diff --git a/flake.lock b/flake.lock index e78ed64..fbd7842 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,38 @@ "type": "github" } }, + "argononed": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, + "argononed_2": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -37,6 +69,36 @@ "url": "https://git.lix.systems/lix-project/flake-compat/archive/main.tar.gz" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -70,11 +132,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1774721317, - "narHash": "sha256-KS0ElyhZKdUFcfaxfwid3yi2Id3EP9i+dGL16/wx1T8=", + "lastModified": 1777373577, + "narHash": "sha256-K0sXr8tRA9L1FGE8Khl42NR+DmZOY9gNYCP8ljX7TAo=", "ref": "main", - "rev": "d0190cff6f2314cc1c727ff113aea20e086f4bcc", - "revCount": 19103, + "rev": "faaa14a303dabc6309a52cc8e5eba86f9e29ccaf", + "revCount": 19152, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -144,6 +206,130 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-raspberrypi", + "nixpkgs" + ], + "nixos-unstable": [ + "nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747747741, + "narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=", + "owner": "nvmd", + "repo": "nixos-images", + "rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "sdimage-installer", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-images_2": { + "inputs": { + "nixos-stable": [ + "nixos-uconsole", + "nixos-raspberrypi", + "nixpkgs" + ], + "nixos-unstable": [ + "nixos-uconsole", + "nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747747741, + "narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=", + "owner": "nvmd", + "repo": "nixos-images", + "rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "sdimage-installer", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-raspberrypi": { + "inputs": { + "argononed": "argononed", + "flake-compat": "flake-compat_2", + "nixos-images": "nixos-images", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773704510, + "narHash": "sha256-Kq0WPitNekYzouyd8ROlZb63cpSg/+Ep2XxkV0YlABU=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "b5c77d506bed55250a4642ce6c8b395dd29ef06b", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "v1.20260317.0", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, + "nixos-raspberrypi_2": { + "inputs": { + "argononed": "argononed_2", + "flake-compat": "flake-compat_3", + "nixos-images": "nixos-images_2", + "nixpkgs": [ + "nixos-uconsole", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773704510, + "narHash": "sha256-Kq0WPitNekYzouyd8ROlZb63cpSg/+Ep2XxkV0YlABU=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "b5c77d506bed55250a4642ce6c8b395dd29ef06b", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "v1.20260317.0", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, + "nixos-uconsole": { + "inputs": { + "nixos-raspberrypi": "nixos-raspberrypi_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775854552, + "narHash": "sha256-hBlNh2eFWg0qlxM1gFpjp2JBdB82Zw4Y5otd+hwEvpQ=", + "owner": "nixos-uconsole", + "repo": "nixos-uconsole", + "rev": "cf4cb3b7996bd2cbc88964f90af8929e4d76987b", + "type": "github" + }, + "original": { + "owner": "nixos-uconsole", + "repo": "nixos-uconsole", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1705033721, @@ -178,11 +364,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1777268161, + "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "type": "github" }, "original": { @@ -212,6 +398,8 @@ "inputs": { "agenix": "agenix", "lix": "lix", + "nixos-raspberrypi": "nixos-raspberrypi", + "nixos-uconsole": "nixos-uconsole", "nixpkgs": "nixpkgs_2" } }, diff --git a/flake.nix b/flake.nix index a06b03e..d1ec294 100644 --- a/flake.nix +++ b/flake.nix @@ -12,10 +12,20 @@ url = "git+https://git.lix.systems/lix-project/lix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; }; + # uConsole CM5 hardware support + nixos-uconsole = { + url = "github:nixos-uconsole/nixos-uconsole"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # nixos-raspberrypi provides hardware.raspberry-pi options required by uconsole-cm5 + nixos-raspberrypi = { + url = "github:nvmd/nixos-raspberrypi/v1.20260317.0"; + inputs.nixpkgs.follows = "nixpkgs"; + }; self.submodules = true; }; - outputs = { self, nixpkgs, agenix, lix, ... }@inputs: + outputs = { self, nixpkgs, agenix, lix, nixos-uconsole, nixos-raspberrypi, ... }@inputs: let system = "x86_64-linux"; keys = import ./lib/keys.nix; @@ -79,6 +89,25 @@ ./hosts/cyt-pi/hardware-configuration.nix ]; }; + + uConsole = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit self keys paths inputs nixos-raspberrypi; }; + modules = [ + { + nixpkgs.config.allowUnfree = true; + nixpkgs.hostPlatform = "aarch64-linux"; + nixpkgs.overlays = [ nixos-raspberrypi.overlays.vendor-pkgs ]; + nix.package = lix.packages."aarch64-linux".default; + } + # Raspberry Pi 5 base (provides hardware.raspberry-pi options) + nixos-raspberrypi.nixosModules.raspberry-pi-5.base + # uConsole CM5 hardware support (display, kernel, config) + nixos-uconsole.nixosModules.uconsole-cm5 + ./hosts/uconsole/configuration.nix + ./hosts/uconsole/hardware-configuration.nix + ]; + }; }; devShells.