE=m
+CONFIG_BRIDGE_VLAN_FILTERING=y
+
+# containers (lxc, Docker)
+CONFIG_NAMESPACES=y
+CONFIG_NET_NS=y
+CONFIG_PID_NS=y
+CONFIG_IPC_NS=y
+CONFIG_UTS_NS=y
+# CONFIG_CGROUPS=y # This is already enabled
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_CPUSETS=y
+CONFIG_KEYS=y
+# CONFIG_VETH=y # This is already enabled
+# CONFIG_BRIDGE=m # This is already enabled
+CONFIG_BRIDGE_NETFILTER=m
+# CONFIG_IP_NF_FILTER=m # This is already enabled
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
+CONFIG_NETFILTER_XT_MATCH_IPVS=m
+CONFIG_NETFILTER_XT_MARK=m
+CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m  # Needed for lxc
+# CONFIG_IP_NF_NAT=m # This is already enabled
+CONFIG_NF_NAT=m
+CONFIG_POSIX_MQUEUE=y
+CONFIG_BLK_DEV_DM=m  # Storage Drivers
+CONFIG_DUMMY=m  # Network Drivers
+# CONFIG_USER_NS=m  # This is already enabled
+CONFIG_BLK_CGROUP=y  # Optional section
+CONFIG_BLK_DEV_THROTTLING=y  # Optional section
+CONFIG_CGROUP_PERF=y  # Optional section
+CONFIG_NET_SCHED=y  # Optional section
+CONFIG_NET_CLS_CGROUP=m  # Optional section
+CONFIG_FAIR_GROUP_SCHED=y  # Optional section
+CONFIG_RT_GROUP_SCHED=y  # Optional section
+CONFIG_IP_NF_TARGET_REDIRECT=m  # Optional section
+CONFIG_IP_VS=m  # Optional section
+CONFIG_IP_VS_NFCT=y  # Optional section
+CONFIG_IP_VS_PROTO_TCP=y  # Optional section
+CONFIG_IP_VS_PROTO_UDP=y  # Optional section
+CONFIG_IP_VS_RR=m  # Optional section
+# CONFIG_EXT4_FS=m  # This is already enabled
+CONFIG_EXT4_FS_POSIX_ACL=y  # Optional section
+CONFIG_EXT4_FS_SECURITY=y  # Optional section
+CONFIG_CFS_BANDWIDTH=y  # Optional section
+CONFIG_CHECKPOINT_RESTORE=y  # Needed for lxc
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_DM_THIN_PROVISIONING=m  # Storage Drivers
+CONFIG_VXLAN=m  # Network Drivers
+CONFIG_IP6_NF_TARGET_MASQUERADE=m  # Needed for lxc
+# CONFIG_BRIDGE_VLAN_FILTERING=y  # This is already enabled
+CONFIG_MACVLAN=m  # Network Drivers
+CONFIG_CGROUP_NET_PRIO=y  # Optional section
+CONFIG_OVERLAY_FS=m  # Storage Drivers
+CONFIG_IPVLAN=m  # Network Drivers
+CONFIG_SECCOMP=y  # Optional section
+CONFIG_CGROUP_PIDS=y  # Optional section
+
+# zram
+CONFIG_ZRAM=m
+CONFIG_ZSMALLOC=m
+CONFIG_ZSMALLOC_STAT=y
+CONFIG_ZRAM_MEMORY_TRACKING=y
+CONFIG_CRYPTO_LZ4=m
+CONFIG_LZ4_COMPRESS=m
+CONFIG_SWAP=y