- New module: hardware.uconsole-cm5-aio-v2
- GPIO rail control for GPS (27), LORA (16), SDR (7), USB (23)
- Systemd oneshot service (aiov2-rails-boot) to apply states at boot
- aiov2_ctl CLI tool packaged from GitHub source
- GPS UART support (ttyAMA0, 9600 baud) with dialout group
- Optional systemd user service for system tray GUI
- Wired into uconsole-cm5 NixOS config + SD image
All rails default OFF — activate on demand with:
aiov2_ctl <GPS|LORA|SDR|USB> on
Qt6Quick and its submodules are not built in the aarch64 qtdeclarative
cross-compile output. hyprland-qt-support can't find them and fails.
Hyprland only needs qtutils at runtime (added to PATH via wrapProgram).
Setting wrapRuntimeDeps = false skips the wrapping entirely, letting
Hyprland build without its QML UI support package.
meta.platforms = [] on libcamera doesn't help because nixos-25.11 pipewire
has libcamera unconditionally in buildInputs. Must overrideAttrs to:
- filter libcamera out of buildInputs
- clear existing libcamera meson flags and set -Dlibcamera=disabled
Remove extra '};' that broke flake.nix parsing.
Apply kernel patch '0008-panel-cwu50-no-burst.patch' to remove
MIPI_DSI_MODE_VIDEO_BURST flag in panel-cwu50.c.
Switch nixos-uconsole module to consolidated uconsole-cm5 module.
Keep patches/0008-panel-cwu50-remove-sync-pulse.patch as variant.
- New module: modules/nixos/security/ai-worker-restricted.nix
- Bind mount for infra repo access (RW)
- Whitelisted sudo commands: nh, nixos-rebuild, nixpkgs-fmt, nix
- Audit logging for infra changes
- Documentation in README-ai-worker.md
- Updated users/ai-worker.nix:
- Enable services.aiWorkerAccess
- Lock password (SSH key only)
- Security documentation comments
- Updated flake.nix:
- Include new security module
SECURITY: AI must ask for user confirmation before running nh os switch
- Refactor all 12 compose stacks to use isolated networks with Traefik as the hub
- Add openclaw-ssh sidecar to ai stack for reverse tunneling (port 2425)
- Add sshnode entrypoint to Traefik configuration
- Add cyt-pi host configuration for Pi Zero 2 W (headless)
- Include kismet and target_detector_cli services for remote Wi-Fi monitoring
- Add reverse SSH tunnel service via autossh
- Add headless openclaw node systemd service for host execution
- Migrate from nix to lix package manager
- Permit openclaw-2026.3.12 (insecure package warning)
- Use ai-worker user for node service
