fix: panel-cwu50 timing fix from Rex's kernel - native 720x1280 mode

Swap H/V display mode to native panel resolution (720x1280) instead of rotated (1280x720). The DRM/KMS pipeline handles rotation via connector orientation property. Setting wrong horizontal resolution caused DSI controller to send extra pixels per line, resulting in horizontal repetition. Add DCS-based panel detection in init_sequence2 as supplemental check. Based on ak-rex/ClockworkPi-linux rpi-6.12.y branch panel-cwu50.c. Replaces old 0008 patches (DSI_INIT0, BURST removal) that didn't fix the issue.
Merge pull request 'feat: add uConsole CM5 host with Reticulum mesh network support' (#61 ) from feat/uconsole-cm5-v3 into master
2026-06-13 20:19:19 -04:00 · 2026-06-06 13:19:19 +00:00 · 2026-06-06 09:16:23 -04:00 · 2026-06-05 23:38:21 -04:00 · 2026-06-05 23:33:10 -04:00 · 2026-06-05 22:58:09 -04:00
8 changed files with 446 additions and 529 deletions
--- a/.gitea/workflows/build-nixos.yml
+++ b/.gitea/workflows/build-nixos.yml
@@ -1,64 +0,0 @@
-name: NixOS Build & Test
-run-name: Build ${{ gitea.event_name == 'push' && gitea.ref_name || format('PR #{0}', gitea.event.pull_request.number) }}
-
-on:
-  push:
-    branches:
-      - master
-    paths:
-      - '**.nix'
-      - 'flake.lock'
-      - 'secrets/**'
-      - 'hosts/**'
-      - 'modules/**'
-  pull_request:
-    branches:
-      - master
-    paths:
-      - '**.nix'
-      - 'flake.lock'
-      - 'secrets/**'
-      - 'hosts/**'
-      - 'modules/**'
-
-jobs:
-  build:
-    runs-on: nixos-builder
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Nix environment
-        run: |
-          echo "extra-experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-          cat ~/.config/nix/nix.conf
-
-      - name: Install nh (nix helper)
-        run: |
-          nix --extra-experimental-features "nix-command flakes" \
-            profile add nixpkgs#nh
-          nh --version
-
-      - name: Build NixOS configuration (lazyworkhorse)
-        run: |
-          nh os build .#lazyworkhorse
-        env:
-          NIX_CONFIG: "extra-experimental-features = nix-command flakes"
-
-      - name: Build NixOS configuration (cyt-pi)
-        run: |
-          nh os build .#cyt-pi
-        env:
-          NIX_CONFIG: "extra-experimental-features = nix-command flakes"
-
-      - name: Integration tests (placeholder)
-        run: |
-          echo "TODO: Add integration tests here"
-          echo ""
-          echo "Suggested future checks:"
-          echo "  - nix flake check  (evaluate all NixOS configs)"
-          echo "  - Validate agenix secrets are decryptable"
-          echo "  - Check services are defined correctly"
-          echo "  - Run VM test if nixos-test infrastructure exists"
--- a/flake.nix
+++ b/flake.nix
@@ -12,10 +12,21 @@
      url = "git+https://git.lix.systems/lix-project/lix?ref=main";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    self.submodules = true;
+    nixpkgs-uconsole.url = "github:NixOS/nixpkgs/nixos-25.11";
+    nixos-uconsole = {
+      url = "github:nixos-uconsole/nixos-uconsole/v1.1.0";
+      inputs.nixpkgs.follows = "nixpkgs-uconsole";
+      inputs.nixos-raspberrypi.follows = "nixos-raspberrypi";
+    };
+    nixos-raspberrypi = {
+      url = "github:gortium/nixos-raspberrypi/cm5-cross-v1";
+      inputs.nixpkgs.follows = "nixpkgs-uconsole";
+    };
  };

-  outputs = { self, nixpkgs, agenix, lix, ... }@inputs:
+  outputs = { self, nixpkgs, agenix, lix
+            , nixpkgs-uconsole, nixos-uconsole, nixos-raspberrypi
+            , ... }@inputs:
    let
      system = "x86_64-linux";
      keys = import ./lib/keys.nix;
@@ -30,16 +41,12 @@
      pkgs = import nixpkgs {
        inherit system overlays;
        config.allowUnfree = true;
-        config.permittedInsecurePackages = [
-          "openclaw-2026.3.12"
-        ];
+        config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];
      };
-
      devShell = import ./shells/nix_dev.nix {
        inherit pkgs system agenix;
      };
-    in
-      {
+    in {
      nixosConfigurations = {
        lazyworkhorse = nixpkgs.lib.nixosSystem {
