infra/flake.nix

{
  description = "Gortium infra flake";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.darwin.follows = "";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lix = {
      url = "git+https://git.lix.systems/lix-project/lix?ref=main";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs-uconsole.url = "github:NixOS/nixpkgs/nixos-25.11";
    nixos-uconsole = {
      url = "github:gortium/nixos-uconsole/pr/dcs-panel-detection";
      inputs.nixpkgs.follows = "nixpkgs-uconsole";
      inputs.nixos-raspberrypi.follows = "nixos-raspberrypi";
    };
    nixos-raspberrypi = {
      url = "github:gortium/nixos-raspberrypi/cm5-cross-v1";
      inputs.nixpkgs.follows = "nixpkgs-uconsole";
    };
  };

  outputs = { self, nixpkgs, agenix, lix
            , nixpkgs-uconsole, nixos-uconsole, nixos-raspberrypi
            , ... }@inputs:
    let
      system = "x86_64-linux";
      keys = import ./lib/keys.nix;
      paths = {
        flake = "/home/gortium/infra";
        identities = [
          "/home/gortium/.ssh/gortium_ssh_key"
          "/etc/ssh/ssh_host_ed25519_key"
          "/root/.age/bootstrap.key" ];
      };
      overlays = [ agenix.overlays.default ];
      pkgs = import nixpkgs {
        inherit system overlays;
        config.allowUnfree = true;
        config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];
      };
      devShell = import ./shells/nix_dev.nix {
        inherit pkgs system agenix;
      };

      # Cross-compile overlay fixes for Hyprland and deps on aarch64
      uconsoleCrossOverlay = final: prev: {
        libcamera = prev.libcamera.overrideAttrs (_: { meta.platforms = []; });
        libcamera-rpi = prev.libcamera-rpi.overrideAttrs (_: { meta.platforms = []; });
        libpisp = prev.libpisp.overrideAttrs (_: { meta.platforms = []; });
        pipewire = prev.pipewire.overrideAttrs (old: {
          buildInputs = builtins.filter
            (x: !(x?pname && x.pname == "libcamera"))
            (old.buildInputs or []);
          mesonFlags = builtins.filter
            (flag: !(builtins.isString flag && builtins.match ".*libcamera.*" flag != null))
            (old.mesonFlags or []) ++ [ "-Dlibcamera=disabled" ];
        });
        gjs = prev.gjs.overrideAttrs (old: {
          mesonFlags = (old.mesonFlags or []) ++ [ "-Dskip_gtk_tests=true" ];
        });
        hyprland = prev.hyprland.override { wrapRuntimeDeps = false; };
        xdg-desktop-portal-hyprland = prev.xdg-desktop-portal-hyprland.overrideAttrs (old: {
          preConfigure = (old.preConfigure or "") + ''
            cmakeFlags="$cmakeFlags -Dhyprwayland-scanner_DIR=${prev.buildPackages.hyprwayland-scanner}/lib/cmake/hyprwayland-scanner" 2>/dev/null || true
            export PKG_CONFIG_PATH="${prev.buildPackages.hyprwayland-scanner}/lib/pkgconfig:$PKG_CONFIG_PATH"
          '';
        });
      };

      # RPI-specific pipewire libcamera fix (separate nixpkgs instance)
      uconsoleRpiPipewireOverlay = final: prev: {
        pipewire = prev.pipewire.overrideAttrs (old: {
          buildInputs = builtins.filter
            (x: !(x?pname && x.pname == "libcamera"))
            (old.buildInputs or []);
          mesonFlags = builtins.filter
            (flag: !(builtins.isString flag && builtins.match ".*libcamera.*" flag != null))
            (old.mesonFlags or []) ++ [ "-Dlibcamera=disabled" ];
        });
      };

