From eeb345b7e0eb16ebcffbacb6fd3db4f98bb2b95a Mon Sep 17 00:00:00 2001
From: Hermes <hermes@lazyworkhorse.net>
Date: Fri, 19 Jun 2026 22:22:13 -0400
Subject: [PATCH] uConsole: add neovim to cross-compile removal tracking
 comment

---
 hosts/uconsole-cm5/configuration.nix     |   1 +
 hosts/uconsole-cm5/configuration.nix.bak | 207 +++++++++++++++++++++++
 2 files changed, 208 insertions(+)
 create mode 100644 hosts/uconsole-cm5/configuration.nix.bak

diff --git a/hosts/uconsole-cm5/configuration.nix b/hosts/uconsole-cm5/configuration.nix
index b841df3..f821afe 100644
--- a/hosts/uconsole-cm5/configuration.nix
+++ b/hosts/uconsole-cm5/configuration.nix
@@ -72,6 +72,7 @@
   #
   # Removed:                              Reason:
   #   hashcat   — Makefile calls gcc directly (cross-compiler not used)
+  #   neovim    — Same as hashcat: Makefile calls gcc directly (cross-compiler not used)
   #   clamav    — cmake try_run + Rust proc-macro linker for aarch64
   #   sdrpp     — glfw/wxPython cross-compile fails
   #   gqrx      — Qt5 cross-compile cascade fails
diff --git a/hosts/uconsole-cm5/configuration.nix.bak b/hosts/uconsole-cm5/configuration.nix.bak
new file mode 100644
index 0000000..6e3de95
--- /dev/null
+++ b/hosts/uconsole-cm5/configuration.nix.bak
@@ -0,0 +1,207 @@
+{ config, lib, pkgs, keys, ... }:
+
+{
+  networking.hostName = "uConsole";
+  time.timeZone = "America/Montreal";
+  i18n.defaultLocale = "en_CA.UTF-8";
+  system.stateVersion = "25.11";
+
+  # Boot & Hardware
+  boot.loader.raspberry-pi.bootloader = "kernel";
+
+  # SSH — root access avec clés gortium + ai-worker
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = lib.mkForce "prohibit-password";
+      PasswordAuthentication = lib.mkForce false;
+    };
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = with keys; [
+    users.gortium.main
+    users.ai-worker.main
+  ];
+
+  # Age secret for gortium password (file created by user)
+  age.secrets.gortium_password = {
+    file = ../../secrets/gortium_password.age;
+  };
+
+  # WiFi via NetworkManager
+  networking.networkmanager.enable = true;
+
+  # Firmware
+  hardware.enableRedistributableFirmware = true;
+
+  # Hyprland Wayland compositor (manual start — no SDDM)
+  programs.hyprland = {
+    enable = true;
+    xwayland.enable = true;
+  };
+
+  # HackerGadgets AIO v2 board
+  hardware.uconsole-cm5-aio-v2 = {
+    enable = true;
+    bootRails = {
+      GPS  = false;
+      LORA = false;
+      SDR  = false;
+      USB  = false;
+    };
+    enableGPS = false;
+  };
+
+  # User
+  users.users.gortium = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" "video" "dialout" "kismet" ];
+    hashedPasswordFile = config.age.secrets.gortium_password.path;
+    openssh.authorizedKeys.keys = [
+      keys.users.gortium.main
+      keys.users.gortium.gitea
+    ];
+  };
+  security.sudo.extraRules = [
+    {
+      users = [ "gortium" ];
+      commands = [{
+        command = "ALL";
+        options = [ "NOPASSWD" ];
+      }];
+    }
+  ];
+
+  # ============================================================
+  # Package groups
+  # ============================================================
+  environment.systemPackages = with pkgs; [
+    # ===== Base =====
+    emacs-pgtk
+    git
+    ripgrep
+    fd
+    htop
+    tmux
+
+    # ===== HAM Radio =====
+    wsjtx
+    fldigi
+    pat                        # Winlink client
+    direwolf                   # AX.25 packet modem
+    chirp                      # Radio programming tool
+    hamlib                     # Ham radio control libraries
+    trustedqsl                 # Logbook of the World (LoTW)
+
+    # ===== SDR / RF =====
+    sdrpp                      # SDR++ spectrum analyzer
+    gqrx                       # SDR receiver GUI
+    rtl-sdr                    # RTL-SDR drivers & utilities