          specialArgs = { inherit system self keys paths inputs; };
@@ -48,9 +55,7 @@
              nixpkgs.overlays = overlays;
              nixpkgs.config.allowUnfree = true;
              nixpkgs.config.rocmSupport = true;
-                nixpkgs.config.permittedInsecurePackages = [
-                  "openclaw-2026.3.12"
-                ];
+              nixpkgs.config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];
              nix.package = lix.packages.${system}.default;
            }
            agenix.nixosModules.default
@@ -59,7 +64,6 @@
            ./modules/nixos/filesystem/hoardingcow-mount.nix
            ./modules/nixos/services/docker_manager.nix
            ./modules/nixos/services/open_code_server.nix
-              ./modules/nixos/services/staging-vm.nix
            ./modules/nixos/services/ollama_init_custom_models.nix
            ./modules/nixos/services/openclaw_node.nix
            ./modules/nixos/security/ai-worker-restricted.nix
@@ -81,7 +85,72 @@
            ./hosts/cyt-pi/hardware-configuration.nix
          ];
        };
+
+        uconsole-cm5 = nixpkgs-uconsole.lib.nixosSystem {
+          system = "aarch64-linux";
+          specialArgs = {
+            inherit self keys paths inputs;
+            nixos-raspberrypi = nixos-raspberrypi;
+            isCM4 = false;
          };
+          modules = [
+            {
+              nixpkgs.buildPlatform = "x86_64-linux";
+              nixpkgs.hostPlatform = "aarch64-linux";
+              nixpkgs.config.allowUnfree = true;
+              boot.loader.raspberry-pi.bootloader = "kernel";
+            }
+            nixos-raspberrypi.nixosModules.nixpkgs-rpi
+            # Fix display timings from Rex's kernel: native 720x1280 instead of
+            # rotated 1280x720, plus DCS-based panel detection.
+            ({ lib, ... }: {
+              boot.kernelPatches = [{
+                name = "panel-cwu50-rex-timing-fix";
+                patch = ./patches/0008-panel-cwu50-rex-timing-fix.patch;
+              }];
+            })
+            nixos-raspberrypi.nixosModules.raspberry-pi-5.base
+            nixos-raspberrypi.lib.inject-overlays
+            nixos-raspberrypi.lib.inject-overlays-global
+            nixos-uconsole.nixosModules.uconsole-cm5
+            ({ config, lib, pkgs, inputs, ... }: let
+              lix-cross = import inputs.nixpkgs-uconsole {
+                localSystem = { system = "x86_64-linux"; };
+                crossSystem = { system = "aarch64-linux"; };
+                overlays = [ inputs.lix.overlays.default ];
+              };
+            in { nix.package = lix-cross.lix; })
+            agenix.nixosModules.default
+            ./hosts/uconsole-cm5/configuration.nix
+            ./hosts/uconsole-cm5/hardware-configuration.nix
+          ];
+        };
+      };
+
      devShells.${system}.default = devShell;
+
+      packages.${system} = {
+        uconsole-cm5-image = (nixos-raspberrypi.lib.nixosSystem {
+          system = "aarch64-linux";
+          specialArgs = {
+            inherit self keys inputs;
+            nixos-raspberrypi = nixos-raspberrypi;
+            isCM4 = false;
+          };
+          modules = [
+            {
+              nixpkgs.buildPlatform = system;
+              nixpkgs.hostPlatform = "aarch64-linux";
+            }
+            nixos-raspberrypi.nixosModules.nixpkgs-rpi
+            nixos-raspberrypi.nixosModules.raspberry-pi-5.base
+            nixos-raspberrypi.lib.inject-overlays-global
+            nixos-raspberrypi.nixosModules.sd-image
+            nixos-uconsole.nixosModules.uconsole-cm5
+            agenix.nixosModules.default
+            ./hosts/uconsole-cm5/configuration.nix
+          ];
+        }).config.system.build.sdImage;
+      };
    };
 }
--- a/hosts/lazyworkhorse/configuration.nix
+++ b/hosts/lazyworkhorse/configuration.nix
@@ -11,6 +11,10 @@
  # Flakesss
  nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" ];
  nix.settings.trusted-users = [ "root" "gortium" ];
+  nix.settings.extra-platforms = [ "aarch64-linux" ];
+
+  # QEMU binfmt for cross-building aarch64 NixOS targets
