gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 20 Actions Packages Projects 1 Releases Wiki Activity

deploy1(uconsole): minimal config — no rasberry-pi-5.base, just SSH + WiFi + keys

Browse Source
This commit is contained in:
Hermes
2026-06-12 20:47:11 -04:00
parent 35e4155b8c
commit 053dd535d3
2 changed files with 14 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@@ -115,7 +115,6 @@
} }
# nixos-raspberrypi — pkgs.rpi + overlays standardisés # nixos-raspberrypi — pkgs.rpi + overlays standardisés
nixos-raspberrypi.nixosModules.nixpkgs-rpi nixos-raspberrypi.nixosModules.nixpkgs-rpi
nixos-raspberrypi.nixosModules.raspberry-pi-5.base
nixos-raspberrypi.lib.inject-overlays nixos-raspberrypi.lib.inject-overlays
nixos-raspberrypi.lib.inject-overlays-global nixos-raspberrypi.lib.inject-overlays-global
# nixos-uconsole CM5 modules # nixos-uconsole CM5 modules

148
hosts/uconsole-cm5/configuration.nix
View File

@@ -1,152 +1,30 @@
{ config, lib, pkgs, keys, ... }: { config, lib, pkgs, keys, ... }:
{ {
# Basic Host Info
networking.hostName = "uConsole"; networking.hostName = "uConsole";
time.timeZone = "America/Montreal"; time.timeZone = "America/Montreal";
i18n.defaultLocale = "en_CA.UTF-8"; i18n.defaultLocale = "en_CA.UTF-8";
system.stateVersion = "25.11"; system.stateVersion = "25.11";
# ============================================================ # SSH — root access avec clés gortium + ai-worker
# SSH Access — ta clé + clé de déploiement
# ============================================================
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = lib.mkForce "prohibit-password"; settings = {
settings.PasswordAuthentication = lib.mkForce false; PermitRootLogin = lib.mkForce "prohibit-password";
PasswordAuthentication = lib.mkForce false;
};
authorizedKeysInHomedir = true;
authorizeKeysFromNixStore = false;
}; };
users.users.root = { users.users.root.openssh.authorizedKeys.keys = with keys; [
openssh.authorizedKeys.keys = [ users.gortium.main
keys.users.gortium.main users.ai-worker.main
keys.users.ai-worker.main
]; ];
};
# ============================================================ # WiFi via NetworkManager + secret agenix
# Networking — WiFi via NetworkManager
# ============================================================
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# ============================================================ # Firmware
# WiFi credentials from agenix (SSID + password encrypted) hardware.enableRedistributableFirmware = true;
# Reused across hosts — all connect to the same home WiFi
# ============================================================
age.secrets.home_wifi = {
file = ../../secrets/home_wifi.age;
owner = "root";
group = "root";
mode = "0400";
};
# Write WiFi connection at activation (reads decrypted age secret)
systemd.services.ensure-wifi = {
description = "Configure WiFi from age secret";
after = [ "network.target" "age-home_wifi.service" ];
wants = [ "age-home_wifi.service" ];
before = [ "NetworkManager-wait-online.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = let
wifi-setup = pkgs.writeShellScript "wifi-setup" ''
SSID="$(head -1 /run/secrets/home_wifi)"
PASS="$(tail -1 /run/secrets/home_wifi)"
if ! nmcli -t connection show "$SSID" >/dev/null 2>&1; then
nmcli device wifi connect "$SSID" password "$PASS"
fi
'';
in "${wifi-setup}";
};
};
# ============================================================
# Kernel parameters from nixos-uconsole CM5 module
# ============================================================
boot.kernelParams = [
"8250.nr_uarts=1"
"console=tty1"
];
# ============================================================
# Console font for 5" 720x1280 display
# ============================================================
console = {
earlySetup = true;
font = "ter-v24n";
packages = with pkgs; [ terminus_font ];
};
# ============================================================
# Display — vc4/panel_cwu50 loaded AFTER RP1 PCIe init
# Rien dans initrd — tout RP1 est derrière PCIe
# ============================================================
hardware.graphics.enable = true;
boot.kernelModules = [
"panel_cwu50" # uConsole DSI panel driver
"vc4" # VideoCore 4 KMS GPU driver
"rp1_dsi" # RP1 DSI bridge driver
];
boot.initrd.kernelModules = lib.mkForce [ ];
# ============================================================
# CM5 Config.txt — override complet (clear les defaults de nixos-uconsole)
# ============================================================
hardware.raspberry-pi.config = { };
hardware.raspberry-pi.extra-config = ''
[all]
arm_64bit=1
enable_uart=1
disable_audio_dither=1
ignore_lcd=0
dtdebug=1
gpio=10=ip,np
gpio=11=op,dh
dtoverlay=audremap
dtparam=ant2=on
dtparam=audio=on
dtparam=pin_12_13=on
[pi5]
dtoverlay=clockworkpi-uconsole-cm5
dtoverlay=vc4-kms-v3d-pi5,cma-384
dtparam=pciex1=off
dtparam=nohdmi1=off
'';
# ============================================================
# CM5 Display Backlight Fix
# ============================================================
systemd.services.cm5-backlight-fix = {
description = "CM5 Display Backlight Fix";
after = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = let
fixScript = pkgs.writeShellScript "backlight-fix" ''
for bl in /sys/class/backlight/*/brightness; do
if [ -f "$bl" ]; then
max=$(cat "$(dirname "$bl")/max_brightness" 2>/dev/null || echo 100)
echo "$max" > "$bl" 2>/dev/null || true
fi
done
'';
in "${fixScript}";
};
};
# ============================================================
# Minimal packages
# ============================================================
environment.systemPackages = with pkgs; [
git
vim
htop
libgpiod # GPIO control
];
} }