      # Shared uConsole CM5 module set — used by both toplevel and SD image
      uconsoleBaseModules = [
        {
          nixpkgs.buildPlatform = "x86_64-linux";
          nixpkgs.hostPlatform = "aarch64-linux";
          nixpkgs.config.allowUnfree = true;
          boot.loader.raspberry-pi.bootloader = "kernel";
          nixpkgs.overlays = [ uconsoleCrossOverlay ];
        }
        nixos-raspberrypi.nixosModules.nixpkgs-rpi
        ({ config, lib, pkgs, ... }: {
          nixpkgs.overlays = [ uconsoleRpiPipewireOverlay ];
        })
        # Fix old panel init_sequence: DCS read + DSI_INIT0 lane config
        ({ lib, ... }: {
          boot.kernelPatches = [{
            name = "panel-cwu50-fix-lanes";
            patch = ./patches/0008-panel-cwu50-fix-init-seq1.patch;
          }];
        })
        nixos-raspberrypi.nixosModules.raspberry-pi-5.base
        nixos-raspberrypi.lib.inject-overlays
        nixos-raspberrypi.lib.inject-overlays-global
        nixos-uconsole.nixosModules.uconsole-cm5
        # Cross-compiled Lix for uConsole
        ({ config, lib, pkgs, inputs, ... }: let
          lixCross = import inputs.nixpkgs-uconsole {
            localSystem = { system = "x86_64-linux"; };
            crossSystem = { system = "aarch64-linux"; };
            overlays = [ inputs.lix.overlays.default ];
          };
        in { nix.package = lixCross.lix; })
        agenix.nixosModules.default
        ./hosts/uconsole-cm5/configuration.nix
        ./hosts/uconsole-cm5/hardware-configuration.nix
        ./modules/nixos/services/wireguard-client.nix
        ./modules/nixos/hardware/uconsole-cm5-aio-v2.nix
        ./users/gortium/gortium.nix
        ./users/ai-worker/ai-worker.nix
      ];
    in {
      nixosConfigurations = {
        lazyworkhorse = nixpkgs.lib.nixosSystem {
          specialArgs = { inherit system self keys paths inputs; };
          modules = [
            {
              nixpkgs.overlays = overlays;
              nixpkgs.config.allowUnfree = true;
              nixpkgs.config.rocmSupport = true;
              nixpkgs.config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];
              nix.package = lix.packages.${system}.default;
            }
            agenix.nixosModules.default
            ./hosts/lazyworkhorse/configuration.nix
            ./hosts/lazyworkhorse/hardware-configuration.nix
            ./modules/nixos/filesystem/hoardingcow-mount.nix
            ./modules/nixos/services/docker_manager.nix
            ./modules/nixos/services/wireguard-client.nix
            ./modules/nixos/services/ollama_init_custom_models.nix
            ./modules/nixos/security/ai-worker-restricted.nix
            ./users/gortium/gortium.nix
            ./users/ai-worker/ai-worker.nix
          ];
        };

        cyt-pi = nixpkgs.lib.nixosSystem {
          specialArgs = { inherit self keys paths inputs; };
          modules = [
            {
              nixpkgs.overlays = overlays;
              nixpkgs.config.allowUnfree = true;
              nixpkgs.hostPlatform = "aarch64-linux";
              nix.package = lix.packages."aarch64-linux".default;
            }
            ./hosts/cyt-pi/configuration.nix
            ./hosts/cyt-pi/hardware-configuration.nix
            ./modules/nixos/services/wireguard-client.nix
            ./users/gortium/gortium.nix
          ];
        };

        uconsole-cm5 = nixpkgs-uconsole.lib.nixosSystem {
          system = "aarch64-linux";
          specialArgs = {
            inherit self keys paths inputs;
            nixos-raspberrypi = nixos-raspberrypi;
            isCM4 = false;
          };
          modules = uconsoleBaseModules;
        };
      };

      devShells.${system}.default = devShell;