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  # Garbage collection
  nix.gc = {
--- a/hosts/uConsole/configuration.nix
+++ b/hosts/uConsole/configuration.nix
@@ -0,0 +1,171 @@
+{ config, lib, pkgs, paths, self, keys, ... }:
+
+{
+  # Basic Host Info
+  networking.hostName = "uConsole";
+  time.timeZone = "America/Montreal";
+  i18n.defaultLocale = "en_CA.UTF-8";
+
+  # System State
+  system.stateVersion = "25.05";
+
+  # Boot & Hardware (migrated to kernel bootloader per nixos-raspberrypi deprecation notice)
+  boot.loader.raspberry-pi.bootloader = "kernel";
+  # kernel managed by nixos-raspberrypi module — don't override, patches are version-specific
+  # boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Networking
+  networking.networkmanager.enable = true;
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = lib.mkForce "prohibit-password";
+    settings.PasswordAuthentication = lib.mkForce false;
+  };
+
+  # User
+  users.users.gortium = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" "video" "dialout" "kismet" ];
+    openssh.authorizedKeys.keys = [
+      keys.users.gortium.main
+      keys.users.gortium.gitea
+    ];
+  };
+  security.sudo.extraRules = [
+    {
+      users = [ "gortium" ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+
+  # ============================================================
+  # Package groups
+  # ============================================================
+
+  environment.systemPackages = with pkgs; [
+    # ===== Base =====
+    emacs-pgtk
+    git
+    ripgrep
+    fd
+    htop
+    tmux
+    neovim
+
+    # ===== HAM Radio =====
+    js8call
+    wsjtx
+    fldigi
+    pat                        # Winlink client
+    direwolf                   # AX.25 packet modem
+    chirp                      # Radio programming tool
+    hamlib                     # Ham radio control libraries
+    trustedqsl                 # Logbook of the World (LoTW)
+
+    # ===== SDR / RF =====
+    sdrpp                      # SDR++ spectrum analyzer
+    gqrx                       # SDR receiver GUI
+    rtl-sdr                    # RTL-SDR drivers & utilities
+    inspectrum                # Offline signal analysis
+    soapysdr-with-plugins      # SoapySDR + hardware support plugins
+
+    # ===== Mesh / LoRa =====
+    meshtastic                 # Python CLI for Meshtastic devices
+    reticulumStack             # Reticulum Network Stack (rnsd, rnsh, rncp, rnx, rnpath, etc.)
+    lxmf                       # LXMF messaging protocol
+    nomadnet                   # Nomad Network client
+
+    # ===== Security =====
+    nmap
+    aircrack-ng
+    kismet                     # Wi-Fi monitor / IDS
+    bettercap                  # MITM/network attack framework
+    wireshark                  # Packet analyzer
+    hashcat                    # GPU password cracker
+    john                       # John the Ripper
+    sqlmap                     # SQL injection tool
+
+    # ===== GPS / Maps =====
+    foxtrotgps
+    viking                     # GPS map editor
+    gpsbabel                   # GPS data conversion
+  ];
+
+  # Packages noted but not in unstable nixpkgs:
+  #   - metasploit: unfree; install manually via Git clone
+  #   - burpsuite: unfree Java app (Community Edition available for download)
+  #   - sidechannel: not a distinct PyPI package; functionality covered by
+  #     the Reticulum stack. For LXMF GUI client, install Sideband manually
+  #     from github.com/markqvist/Sideband
+
+  # ============================================================
+  # Reticulum Service (rnsd)
+  # ============================================================
+  systemd.services.rnsd = {
+    description = "Reticulum Network Stack Daemon";
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "gortium";
+      Group = "gortium";
+      ExecStart = "${pkgs.reticulumStack}/bin/rnsd";
+      Restart = "always";
+      RestartSec = "10s";
+      LimitNOFILE = 65536;
+    };
+  };
+
+  # ============================================================
+  # Kismet Service (Wi-Fi monitoring / mesh node)