${system}.default = devShell; }; diff --git a/hosts/uconsole/configuration.nix b/hosts/uconsole/configuration.nix new file mode 100644 index 0000000..55426a7 --- /dev/null +++ b/hosts/uconsole/configuration.nix @@ -0,0 +1,114 @@ +{ config, lib, pkgs, paths, self, keys, inputs, nixos-raspberrypi, ... }: + +{ + # --- CORE HARDWARE (CM5 / RPi5) --- + # nixos-raspberrypi.nixosModules.raspberry-pi-5.base + nixos-uconsole.nixosModules.uconsole-cm5 imported in flake.nix + + # --- BASIC HOST INFO --- + networking.hostName = "uConsole"; + networking.networkmanager.enable = true; + time.timeZone = "America/Montreal"; + i18n.defaultLocale = "en_CA.UTF-8"; + + # --- GPS DAEMON --- + services.gpsd = { + enable = true; + devices = [ "/dev/ttyAMA0" ]; # Default port for RPi5/CM5 GPS + nowait = true; + }; + + # --- USER CONFIGURATION --- + users.users.thierry = { + isNormalUser = true; + description = "Thierry"; + extraGroups = [ + "wheel" # Sudo + "dialout" # Access to serial/HAM rigs + "plugdev" # Access to USB SDRs + "wireshark" # Packet capture without root + "video" # Hardware acceleration access + "networkmanager" + ]; + openssh.authorizedKeys.keys = [ + keys.users.gortium.main + keys.users.gortium.gitea + ]; + }; + + # --- INTERFACE (WAYLAND/SWAY) --- + # Sway is recommended for the uConsole's low resources + programs.sway = { + enable = true; + extraOptions = [ "--unsupported-gpu" ]; # Often needed for RPi + }; + + # --- SOFTWARE TOOLKITS --- + environment.systemPackages = with pkgs; [ + # Base Tools (for your Doom Emacs environment) + emacs-pgtk # Emacs with Wayland support + git # Required for Doom Emacs / Flakes + ripgrep # Fast searching for Emacs/CLI + fd # Better find for Emacs + htop # Resource monitor + tmux # Terminal multiplexer + neovim # Alternative editor + + # HAM RADIO (Digital Modes) + js8call # Weak-signal keyboard messaging + wsjtx # FT8, JT65, etc. + fldigi # Digital modem (PSK, RTTY) + pat # Winlink client (Use 'pat configure' after install) + direwolf # Software TNC for APRS + chirp # Radio programming + hamlib # Rig control (rigctl) + trustedqsl # LotW log signing + + # SDR + RF ANALYSIS + sdrpp # Modern SDR GUI (Best for uConsole) + gqrx # Classic SDR receiver + rtl-sdr # Drivers for RTL2832U + inspectrum # Offline signal analysis + soapysdr-with-plugins # Hardware abstraction layer + + # LORA, MESH & RETICULUM + # reticulum-network-stack - not in nixpkgs, install via pip + # nomadnet - not in nixpkgs, install via pip + # lxmf - not in nixpkgs, install via pip + # sidechannel-rns - not in nixpkgs, install via pip + + # HACKING & SECURITY (Kali-like suite) + nmap # Port scanning + metasploit # Exploitation framework + aircrack-ng # Wi-Fi auditing + kismet # Wireless sniffer (Essential for your Pi Zero project) + bettercap # MITM and network attack tool + wireshark # Protocol analyzer + burpsuite # Web vulnerability scanner + hashcat # Password recovery + john # John the Ripper (password cracking) + sqlmap # Automated SQL injection + + # GPS & OFFLINE MAPPING + foxtrotgps # Lightweight map viewer (Perfect for small screens) + viking # GPS data editor and map viewer + gpsbabel # GPS data conversion + # marble - not available in this nixpkgs version + ]; + + # Udev rules for SDR and Radio hardware access + services.udev.packages = [ + pkgs.rtl-sdr + ]; + + # Enable Wireshark privilege separation + programs.wireshark.enable = true; + + # Enable OpenSSH + services.openssh = { + enable = true; + settings.PermitRootLogin = lib.mkForce "prohibit-password"; + }; + + # System state version + system.stateVersion = "25.11"; +} diff --git a/hosts/uconsole/hardware-configuration.nix b/hosts/uconsole/hardware-configuration.nix new file mode 100644 index 0000000..c92d009 --- /dev/null +++ b/hosts/uconsole/hardware-configuration.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # uConsole CM5 specific filesystem (eMMC boot) + fileSystems."/" = + { device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/FIRMWARE"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # uConsole CM5 is ARM64 + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + hardware.enableRedistributableFirmware = true; +}