      packages.${system} = {
        uconsole-cm5-image = (nixos-raspberrypi.lib.nixosSystem {
          system = "aarch64-linux";
          specialArgs = {
            inherit self keys inputs;
            nixos-raspberrypi = nixos-raspberrypi;
            isCM4 = false;
          };
          modules = uconsoleBaseModules ++ [
            nixos-raspberrypi.nixosModules.sd-image
          ];
        }).config.system.build.sdImage;
      };
    };
}
Preparing to switch to flakes 2025-08-03 15:42:02 -04:00			`{`
Used agenix to manage secrets, 4 services up, ssh 2025-08-08 17:00:47 -04:00			`description = "Gortium infra flake";`
Preparing to switch to flakes 2025-08-03 15:42:02 -04:00
			`inputs = {`
			`nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";`
Used agenix to manage secrets, 4 services up, ssh 2025-08-08 17:00:47 -04:00			`agenix = {`
			`url = "github:ryantm/agenix";`
			`inputs.darwin.follows = "";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat: add openclaw node service and migrate to lix - Add headless openclaw node systemd service for host execution - Migrate from nix to lix package manager - Permit openclaw-2026.3.12 (insecure package warning) - Use ai-worker user for node service 2026-04-04 16:26:33 -04:00			`lix = {`
			`url = "git+https://git.lix.systems/lix-project/lix?ref=main";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat(uconsole): add cm5 cross-compiled nixosConfiguration - New host: uconsole-cm5 (aarch64-linux, cross-built from x86_64) - SSH authorizedKeys: gortium.main + ai-worker.main - NetworkManager enabled (WiFi password via agenix later) - Display: vc4/panel_cwu50/rp1_dsi with empty initrd - Config.txt [pi5] section (not [cm5]) - Backlight fix service - nixos-raspberrypi → gortium/cm5-cross-v1 fork (PR #197) - nixpkgs-uconsole pinned to nixos-25.11 (kernel patch compat) V3 branch saved as archive/uconsole-cm5-v3 (Reticulum/SDR/HAM config). 2026-06-12 16:02:13 -04:00			`nixpkgs-uconsole.url = "github:NixOS/nixpkgs/nixos-25.11";`
			`nixos-uconsole = {`
chore: point nixos-uconsole input to pr/dcs-panel-detection branch 2026-06-14 18:43:04 -04:00			`url = "github:gortium/nixos-uconsole/pr/dcs-panel-detection";`
feat(uconsole): add cm5 cross-compiled nixosConfiguration - New host: uconsole-cm5 (aarch64-linux, cross-built from x86_64) - SSH authorizedKeys: gortium.main + ai-worker.main - NetworkManager enabled (WiFi password via agenix later) - Display: vc4/panel_cwu50/rp1_dsi with empty initrd - Config.txt [pi5] section (not [cm5]) - Backlight fix service - nixos-raspberrypi → gortium/cm5-cross-v1 fork (PR #197) - nixpkgs-uconsole pinned to nixos-25.11 (kernel patch compat) V3 branch saved as archive/uconsole-cm5-v3 (Reticulum/SDR/HAM config). 2026-06-12 16:02:13 -04:00			`inputs.nixpkgs.follows = "nixpkgs-uconsole";`
fix(uconsole): resolve conflicting SSH options + properly override nixos-uconsole's nixos-raspberrypi input - mkForce on PermitRootLogin and PasswordAuthentication - nixos-uconsole.inputs.nixos-raspberrypi follows our fork 2026-06-12 16:43:33 -04:00			`inputs.nixos-raspberrypi.follows = "nixos-raspberrypi";`
feat(uconsole): add cm5 cross-compiled nixosConfiguration - New host: uconsole-cm5 (aarch64-linux, cross-built from x86_64) - SSH authorizedKeys: gortium.main + ai-worker.main - NetworkManager enabled (WiFi password via agenix later) - Display: vc4/panel_cwu50/rp1_dsi with empty initrd - Config.txt [pi5] section (not [cm5]) - Backlight fix service - nixos-raspberrypi → gortium/cm5-cross-v1 fork (PR #197) - nixpkgs-uconsole pinned to nixos-25.11 (kernel patch compat) V3 branch saved as archive/uconsole-cm5-v3 (Reticulum/SDR/HAM config). 2026-06-12 16:02:13 -04:00			`};`
			`nixos-raspberrypi = {`
			`url = "github:gortium/nixos-raspberrypi/cm5-cross-v1";`
			`inputs.nixpkgs.follows = "nixpkgs-uconsole";`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`};`
Preparing to switch to flakes 2025-08-03 15:42:02 -04:00			`};`