+  # ============================================================
+  systemd.services.kismet = {
+    description = "Kismet Wi-Fi Monitor & IDS";
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "gortium";
+      Group = "kismet";
+      ExecStart = "${pkgs.kismet}/bin/kismet -c wlan0 --log-base=/home/gortium/kismet_logs --no-nc-ui";
+      Restart = "always";
+      RestartSec = "10s";
+    };
+  };
+
+  # ============================================================
+  # Kernel modules for SDR and radio
+  # ============================================================
+  boot.kernelModules = [
+    "88x2bu"          # Realtek 8812/8821BU USB WiFi (common adapter)
+    "rtl8xxxu"        # RTL8188/8192/8723 USB WiFi
+    "rtl2832_sdr"     # RTL-SDR kernel module
+    "dvb_usb_rtl28xxu" # RTL-SDR DVB-T
+  ];
+
+  boot.blacklistedKernelModules = [ ];
+
+  # ============================================================
+  # Extra udev rules for SDR and HAM radio devices
+  # ============================================================
+  services.udev.packages = with pkgs; [ rtl-sdr ];
+
+  # ============================================================
+  # Enable IPv6 for Reticulum mesh
+  # ============================================================
+  networking.enableIPv6 = true;
+
+  # ============================================================
+  # Firewall: open ports for Reticulum (optional)
+  # ============================================================
+  networking.firewall.allowedTCPPorts = [ 22 ]; # SSH only
+  networking.firewall.allowedUDPPorts = [ ];
+  # Reticulum uses its own encryption and doesn't need open ports
+  # for basic mesh operations (peer-to-peer discovery).
+  # For TCP interfaces, open additional ports as needed.
+}
--- a/hosts/uConsole/hardware-configuration.nix
+++ b/hosts/uConsole/hardware-configuration.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sdhci_pci" "nvme" ];
+  boot.initrd.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # uConsole CM5 uses NVMe or eMMC for boot storage
+  # The uconsole-cm5 module sets up /boot/firmware and default /
+  # Override device label here if using different storage
+  fileSystems."/" = lib.mkDefault {
+    device = "/dev/disk/by-label/NIXOS_UCM5";
+    fsType = "ext4";
+    options = [ "noatime" ];
+  };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  hardware.enableRedistributableFirmware = true;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}
--- a/modules/nixos/services/staging-vm.nix
+++ b/modules/nixos/services/staging-vm.nix
@@ -1,415 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.staging-vm;
-
-  # Resolve the first IP in the subnet (the gateway address for the NAT network)
-  networkIp = head (splitString "/" cfg.network.subnet);
-
-  # ── pr-test-vm helper script ──────────────────────────────────────────
-  pr-test-vm = pkgs.writeShellScriptBin "pr-test-vm" ''
-    set -euo pipefail
-
-    LIBVIRT_URI="qemu:///system"
-    STORAGE_POOL="${cfg.storagePool}"
-    VM_DIR="${cfg.dataDir}"
-    NETWORK="${cfg.network.name}"
-    SCRIPT_NAME="$(basename "$0")"
-
-    usage() {
-      cat <<EOF
-    Usage: $SCRIPT_NAME <command> [options]
-
-    Commands:
-      build   <nixos-config> [--name <name>]   Build VM image from a NixOS config
-      start   <vm-name>                         Start a VM
-      stop    <vm-name>                         Gracefully shut down a VM
-      destroy <vm-name>                         Force-power-off and undefine a VM
-      ssh     [user@]<vm-name>                  SSH into a running VM
-      console <vm-name>                         Connect to VM serial console
-      list                                      List all staging VMs
-      status  <vm-name>                         Show VM status
-      rebuild <vm-name>                         Redeploy the VM (stop + start)
-
-    Examples:
-      $SCRIPT_NAME build ./vm-config.nix --name my-test
-      $SCRIPT_NAME start my-test
-      $SCRIPT_NAME ssh root@my-test
-    EOF
-      exit 1
-    }
-
-    # Find the VM's IP address from the DHCP lease
-    vm_ip() {
-      local name="$1"
