102586d7e8
fix: switch nixos-uconsole to cm5_fix branch (patches OK)
...
- Remove local boot.kernelPatches (now in nixos-uconsole fork)
- Point to github:gortium/nixos-uconsole/cm5_fix instead of pr/dcs-panel-detection
2026-06-16 19:21:54 -04:00
6c08958730
fix: add ai-worker-restricted module to uConsole CM5 base modules
...
Required for services.aiWorkerAccess option used by users/ai-worker/ai-worker.nix
2026-06-16 19:04:35 -04:00
3f331e4bfb
fix: add home-manager input for uConsole CM5 gortium user config
...
The remote branch added users/gortium/gortium.nix which uses
home-manager module option, but home-manager wasn't imported.
2026-06-16 19:03:59 -04:00
1550219e77
Merge remote changes + feat: AIO v2 board module
...
- Cross-compile overlays for Hyprland (libcamera, pipewire, gjs)
- Refactor uconsoleBaseModules into reusable list
- Add wireguard-client service module
- Restructure users into subdirectories
- New: hardware.uconsole-cm5-aio-v2 module (GPIO rails, aiov2_ctl, GPS UART)
- Update configuration.nix with Hyprland + AIO v2
- Add AIO v2 module to both toplevel and SD image config
2026-06-16 19:02:38 -04:00
2572f47e41
feat: add NixOS module for HackerGadgets AIO v2 board (uConsole CM5)
...
- New module: hardware.uconsole-cm5-aio-v2
- GPIO rail control for GPS (27), LORA (16), SDR (7), USB (23)
- Systemd oneshot service (aiov2-rails-boot) to apply states at boot
- aiov2_ctl CLI tool packaged from GitHub source
- GPS UART support (ttyAMA0, 9600 baud) with dialout group
- Optional systemd user service for system tray GUI
- Wired into uconsole-cm5 NixOS config + SD image
All rails default OFF — activate on demand with:
aiov2_ctl <GPS|LORA|SDR|USB> on
2026-06-16 19:00:50 -04:00
bd8b1c564e
feat: add reusable wireguard-client NixOS module
...
- modules/nixos/services/wireguard-client.nix — optional module under
gortium.wireguard-client namespace with enable, vpnIp, privateKeyFile,
and presharedKeyFile options
- Added to lazyworkhorse, cyt-pi, and uconsoleBaseModules (covers both
uconsole-cm5 toplevel and SD image)
- Migrated lazyworkhorse from inline networking.wireguard to module
- Split-tunnel: allowedIPs = [ "10.8.0.0/24" ]
Usage in a host config:
gortium.wireguard-client = {
enable = true;
vpnIp = "10.8.0.X/24";
privateKeyFile = config.age.secrets.wireguard_private_key.path;
presharedKeyFile = config.age.secrets.wireguard_preshared_key.path;
};
2026-06-15 10:55:40 -04:00
8651295b0a
Fixed stuff maybe i guess not sure
2026-06-14 21:48:23 -04:00
e95baddb96
rename users/gortium/default.nix -> gortium.nix, add to uconsole modules
2026-06-14 21:05:22 -04:00
eb3fe42542
refactor: extract shared uconsole modules to eliminate toplevel/image duplication
2026-06-14 20:56:17 -04:00
2ee616839e
chore: point nixos-uconsole input to pr/dcs-panel-detection branch
2026-06-14 18:43:04 -04:00
42202c8a40
fix: add hyprwayland-scanner native paths for xdg-desktop-portal-hyprland cross-compile
2026-06-14 10:11:44 -04:00
2476352fdf
fix: skip hyprland qtutils (Qt6Quick missing in aarch64 cross-compile)
...
Qt6Quick and its submodules are not built in the aarch64 qtdeclarative
cross-compile output. hyprland-qt-support can't find them and fails.
Hyprland only needs qtutils at runtime (added to PATH via wrapProgram).
