From 053dd535d3e80698a6b03f5e54e1ebf61fdc225e Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 12 Jun 2026 20:47:11 -0400 Subject: [PATCH] =?UTF-8?q?deploy1(uconsole):=20minimal=20config=20?= =?UTF-8?q?=E2=80=94=20no=20rasberry-pi-5.base,=20just=20SSH=20+=20WiFi=20?= =?UTF-8?q?+=20keys?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.nix | 1 - hosts/uconsole-cm5/configuration.nix | 150 +++------------------------ 2 files changed, 14 insertions(+), 137 deletions(-) diff --git a/flake.nix b/flake.nix index 5a1b3b5..d9f252d 100644 --- a/flake.nix +++ b/flake.nix @@ -115,7 +115,6 @@ } # nixos-raspberrypi — pkgs.rpi + overlays standardisés nixos-raspberrypi.nixosModules.nixpkgs-rpi - nixos-raspberrypi.nixosModules.raspberry-pi-5.base nixos-raspberrypi.lib.inject-overlays nixos-raspberrypi.lib.inject-overlays-global # nixos-uconsole CM5 modules diff --git a/hosts/uconsole-cm5/configuration.nix b/hosts/uconsole-cm5/configuration.nix index f02f72a..eca2778 100644 --- a/hosts/uconsole-cm5/configuration.nix +++ b/hosts/uconsole-cm5/configuration.nix @@ -1,152 +1,30 @@ { config, lib, pkgs, keys, ... }: { - # Basic Host Info networking.hostName = "uConsole"; time.timeZone = "America/Montreal"; i18n.defaultLocale = "en_CA.UTF-8"; system.stateVersion = "25.11"; - # ============================================================ - # SSH Access — ta clé + clé de déploiement - # ============================================================ + # SSH — root access avec clés gortium + ai-worker services.openssh = { enable = true; - settings.PermitRootLogin = lib.mkForce "prohibit-password"; - settings.PasswordAuthentication = lib.mkForce false; + settings = { + PermitRootLogin = lib.mkForce "prohibit-password"; + PasswordAuthentication = lib.mkForce false; + }; + authorizedKeysInHomedir = true; + authorizeKeysFromNixStore = false; }; - users.users.root = { - openssh.authorizedKeys.keys = [ - keys.users.gortium.main - keys.users.ai-worker.main - ]; - }; + users.users.root.openssh.authorizedKeys.keys = with keys; [ + users.gortium.main + users.ai-worker.main + ]; - # ============================================================ - # Networking — WiFi via NetworkManager - # ============================================================ + # WiFi via NetworkManager + secret agenix networking.networkmanager.enable = true; - # ============================================================ - # WiFi credentials from agenix (SSID + password encrypted) - # Reused across hosts — all connect to the same home WiFi - # ============================================================ - age.secrets.home_wifi = { - file = ../../secrets/home_wifi.age; - owner = "root"; - group = "root"; - mode = "0400"; - }; - - # Write WiFi connection at activation (reads decrypted age secret) - systemd.services.ensure-wifi = { - description = "Configure WiFi from age secret"; - after = [ "network.target" "age-home_wifi.service" ]; - wants = [ "age-home_wifi.service" ]; - before = [ "NetworkManager-wait-online.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = let - wifi-setup = pkgs.writeShellScript "wifi-setup" '' - SSID="$(head -1 /run/secrets/home_wifi)" - PASS="$(tail -1 /run/secrets/home_wifi)" - if ! nmcli -t connection show "$SSID" >/dev/null 2>&1; then - nmcli device wifi connect "$SSID" password "$PASS" - fi - ''; - in "${wifi-setup}"; - }; - }; - - # ============================================================ - # Kernel parameters from nixos-uconsole CM5 module - # ============================================================ - boot.kernelParams = [ - "8250.nr_uarts=1" - "console=tty1" - ]; - - # ============================================================ - # Console font for 5" 720x1280 display - # ============================================================ - console = { - earlySetup = true; - font = "ter-v24n"; - packages = with pkgs; [ terminus_font ]; - }; - - # ============================================================ - # Display — vc4/panel_cwu50 loaded AFTER RP1 PCIe init - # Rien dans initrd — tout RP1 est derrière PCIe - # ============================================================ - hardware.graphics.enable = true; - - boot.kernelModules = [ - "panel_cwu50" # uConsole DSI panel driver - "vc4" # VideoCore 4 KMS GPU driver - "rp1_dsi" # RP1 DSI bridge driver - ]; - - boot.initrd.kernelModules = lib.mkForce [ ]; - - # ============================================================ - # CM5 Config.txt — override complet (clear les defaults de nixos-uconsole) - # ============================================================ - hardware.raspberry-pi.config = { }; - - hardware.raspberry-pi.extra-config = '' - [all] - arm_64bit=1 - enable_uart=1 - disable_audio_dither=1 - ignore_lcd=0 - dtdebug=1 - gpio=10=ip,np - gpio=11=op,dh - dtoverlay=audremap - dtparam=ant2=on - dtparam=audio=on - dtparam=pin_12_13=on - - [pi5] - dtoverlay=clockworkpi-uconsole-cm5 - dtoverlay=vc4-kms-v3d-pi5,cma-384 - dtparam=pciex1=off - dtparam=nohdmi1=off - ''; - - # ============================================================ - # CM5 Display Backlight Fix - # ============================================================ - systemd.services.cm5-backlight-fix = { - description = "CM5 Display Backlight Fix"; - after = [ "multi-user.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = let - fixScript = pkgs.writeShellScript "backlight-fix" '' - for bl in /sys/class/backlight/*/brightness; do - if [ -f "$bl" ]; then - max=$(cat "$(dirname "$bl")/max_brightness" 2>/dev/null || echo 100) - echo "$max" > "$bl" 2>/dev/null || true - fi - done - ''; - in "${fixScript}"; - }; - }; - - # ============================================================ - # Minimal packages - # ============================================================ - environment.systemPackages = with pkgs; [ - git - vim - htop - libgpiod # GPIO control - ]; + # Firmware + hardware.enableRedistributableFirmware = true; }