-      local mac
-      mac=$(${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" domiflist "$name" 2>/dev/null \
-        | ${pkgs.gawk}/bin/awk 'NR>2 && $1 ~ /^vnet/ {print $NF; exit}')
-      [ -z "$mac" ] && { echo "error: cannot find MAC for VM '$name'"; exit 1; }
-
-      local ip
-      ip=$(${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" net-dhcp-leases "$NETWORK" 2>/dev/null \
-        | ${pkgs.gawk}/bin/awk -v mac="$mac" '$0 ~ mac {gsub(/-.*/, "", $3); print $3; exit}')
-      [ -z "$ip" ] && { echo "error: no DHCP lease found for VM '$name' (MAC: $mac)"; exit 1; }
-      echo "$ip"
-    }
-
-    case "''${1:-help}" in
-      build)
-        shift
-        CONFIG="''${1:?Missing NixOS config path}"
-        VM_NAME="''${2:-}"
-        [ -f "$CONFIG" ] || { echo "error: config file not found: $CONFIG"; exit 1; }
-
-        # Extract name from --name flag or config basename
-        if [ "''${2:-}" = "--name" ] && [ -n "''${3:-}" ]; then
-          VM_NAME="$3"
-        elif [ -z "$VM_NAME" ] || [ "''${VM_NAME#--}" != "$VM_NAME" ]; then
-          VM_NAME="$(basename "$CONFIG" .nix)"
-        fi
-
-        BUILD_DIR="$VM_DIR/$VM_NAME"
-        IMAGE="$BUILD_DIR/disk-image.qcow2"
-
-        echo "==> Building VM '$VM_NAME' from config: $CONFIG"
-        mkdir -p "$BUILD_DIR"
-
-        # Build the NixOS VM derivation
-        nix build --no-link -f "$CONFIG" vm 2>&1 || {
-          # Fallback: try as flake output
-          echo "Trying flake build..."
-          nix build "''${CONFIG%/.nix}#nixosConfigurations.$VM_NAME.config.system.build.vm" --no-link 2>&1 || {
-            echo "error: failed to build VM (tried both import and flake)"
-            exit 1
-          }
-        }
-
-        echo "==> Build complete. Run 'pr-test-vm start $VM_NAME' to launch."
-        ;;
-
-      start)
-        VM_NAME="''${1:?Missing VM name}"
-        IMAGE="$VM_DIR/$VM_NAME/disk-image.qcow2"
-        [ -f "$IMAGE" ] || { echo "error: no disk image found at $IMAGE. Build first."; exit 1; }
-
-        # Check if already running
-        STATE=$(${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" domstate "$VM_NAME" 2>/dev/null || echo "undefined")
-        if [ "$STATE" = "running" ]; then
-          echo "VM '$VM_NAME' is already running."
-          exit 0
-        fi
-
-        echo "==> Starting VM '$VM_NAME'..."
-
-        # Undefine if defined but not running
-        if [ "$STATE" != "undefined" ]; then
-          ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" undefine "$VM_NAME" 2>/dev/null || true
-        fi
-
-        # Define and start with virt-install
-        ${pkgs.virt-manager}/bin/virt-install \
-          --connect "$LIBVIRT_URI" \
-          --name "$VM_NAME" \
-          --memory "${toString cfg.memory}" \
-          --vcpus "${toString cfg.vcpus}" \
-          --disk "$IMAGE",bus=virtio \
-          --import \
-          --network network="$NETWORK",model=virtio \
-          --graphics none \
-          --console pty,target_type=virtio \
-          --serial pty \
-          --memballoon virtio \
-          --rng /dev/urandom \
-          --noautoconsole \
-          --os-variant detect=on,name=generic
-
-        echo "==> VM '$VM_NAME' started. Get IP with: pr-test-vm status $VM_NAME"
-        ;;
-
-      stop)
-        VM_NAME="''${1:?Missing VM name}"
-        echo "==> Stoping VM '$VM_NAME'..."
-        ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" shutdown "$VM_NAME" 2>/dev/null && {
-          echo "Waiting for VM to shut down..."
-          for i in $(seq 1 30); do
-            STATE=$(${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" domstate "$VM_NAME" 2>/dev/null || echo "undefined")
-            [ "$STATE" != "running" ] && { echo "VM stopped."; exit 0; }
-            sleep 2
-          done
-          echo "warning: VM did not shut down gracefully, use 'destroy' for force"
-        } || {
-          echo "VM '$VM_NAME' not running or does not exist."
-        }
-        ;;
-
-      destroy)
-        VM_NAME="''${1:?Missing VM name}"
-        echo "==> Destroying VM '$VM_NAME'..."