feat(uconsole): add cm5 cross-compiled nixosConfiguration - New host: uconsole-cm5 (aarch64-linux, cross-built from x86_64) - SSH authorizedKeys: gortium.main + ai-worker.main - NetworkManager enabled (WiFi password via agenix later) - Display: vc4/panel_cwu50/rp1_dsi with empty initrd - Config.txt [pi5] section (not [cm5]) - Backlight fix service - nixos-raspberrypi → gortium/cm5-cross-v1 fork (PR #197) - nixpkgs-uconsole pinned to nixos-25.11 (kernel patch compat) V3 branch saved as archive/uconsole-cm5-v3 (Reticulum/SDR/HAM config). 2026-06-12 16:02:13 -04:00			`outputs = { self, nixpkgs, agenix, lix`
			`, nixpkgs-uconsole, nixos-uconsole, nixos-raspberrypi`
			`, ... }@inputs:`
Preparing to switch to flakes 2025-08-03 15:42:02 -04:00			`let`
			`system = "x86_64-linux";`
Used agenix to manage secrets, 4 services up, ssh 2025-08-08 17:00:47 -04:00			`keys = import ./lib/keys.nix;`
			`paths = {`
			`flake = "/home/gortium/infra";`
Working bootstrap key 2025-08-24 19:02:42 -04:00			`identities = [`
			`"/home/gortium/.ssh/gortium_ssh_key"`
			`"/etc/ssh/ssh_host_ed25519_key"`
			`"/root/.age/bootstrap.key" ];`
Used agenix to manage secrets, 4 services up, ssh 2025-08-08 17:00:47 -04:00			`};`
			`overlays = [ agenix.overlays.default ];`
Some more work toward a modular config 2025-08-04 22:15:59 -04:00			`pkgs = import nixpkgs {`
Used agenix to manage secrets, 4 services up, ssh 2025-08-08 17:00:47 -04:00			`inherit system overlays;`
			`config.allowUnfree = true;`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];`
Used agenix to manage secrets, 4 services up, ssh 2025-08-08 17:00:47 -04:00			`};`
			`devShell = import ./shells/nix_dev.nix {`
			`inherit pkgs system agenix;`
Some more work toward a modular config 2025-08-04 22:15:59 -04:00			`};`
refactor: extract shared uconsole modules to eliminate toplevel/image duplication 2026-06-14 20:56:17 -04:00
			`# Cross-compile overlay fixes for Hyprland and deps on aarch64`
			`uconsoleCrossOverlay = final: prev: {`
			`libcamera = prev.libcamera.overrideAttrs (_: { meta.platforms = []; });`
			`libcamera-rpi = prev.libcamera-rpi.overrideAttrs (_: { meta.platforms = []; });`
			`libpisp = prev.libpisp.overrideAttrs (_: { meta.platforms = []; });`
			`pipewire = prev.pipewire.overrideAttrs (old: {`
			`buildInputs = builtins.filter`
			`(x: !(x?pname && x.pname == "libcamera"))`
			`(old.buildInputs or []);`
			`mesonFlags = builtins.filter`
			`(flag: !(builtins.isString flag && builtins.match ".libcamera." flag != null))`
			`(old.mesonFlags or []) ++ [ "-Dlibcamera=disabled" ];`
			`});`
			`gjs = prev.gjs.overrideAttrs (old: {`
			`mesonFlags = (old.mesonFlags or []) ++ [ "-Dskip_gtk_tests=true" ];`
			`});`
			`hyprland = prev.hyprland.override { wrapRuntimeDeps = false; };`
			`xdg-desktop-portal-hyprland = prev.xdg-desktop-portal-hyprland.overrideAttrs (old: {`
			`preConfigure = (old.preConfigure or "") + ''`
			`cmakeFlags="$cmakeFlags -Dhyprwayland-scanner_DIR=${prev.buildPackages.hyprwayland-scanner}/lib/cmake/hyprwayland-scanner" 2>/dev/null \|\| true`
			`export PKG_CONFIG_PATH="${prev.buildPackages.hyprwayland-scanner}/lib/pkgconfig:$PKG_CONFIG_PATH"`
			`'';`
			`});`
			`};`