Setting wrapRuntimeDeps = false skips the wrapping entirely, letting
Hyprland build without its QML UI support package.
2026-06-14 10:01:28 -04:00
8afca7315d
fix: correct qtdeclarative attr to qt6.qtdeclarative
2026-06-14 09:56:31 -04:00
0372b37950
fix: set Qt6Qml_DIR for hyprland-qt-support cross-compile
2026-06-14 09:52:35 -04:00
11a4969028
fix: skip GTK tests in gjs cross-compile for Hyprland
2026-06-14 09:30:50 -04:00
6a1c26cac2
fix: remove libcamera from pipewire buildInputs (both overlays)
...
meta.platforms = [] on libcamera doesn't help because nixos-25.11 pipewire
has libcamera unconditionally in buildInputs. Must overrideAttrs to:
- filter libcamera out of buildInputs
- clear existing libcamera meson flags and set -Dlibcamera=disabled
2026-06-14 09:03:44 -04:00
9978ea36f4
fix: disable libcamera in pipewire via mesonFlags for both pkgs and rpi
2026-06-14 00:56:31 -04:00
3f985c72de
switch to gortium/nixos-uconsole fork
2026-06-13 23:15:53 -04:00
2c9136d1dc
fix: add DSI_INIT0 lane config to old panel init_sequence + fix mode_flags
2026-06-13 18:49:36 -04:00
6fac886598
revert: remove failed CWU50 display fix patches
2026-06-13 18:04:06 -04:00
a4f4891236
try: no-burst-no-sync-pulse (VIDEO only)
2026-06-13 17:12:51 -04:00
3a809938c9
try: no-sync-pulse variant (keep BURST, remove SYNC_PULSE)
2026-06-13 16:38:24 -04:00
0f765d99cb
feat: add CWU50 display patch (no-burst) + fix flake syntax
...
Remove extra '};' that broke flake.nix parsing.
Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove
MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c.
Switch nixos-uconsole module to consolidated uconsole-cm5 module.
Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant.
2026-06-13 16:27:32 -04:00
6543de3a45
fix: correct sd-image module to nixosModules.sd-image
2026-06-12 21:57:49 -04:00
0db8071300
fix: correct sd-image module path
2026-06-12 21:56:22 -04:00
9038863728
fix: remove dead rpi-pkgs line
2026-06-12 21:48:48 -04:00
7e3b2520eb
fix: use nixos-raspberrypi.lib.nixosSystem + sd-image module directly
2026-06-12 21:47:29 -04:00
80efb68428
feat(uconsole): add flashable SD image package (SSH+WiFi+keys)
2026-06-12 21:42:51 -04:00
656570b39e
fix: use plain string for bootloader setting
2026-06-12 20:54:19 -04:00
8b6990ceee
deploy1(uconsole): revert rasberry-pi-5.base removal — keep minimal SSH+WiFi config
2026-06-12 20:52:11 -04:00
a312c29221
fix: remove boot.loader.raspberry-pi reference (option removed with rasberry-pi-5.base)
2026-06-12 20:48:30 -04:00
053dd535d3
deploy1(uconsole): minimal config — no rasberry-pi-5.base, just SSH + WiFi + keys
2026-06-12 20:47:11 -04:00
35e4155b8c
fix(uconsole): remove configtxt module (conflicting overlays) — use extra-config only
2026-06-12 20:20:39 -04:00
052081616c
test: remove self.submodules to check Lix compatibility
2026-06-12 19:24:43 -04:00
d3d7cdff44
Revert "fix: remove self.submodules (not supported by Lix)"
...
This reverts commit 5202bc1fcb
2026-06-12 18:59:04 -04:00
5202bc1fcb
fix: remove self.submodules (not supported by Lix)
2026-06-12 18:56:44 -04:00
9319e32683
fix(uconsole): cross-compile Lix instead of using native aarch64 flake package
2026-06-12 18:41:44 -04:00
7da46d5769
refactor(uconsole): use standard inject-overlays helpers instead of manual overlay list
2026-06-12 18:21:45 -04:00
8ea6be7ac1
fix: remove rpi-cross-overlay import from uconsole-cm5 modules
2026-06-12 17:11:17 -04:00
16acc6a153
fix(uconsole): resolve conflicting SSH options + properly override nixos-uconsole's nixos-raspberrypi input
...