-        ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" destroy "$VM_NAME" 2>/dev/null || true
-        ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" undefine "$VM_NAME" 2>/dev/null || true
-        echo "==> VM '$VM_NAME' destroyed and undefined."
-        ;;
-
-      ssh)
-        TARGET="''${1:?Usage: $SCRIPT_NAME ssh [user@]<vm-name>}"
-        # Split user@hostname if present
-        if echo "$TARGET" | ${pkgs.gnugrep}/bin/grep -q '@'; then
-          USER="''${TARGET%@*}"
-          VM_NAME="''${TARGET#*@}"
-        else
-          VM_NAME="$TARGET"
-          USER=""
-        fi
-
-        IP=$(vm_ip "$VM_NAME") || exit 1
-        if [ -n "$USER" ]; then
-          exec ${pkgs.openssh}/bin/ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "''${USER}@''${IP}"
-        else
-          exec ${pkgs.openssh}/bin/ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$IP"
-        fi
-        ;;
-
-      console)
-        VM_NAME="''${1:?Missing VM name}"
-        exec ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" console "$VM_NAME"
-        ;;
-
-      list)
-        echo "Staging VMs:"
-        ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" list --all
-        echo ""
-        echo "Active networks:"
-        ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" net-list
-        echo ""
-        echo "Storage pools:"
-        ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" pool-list
-        ;;
-
-      status)
-        VM_NAME="''${1:?Missing VM name}"
-        echo "VM: $VM_NAME"
-        STATE=$(${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" domstate "$VM_NAME" 2>/dev/null || echo "not found")
-        echo "State: $STATE"
-        if [ "$STATE" = "running" ]; then
-          IP=$(vm_ip "$VM_NAME" 2>/dev/null || echo "N/A")
-          echo "IP: $IP"
-          ${pkgs.libvirt}/bin/virsh -c "$LIBVIRT_URI" dommemstat "$VM_NAME" 2>/dev/null | head -3 || true
-        fi
-        ;;
-
-      rebuild)
-        VM_NAME="''${1:?Missing VM name}"
-        "$0" destroy "$VM_NAME"
-        "$0" start "$VM_NAME"
-        ;;
-
-      help|--help|-h)
-        usage
-        ;;
-
-      *)
-        usage
-        ;;
-    esac
-  '';
-in
-{
-  options.services.staging-vm = {
-    enable = mkEnableOption "Staging VM infrastructure with libvirt/KVM";
-
-    network = {
-      name = mkOption {
-        type = types.str;
-        default = "staging";
-        description = "Name of the libvirt NAT network for staging VMs";
-      };
-
-      bridge = mkOption {
-        type = types.str;
-        default = "virbr1";
-        description = "Bridge interface name for the staging network";
-      };
-
-      subnet = mkOption {
-        type = types.str;
-        default = "192.168.122.0/24";
-        description = "NAT network subnet in CIDR notation";
-      };
-
-      dhcpStart = mkOption {
-        type = types.str;
-        default = "192.168.122.2";
-        description = "Start of the DHCP range";
-      };
-
-      dhcpEnd = mkOption {
-        type = types.str;
-        default = "192.168.122.254";
-        description = "End of the DHCP range";
-      };
-    };
-
-    storagePool = mkOption {
-      type = types.str;
-      default = "/var/lib/libvirt/images";
-      description = "Directory path for the libvirt storage pool";
-    };
-
-    dataDir = mkOption {
-      type = types.str;
-      default = "/var/lib/staging-vm";
-      description = "Directory for staging VM test data (images, cloud-init configs)";
-    };
-
-    memory = mkOption {
-      type = types.int;
-      default = 2048;
-      description = "Default RAM in MiB for staging VMs";
-    };
-
-    vcpus = mkOption {
-      type = types.int;
-      default = 2;
-      description = "Default number of vCPUs for staging VMs";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    # ── libvirtd with QEMU/KVM ──────────────────────────────────────────
-    virtualisation.libvirtd = {
-      enable = true;
-
-      qemu = {
-        package = pkgs.qemu_kvm;
-        runAsRoot = true;
-
-        swtpm = {
-          enable = true;
-        };
-
-        ovmf = {
-          enable = true;
-          packages = [ pkgs.OVMF ];