			`# RPI-specific pipewire libcamera fix (separate nixpkgs instance)`
			`uconsoleRpiPipewireOverlay = final: prev: {`
			`pipewire = prev.pipewire.overrideAttrs (old: {`
			`buildInputs = builtins.filter`
			`(x: !(x?pname && x.pname == "libcamera"))`
			`(old.buildInputs or []);`
			`mesonFlags = builtins.filter`
			`(flag: !(builtins.isString flag && builtins.match ".libcamera." flag != null))`
			`(old.mesonFlags or []) ++ [ "-Dlibcamera=disabled" ];`
			`});`
			`};`

			`# Shared uConsole CM5 module set — used by both toplevel and SD image`
			`uconsoleBaseModules = [`
			`{`
			`nixpkgs.buildPlatform = "x86_64-linux";`
			`nixpkgs.hostPlatform = "aarch64-linux";`
			`nixpkgs.config.allowUnfree = true;`
			`boot.loader.raspberry-pi.bootloader = "kernel";`
			`nixpkgs.overlays = [ uconsoleCrossOverlay ];`
			`}`
			`nixos-raspberrypi.nixosModules.nixpkgs-rpi`
			`({ config, lib, pkgs, ... }: {`
			`nixpkgs.overlays = [ uconsoleRpiPipewireOverlay ];`
			`})`
Merge remote changes + feat: AIO v2 board module - Cross-compile overlays for Hyprland (libcamera, pipewire, gjs) - Refactor uconsoleBaseModules into reusable list - Add wireguard-client service module - Restructure users into subdirectories - New: hardware.uconsole-cm5-aio-v2 module (GPIO rails, aiov2_ctl, GPS UART) - Update configuration.nix with Hyprland + AIO v2 - Add AIO v2 module to both toplevel and SD image config 2026-06-16 19:02:38 -04:00			`# Fix old panel init_sequence: DCS read + DSI_INIT0 lane config`
			`({ lib, ... }: {`
			`boot.kernelPatches = [{`
			`name = "panel-cwu50-fix-lanes";`
			`patch = ./patches/0008-panel-cwu50-fix-init-seq1.patch;`
			`}];`
			`})`
refactor: extract shared uconsole modules to eliminate toplevel/image duplication 2026-06-14 20:56:17 -04:00			`nixos-raspberrypi.nixosModules.raspberry-pi-5.base`
			`nixos-raspberrypi.lib.inject-overlays`
			`nixos-raspberrypi.lib.inject-overlays-global`
			`nixos-uconsole.nixosModules.uconsole-cm5`
			`# Cross-compiled Lix for uConsole`
			`({ config, lib, pkgs, inputs, ... }: let`
			`lixCross = import inputs.nixpkgs-uconsole {`
			`localSystem = { system = "x86_64-linux"; };`
			`crossSystem = { system = "aarch64-linux"; };`
			`overlays = [ inputs.lix.overlays.default ];`
			`};`
			`in { nix.package = lixCross.lix; })`
			`agenix.nixosModules.default`
			`./hosts/uconsole-cm5/configuration.nix`
			`./hosts/uconsole-cm5/hardware-configuration.nix`
feat: add reusable wireguard-client NixOS module - modules/nixos/services/wireguard-client.nix — optional module under gortium.wireguard-client namespace with enable, vpnIp, privateKeyFile, and presharedKeyFile options - Added to lazyworkhorse, cyt-pi, and uconsoleBaseModules (covers both uconsole-cm5 toplevel and SD image) - Migrated lazyworkhorse from inline networking.wireguard to module - Split-tunnel: allowedIPs = [ "10.8.0.0/24" ] Usage in a host config: gortium.wireguard-client = { enable = true; vpnIp = "10.8.0.X/24"; privateKeyFile = config.age.secrets.wireguard_private_key.path; presharedKeyFile = config.age.secrets.wireguard_preshared_key.path; }; 2026-06-15 10:55:40 -04:00			`./modules/nixos/services/wireguard-client.nix`
Merge remote changes + feat: AIO v2 board module - Cross-compile overlays for Hyprland (libcamera, pipewire, gjs) - Refactor uconsoleBaseModules into reusable list - Add wireguard-client service module - Restructure users into subdirectories - New: hardware.uconsole-cm5-aio-v2 module (GPIO rails, aiov2_ctl, GPS UART) - Update configuration.nix with Hyprland + AIO v2 - Add AIO v2 module to both toplevel and SD image config 2026-06-16 19:02:38 -04:00			`./modules/nixos/hardware/uconsole-cm5-aio-v2.nix`
