deploy1(uconsole): minimal config — no rasberry-pi-5.base, just SSH + WiFi + keys
This commit is contained in:
@@ -1,152 +1,30 @@
|
||||
{ config, lib, pkgs, keys, ... }:
|
||||
|
||||
{
|
||||
# Basic Host Info
|
||||
networking.hostName = "uConsole";
|
||||
time.timeZone = "America/Montreal";
|
||||
i18n.defaultLocale = "en_CA.UTF-8";
|
||||
system.stateVersion = "25.11";
|
||||
|
||||
# ============================================================
|
||||
# SSH Access — ta clé + clé de déploiement
|
||||
# ============================================================
|
||||
# SSH — root access avec clés gortium + ai-worker
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PermitRootLogin = lib.mkForce "prohibit-password";
|
||||
settings.PasswordAuthentication = lib.mkForce false;
|
||||
settings = {
|
||||
PermitRootLogin = lib.mkForce "prohibit-password";
|
||||
PasswordAuthentication = lib.mkForce false;
|
||||
};
|
||||
authorizedKeysInHomedir = true;
|
||||
authorizeKeysFromNixStore = false;
|
||||
};
|
||||
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
keys.users.gortium.main
|
||||
keys.users.ai-worker.main
|
||||
];
|
||||
};
|
||||
users.users.root.openssh.authorizedKeys.keys = with keys; [
|
||||
users.gortium.main
|
||||
users.ai-worker.main
|
||||
];
|
||||
|
||||
# ============================================================
|
||||
# Networking — WiFi via NetworkManager
|
||||
# ============================================================
|
||||
# WiFi via NetworkManager + secret agenix
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# ============================================================
|
||||
# WiFi credentials from agenix (SSID + password encrypted)
|
||||
# Reused across hosts — all connect to the same home WiFi
|
||||
# ============================================================
|
||||
age.secrets.home_wifi = {
|
||||
file = ../../secrets/home_wifi.age;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
mode = "0400";
|
||||
};
|
||||
|
||||
# Write WiFi connection at activation (reads decrypted age secret)
|
||||
systemd.services.ensure-wifi = {
|
||||
description = "Configure WiFi from age secret";
|
||||
after = [ "network.target" "age-home_wifi.service" ];
|
||||
wants = [ "age-home_wifi.service" ];
|
||||
before = [ "NetworkManager-wait-online.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = let
|
||||
wifi-setup = pkgs.writeShellScript "wifi-setup" ''
|
||||
SSID="$(head -1 /run/secrets/home_wifi)"
|
||||
PASS="$(tail -1 /run/secrets/home_wifi)"
|
||||
if ! nmcli -t connection show "$SSID" >/dev/null 2>&1; then
|
||||
nmcli device wifi connect "$SSID" password "$PASS"
|
||||
fi
|
||||
'';
|
||||
in "${wifi-setup}";
|
||||
};
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# Kernel parameters from nixos-uconsole CM5 module
|
||||
# ============================================================
|
||||
boot.kernelParams = [
|
||||
"8250.nr_uarts=1"
|
||||
"console=tty1"
|
||||
];
|
||||
|
||||
# ============================================================
|
||||
# Console font for 5" 720x1280 display
|
||||
# ============================================================
|
||||
console = {
|
||||
earlySetup = true;
|
||||
font = "ter-v24n";
|
||||
packages = with pkgs; [ terminus_font ];
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# Display — vc4/panel_cwu50 loaded AFTER RP1 PCIe init
|
||||
# Rien dans initrd — tout RP1 est derrière PCIe
|
||||
# ============================================================
|
||||
hardware.graphics.enable = true;
|
||||
|
||||
boot.kernelModules = [
|
||||
"panel_cwu50" # uConsole DSI panel driver
|
||||
"vc4" # VideoCore 4 KMS GPU driver
|
||||
"rp1_dsi" # RP1 DSI bridge driver
|
||||
];
|
||||
|
||||
boot.initrd.kernelModules = lib.mkForce [ ];
|
||||
|
||||
# ============================================================
|
||||
# CM5 Config.txt — override complet (clear les defaults de nixos-uconsole)
|
||||
# ============================================================
|
||||
hardware.raspberry-pi.config = { };
|
||||
|
||||
hardware.raspberry-pi.extra-config = ''
|
||||
[all]
|
||||
arm_64bit=1
|
||||
enable_uart=1
|
||||
disable_audio_dither=1
|
||||
ignore_lcd=0
|
||||
dtdebug=1
|
||||
gpio=10=ip,np
|
||||
gpio=11=op,dh
|
||||
dtoverlay=audremap
|
||||
dtparam=ant2=on
|
||||
dtparam=audio=on
|
||||
dtparam=pin_12_13=on
|
||||
|
||||
[pi5]
|
||||
dtoverlay=clockworkpi-uconsole-cm5
|
||||
dtoverlay=vc4-kms-v3d-pi5,cma-384
|
||||
dtparam=pciex1=off
|
||||
dtparam=nohdmi1=off
|
||||
'';
|
||||
|
||||
# ============================================================
|
||||
# CM5 Display Backlight Fix
|
||||
# ============================================================
|
||||
systemd.services.cm5-backlight-fix = {
|
||||
description = "CM5 Display Backlight Fix";
|
||||
after = [ "multi-user.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = let
|
||||
fixScript = pkgs.writeShellScript "backlight-fix" ''
|
||||
for bl in /sys/class/backlight/*/brightness; do
|
||||
if [ -f "$bl" ]; then
|
||||
max=$(cat "$(dirname "$bl")/max_brightness" 2>/dev/null || echo 100)
|
||||
echo "$max" > "$bl" 2>/dev/null || true
|
||||
fi
|
||||
done
|
||||
'';
|
||||
in "${fixScript}";
|
||||
};
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# Minimal packages
|
||||
# ============================================================
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
vim
|
||||
htop
|
||||
libgpiod # GPIO control
|
||||
];
|
||||
# Firmware
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user