- mkForce on PermitRootLogin and PasswordAuthentication
- nixos-uconsole.inputs.nixos-raspberrypi follows our fork
2026-06-12 16:43:33 -04:00
5ee644e9dd
feat(uconsole): add rpi-cross-overlay module + Lix
...
- rpi-cross-overlay.nix: override pkgs.rpi with cross-compilation
when buildPlatform != hostPlatform (0 QEMU)
- Lix nix daemon for uConsole (aarch64-linux)
- Remove broken inline overlay from flake.nix
2026-06-12 16:36:49 -04:00
698d3f91eb
feat(uconsole): add agenix secret for WiFi credentials
...
- age.secrets.uconsole-wifi (SSID+password in encrypted file)
- systemd service ensure-wifi reads decrypted secret and configures NM
- agenix.nixosModules.default imported for uconsole-cm5
- uconsole-wifi.age declared in secrets/secrets.nix
2026-06-12 16:15:37 -04:00
1f99ca0d37
feat(uconsole): add cm5 cross-compiled nixosConfiguration
...
- New host: uconsole-cm5 (aarch64-linux, cross-built from x86_64)
- SSH authorizedKeys: gortium.main + ai-worker.main
- NetworkManager enabled (WiFi password via agenix later)
- Display: vc4/panel_cwu50/rp1_dsi with empty initrd
- Config.txt [pi5] section (not [cm5])
- Backlight fix service
- nixos-raspberrypi → gortium/cm5-cross-v1 fork (PR #197 )
- nixpkgs-uconsole pinned to nixos-25.11 (kernel patch compat)
V3 branch saved as archive/uconsole-cm5-v3 (Reticulum/SDR/HAM config).
2026-06-12 16:02:13 -04:00
18df45819d
Add restricted AI worker access with deployment capabilities
...
- New module: modules/nixos/security/ai-worker-restricted.nix
- Bind mount for infra repo access (RW)
- Whitelisted sudo commands: nh, nixos-rebuild, nixpkgs-fmt, nix
- Audit logging for infra changes
- Documentation in README-ai-worker.md
- Updated users/ai-worker.nix:
- Enable services.aiWorkerAccess
- Lock password (SSH key only)
- Security documentation comments
- Updated flake.nix:
- Include new security module
SECURITY: AI must ask for user confirmation before running nh os switch
2026-04-28 15:34:38 +00:00
Robert
bc875ef9fb
feat: isolate docker networks and add cyt-pi remote node config
...
- Refactor all 12 compose stacks to use isolated networks with Traefik as the hub
- Add openclaw-ssh sidecar to ai stack for reverse tunneling (port 2425)
- Add sshnode entrypoint to Traefik configuration
- Add cyt-pi host configuration for Pi Zero 2 W (headless)
- Include kismet and target_detector_cli services for remote Wi-Fi monitoring
- Add reverse SSH tunnel service via autossh
2026-04-06 19:14:57 -04:00
Robert
401b23ce46
feat: add openclaw node service and migrate to lix
...
- Add headless openclaw node systemd service for host execution
- Migrate from nix to lix package manager
- Permit openclaw-2026.3.12 (insecure package warning)
- Use ai-worker user for node service
2026-04-04 16:26:33 -04:00
13dbf18f67
Progress dump before ai agent
2026-04-04 04:57:47 -04:00
056c39aa71
chore: update flake imports and infrastructure secrets
2026-01-01 02:25:40 -05:00
a8851c19e4
Working bootstrap key
2025-08-24 19:02:42 -04:00
98c0142938
Fixed the git submodule for flake
2025-08-08 19:11:29 -04:00