rename users/gortium/default.nix -> gortium.nix, add to uconsole modules 2026-06-14 21:05:22 -04:00			`./users/gortium/gortium.nix`
Fixed stuff maybe i guess not sure 2026-06-14 21:48:23 -04:00			`./users/ai-worker/ai-worker.nix`
refactor: extract shared uconsole modules to eliminate toplevel/image duplication 2026-06-14 20:56:17 -04:00			`];`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`in {`
			`nixosConfigurations = {`
			`lazyworkhorse = nixpkgs.lib.nixosSystem {`
			`specialArgs = { inherit system self keys paths inputs; };`
			`modules = [`
			`{`
			`nixpkgs.overlays = overlays;`
			`nixpkgs.config.allowUnfree = true;`
			`nixpkgs.config.rocmSupport = true;`
			`nixpkgs.config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];`
			`nix.package = lix.packages.${system}.default;`
			`}`
			`agenix.nixosModules.default`
			`./hosts/lazyworkhorse/configuration.nix`
			`./hosts/lazyworkhorse/hardware-configuration.nix`
			`./modules/nixos/filesystem/hoardingcow-mount.nix`
			`./modules/nixos/services/docker_manager.nix`
feat: add reusable wireguard-client NixOS module - modules/nixos/services/wireguard-client.nix — optional module under gortium.wireguard-client namespace with enable, vpnIp, privateKeyFile, and presharedKeyFile options - Added to lazyworkhorse, cyt-pi, and uconsoleBaseModules (covers both uconsole-cm5 toplevel and SD image) - Migrated lazyworkhorse from inline networking.wireguard to module - Split-tunnel: allowedIPs = [ "10.8.0.0/24" ] Usage in a host config: gortium.wireguard-client = { enable = true; vpnIp = "10.8.0.X/24"; privateKeyFile = config.age.secrets.wireguard_private_key.path; presharedKeyFile = config.age.secrets.wireguard_preshared_key.path; }; 2026-06-15 10:55:40 -04:00			`./modules/nixos/services/wireguard-client.nix`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`./modules/nixos/services/ollama_init_custom_models.nix`
			`./modules/nixos/security/ai-worker-restricted.nix`
rename users/gortium/default.nix -> gortium.nix, add to uconsole modules 2026-06-14 21:05:22 -04:00			`./users/gortium/gortium.nix`
Fixed stuff maybe i guess not sure 2026-06-14 21:48:23 -04:00			`./users/ai-worker/ai-worker.nix`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`];`
			`};`
feat: isolate docker networks and add cyt-pi remote node config - Refactor all 12 compose stacks to use isolated networks with Traefik as the hub - Add openclaw-ssh sidecar to ai stack for reverse tunneling (port 2425) - Add sshnode entrypoint to Traefik configuration - Add cyt-pi host configuration for Pi Zero 2 W (headless) - Include kismet and target_detector_cli services for remote Wi-Fi monitoring - Add reverse SSH tunnel service via autossh 2026-04-06 19:14:57 -04:00
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`cyt-pi = nixpkgs.lib.nixosSystem {`
			`specialArgs = { inherit self keys paths inputs; };`
			`modules = [`
			`{`
			`nixpkgs.overlays = overlays;`
			`nixpkgs.config.allowUnfree = true;`
			`nixpkgs.hostPlatform = "aarch64-linux";`
			`nix.package = lix.packages."aarch64-linux".default;`
			`}`
			`./hosts/cyt-pi/configuration.nix`
			`./hosts/cyt-pi/hardware-configuration.nix`