+    inspectrum                # Offline signal analysis
+    soapysdr-with-plugins      # SoapySDR + hardware support plugins
+
+    # ===== Mesh / LoRa =====
+    reticulumStack             # Reticulum Network Stack
+    lxmf                       # LXMF messaging protocol
+    nomadnet                   # Nomad Network client
+
+    # ===== Security =====
+    nmap
+    aircrack-ng
+    kismet                     # Wi-Fi monitor / IDS
+    bettercap                  # MITM/network attack framework
+    wireshark-cli                  # Packet analyzer
+    john                       # John the Ripper
+    sqlmap                     # SQL injection tool
+
+    # ===== GPS / Maps =====
+    foxtrotgps
+    viking                     # GPS map editor
+    gpsbabel                   # GPS data conversion
+  ];
+
+  # ============================================================
+  # Reticulum Service (rnsd)
+  # ============================================================
+  systemd.services.rnsd = {
+    description = "Reticulum Network Stack Daemon";
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "gortium";
+      Group = "gortium";
+      ExecStart = "${pkgs.reticulumStack}/bin/rnsd";
+      Restart = "always";
+      RestartSec = "10s";
+      LimitNOFILE = 65536;
+    };
+  };
+
+  # ============================================================
+  # Kismet Service (Wi-Fi monitoring / mesh node)
+  # ============================================================
+  systemd.services.kismet = {
+    description = "Kismet Wi-Fi Monitor & IDS";
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "gortium";
+      Group = "kismet";
+      ExecStart = "${pkgs.kismet}/bin/kismet -c wlan0 --log-base=/home/gortium/kismet_logs --no-nc-ui";
+      Restart = "always";
+      RestartSec = "10s";
+    };
+  };
+
+  # ============================================================
+  # Kernel modules for SDR and radio
+  # ============================================================
+  boot.kernelModules = [
+    "88x2bu"          # Realtek 8812/8821BU USB WiFi
+    "rtl8xxxu"        # RTL8188/8192/8723 USB WiFi
+    "rtl2832_sdr"     # RTL-SDR kernel module
+    "dvb_usb_rtl28xxu" # RTL-SDR DVB-T
+  ];
+
+  # ============================================================
+  # Extra udev rules for SDR and HAM radio devices
+  # ============================================================
+  services.udev.packages = with pkgs; [ rtl-sdr ];
+
+  # ============================================================
+  # Enable IPv6 for Reticulum mesh
+  # ============================================================
+  networking.enableIPv6 = true;
+
+  # ============================================================
+  # Firewall
+  # ============================================================
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.firewall.allowedUDPPorts = [ ];
+  # ============================================================
+  # agenix-rekey — automatic secret re-encryption at deploy time
+  # ============================================================
+  age.rekey = {
+    # Master identities for encrypting secrets (on Thierry's laptop)
+    masterIdentities = [
+      "/home/gortium/.ssh/gortium_ssh_key"
+    ];
+
+    # uConsole SSH host pubkey — for automatic rekey at build time
+    # Once uConsole is deployed, replace with actual pubkey from:
+    #   ssh-keyscan uConsole.local | ssh-to-age
+    hostPubkey = "age1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs3290gq"; # dummy — replace after bootstrap
+  };
+
+  # Enable remote builder (distributed build via lazyworkhorse server)
+  services.remoteBuilder.enable = true;
+  # ClamAV REMOVED — cross-compile failure (try_run + Rust linker)
+  # clamscan available from server when needed.
+  # gortium.clamav = {
+  #   enable = true;
+  #   enableDaemon = false;
+  # };
+
+}