-        };
-      };
-
-      # Allow the staging bridge for guest networking
-      allowedBridges = [ cfg.network.bridge ];
-    };
-
-    # ── System packages ─────────────────────────────────────────────────
-    environment.systemPackages = with pkgs; [
-      libvirt                # virsh, virt-admin
-      qemu_kvm               # QEMU/KVM
-      swtpm                  # Software TPM
-      OVMF                   # UEFI firmware for VMs
-      virt-manager           # GUI management
-      virt-viewer            # SPICE/VNC viewer
-      libguestfs             # virt-install, virt-customize, guestfish
-      cdrtools               # genisoimage for cloud-init ISOs
-      jq                     # JSON parsing
-      gawk                   # awk for DHCP lease parsing
-      gnugrep                # grep
-    ];
-
-    # ── User permissions ────────────────────────────────────────────────
-    users.users.gortium.extraGroups = [ "libvirtd" ];
-
-    # ── Directories ─────────────────────────────────────────────────────
-    systemd.tmpfiles.rules = [
-      "d ${cfg.storagePool} 0755 root root -"
-      "d ${cfg.dataDir} 0755 root root -"
-    ];
-
-    # ── Default NAT network definition ──────────────────────────────────
-    systemd.services.define-staging-network = {
-      description = "Define the staging libvirt NAT network";
-      after = [ "libvirtd.service" ];
-      requires = [ "libvirtd.service" ];
-      wantedBy = [ "multi-user.target" ];
-      before = [ "define-staging-pool.service" ];
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = true;
-      };
-      script = let
-        networkXml = pkgs.writeText "staging-network.xml" ''
-          <network>
-            <name>${cfg.network.name}</name>
-            <forward mode='nat'/>
-            <bridge name='${cfg.network.bridge}' stp='on' delay='0'/>
-            <ip address='${networkIp}' netmask='255.255.255.0'>
-              <dhcp>
-                <range start='${cfg.network.dhcpStart}' end='${cfg.network.dhcpEnd}'/>
-              </dhcp>
-            </ip>
-          </network>
-        '';
-      in ''
-        set -e
-        ${pkgs.libvirt}/bin/virsh -c qemu:///system net-info "${cfg.network.name}" 2>/dev/null && {
-          echo "Network '${cfg.network.name}' already exists"
-        } || {
-          echo "Defining network '${cfg.network.name}'..."
-          ${pkgs.libvirt}/bin/virsh -c qemu:///system net-define "${networkXml}"
-        }
-        ${pkgs.libvirt}/bin/virsh -c qemu:///system net-autostart "${cfg.network.name}"
-        # Start the network if not already active
-        STATE=$(${pkgs.libvirt}/bin/virsh -c qemu:///system net-state "${cfg.network.name}" 2>/dev/null || echo "inactive")
-        if [ "$STATE" != "active" ]; then
-          ${pkgs.libvirt}/bin/virsh -c qemu:///system net-start "${cfg.network.name}"
-        fi
-        echo "Network '${cfg.network.name}' is ready."
-      '';
-    };
-
-    # ── Storage pool definition ─────────────────────────────────────────
-    systemd.services.define-staging-pool = {
-      description = "Define the staging libvirt storage pool";
-      after = [ "libvirtd.service" "define-staging-network.service" ];
-      requires = [ "libvirtd.service" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = true;
-      };
-      script = ''
-        set -e
-        ${pkgs.libvirt}/bin/virsh -c qemu:///system pool-info staging 2>/dev/null && {
-          echo "Storage pool 'staging' already exists"
-        } || {
-          echo "Defining storage pool 'staging' at ${cfg.storagePool}..."
-          ${pkgs.libvirt}/bin/virsh -c qemu:///system pool-define-as \
-            --name staging --type dir --target "${cfg.storagePool}"
-        }
-        ${pkgs.libvirt}/bin/virsh -c qemu:///system pool-autostart staging
-        STATE=$(${pkgs.libvirt}/bin/virsh -c qemu:///system pool-state staging 2>/dev/null || echo "inactive")
-        if [ "$STATE" != "running" ]; then
-          ${pkgs.libvirt}/bin/virsh -c qemu:///system pool-build staging
-          ${pkgs.libvirt}/bin/virsh -c qemu:///system pool-start staging
-        fi
-        echo "Storage pool 'staging' is ready."