feat: add reusable wireguard-client NixOS module - modules/nixos/services/wireguard-client.nix — optional module under gortium.wireguard-client namespace with enable, vpnIp, privateKeyFile, and presharedKeyFile options - Added to lazyworkhorse, cyt-pi, and uconsoleBaseModules (covers both uconsole-cm5 toplevel and SD image) - Migrated lazyworkhorse from inline networking.wireguard to module - Split-tunnel: allowedIPs = [ "10.8.0.0/24" ] Usage in a host config: gortium.wireguard-client = { enable = true; vpnIp = "10.8.0.X/24"; privateKeyFile = config.age.secrets.wireguard_private_key.path; presharedKeyFile = config.age.secrets.wireguard_preshared_key.path; }; 2026-06-15 10:55:40 -04:00			`./modules/nixos/services/wireguard-client.nix`
Fixed stuff maybe i guess not sure 2026-06-14 21:48:23 -04:00			`./users/gortium/gortium.nix`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`];`
			`};`
feat(uconsole): add cm5 cross-compiled nixosConfiguration - New host: uconsole-cm5 (aarch64-linux, cross-built from x86_64) - SSH authorizedKeys: gortium.main + ai-worker.main - NetworkManager enabled (WiFi password via agenix later) - Display: vc4/panel_cwu50/rp1_dsi with empty initrd - Config.txt [pi5] section (not [cm5]) - Backlight fix service - nixos-raspberrypi → gortium/cm5-cross-v1 fork (PR #197) - nixpkgs-uconsole pinned to nixos-25.11 (kernel patch compat) V3 branch saved as archive/uconsole-cm5-v3 (Reticulum/SDR/HAM config). 2026-06-12 16:02:13 -04:00
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`uconsole-cm5 = nixpkgs-uconsole.lib.nixosSystem {`
			`system = "aarch64-linux";`
			`specialArgs = {`
			`inherit self keys paths inputs;`
			`nixos-raspberrypi = nixos-raspberrypi;`
			`isCM4 = false;`
feat(uconsole): add cm5 cross-compiled nixosConfiguration - New host: uconsole-cm5 (aarch64-linux, cross-built from x86_64) - SSH authorizedKeys: gortium.main + ai-worker.main - NetworkManager enabled (WiFi password via agenix later) - Display: vc4/panel_cwu50/rp1_dsi with empty initrd - Config.txt [pi5] section (not [cm5]) - Backlight fix service - nixos-raspberrypi → gortium/cm5-cross-v1 fork (PR #197) - nixpkgs-uconsole pinned to nixos-25.11 (kernel patch compat) V3 branch saved as archive/uconsole-cm5-v3 (Reticulum/SDR/HAM config). 2026-06-12 16:02:13 -04:00			`};`
refactor: extract shared uconsole modules to eliminate toplevel/image duplication 2026-06-14 20:56:17 -04:00			`modules = uconsoleBaseModules;`
Preparing to switch to flakes 2025-08-03 15:42:02 -04:00			`};`
			`};`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00
			`devShells.${system}.default = devShell;`

			`packages.${system} = {`
			`uconsole-cm5-image = (nixos-raspberrypi.lib.nixosSystem {`
			`system = "aarch64-linux";`
			`specialArgs = {`
			`inherit self keys inputs;`
			`nixos-raspberrypi = nixos-raspberrypi;`
			`isCM4 = false;`
			`};`
refactor: extract shared uconsole modules to eliminate toplevel/image duplication 2026-06-14 20:56:17 -04:00			`modules = uconsoleBaseModules ++ [`
feat: add CWU50 display patch (no-burst) + fix flake syntax Remove extra '};' that broke flake.nix parsing. Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c. Switch nixos-uconsole module to consolidated uconsole-cm5 module. Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant. 2026-06-13 16:19:53 -04:00			`nixos-raspberrypi.nixosModules.sd-image`
			`];`
			`}).config.system.build.sdImage;`
			`};`
			`};`
Preparing to switch to flakes 2025-08-03 15:42:02 -04:00			`}`