-      '';
-    };
-
-    # ── Firewall rules for libvirt guests ───────────────────────────────
-    networking.firewall = {
-      # Trust the bridge interface to allow guest traffic
-      trustedInterfaces = [ cfg.network.bridge ];
-
-      extraCommands = mkAfter ''
-        # Allow forwarding between the staging bridge and the outside world
-        iptables -I FORWARD -i ${cfg.network.bridge} -j ACCEPT 2>/dev/null || true
-        iptables -I FORWARD -o ${cfg.network.bridge} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true
-
-        # NAT for guest outbound traffic
-        iptables -t nat -I POSTROUTING -s ${cfg.network.subnet} -j MASQUERADE 2>/dev/null || true
-      '';
-    };
-
-    # ── pr-test-vm helper script ────────────────────────────────────────
-    environment.systemPackages = [ pr-test-vm ];
-  };
-}
--- a/overlays/reticulum.nix
+++ b/overlays/reticulum.nix
@@ -0,0 +1,81 @@
+final: prev: let
+  python3 = final.python3;
+  pyPkgs = python3.pkgs;
+in {
+  reticulumStack = python3.pkgs.buildPythonApplication rec {
+    pname = "reticulum";
+    version = "1.2.9";
+    format = "setuptools";
+    src = pyPkgs.fetchPypi {
+      pname = "rns";
+      inherit version;
+      sha256 = "554814231c237b9caacf8df669312e57dd7d3f84b6d4810125087d1a79a75d75";
+    };
+    propagatedBuildInputs = with pyPkgs; [ cryptography pyserial ];
+    doCheck = false;
+    pythonImportsCheck = [ "RNS" ];
+    meta = with final.lib; {
+      description = "Self-configuring, encrypted and resilient mesh networking stack";
+      homepage = "https://reticulum.network/";
+      license = licenses.mit;
+      platforms = platforms.linux;
+    };
+  };
+
+  lxmf = python3.pkgs.buildPythonApplication rec {
+    pname = "lxmf";
+    version = "0.9.8";
+    format = "setuptools";
+    src = pyPkgs.fetchPypi {
+      inherit pname version;
+      sha256 = "30f39f3a975a049c12ee2cfceb3261d24cb5adec881c6821f7354464b3f3650c";
+    };
+    propagatedBuildInputs = [ final.reticulumStack ];
+    doCheck = false;
+    pythonImportsCheck = [ "LXMF" ];
+    meta = with final.lib; {
+      description = "Lightweight Extensible Message Format for Reticulum";
+      homepage = "https://github.com/markqvist/lxmf";
+      license = licenses.mit;
+      platforms = platforms.linux;
+    };
+  };
+
+  nomadnet = python3.pkgs.buildPythonApplication rec {
+    pname = "nomadnet";
+    version = "1.1.1";
+    format = "setuptools";
+    src = pyPkgs.fetchPypi {
+      inherit pname version;
+      sha256 = "fa13b64a10e75b705a58024815ab72451700aa726af96d415ba99dec28dfc40a";
+    };
+    propagatedBuildInputs = with pyPkgs; [ final.reticulumStack final.lxmf urwid qrcode ];
+    doCheck = false;
+    pythonImportsCheck = [ "nomadnet" ];
+    meta = with final.lib; {
+      description = "Nomad Network — resilient mesh communications platform";
+      homepage = "https://github.com/markqvist/NomadNet";
+      license = licenses.mit;
+      platforms = platforms.linux;
+    };
+  };
+
+  rnsh = python3.pkgs.buildPythonApplication rec {
+    pname = "rnsh";
+    version = "0.1.7";
+    format = "setuptools";
+    src = pyPkgs.fetchPypi {
+      inherit pname version;
+      sha256 = "9cb72f25abb1c6d300f8014b264184ff78f592fe88e36094938012990b797c93";
+    };
+    propagatedBuildInputs = [ final.reticulumStack ];
+    doCheck = false;
+    pythonImportsCheck = [ "rnsh" ];
+    meta = with final.lib; {
+      description = "Remote shell over Reticulum";
+      homepage = "https://github.com/acehoss/rnsh";
+      license = licenses.mit;
+      platforms = platforms.linux;
+    };
+  };
+}
--- a/patches/0008-panel-cwu50-rex-timing-fix.patch
+++ b/patches/0008-panel-cwu50-rex-timing-fix.patch
@@ -0,0 +1,45 @@
+--- a/drivers/gpu/drm/panel/panel-cwu50.c
+++ b/drivers/gpu/drm/panel/panel-cwu50.c
+@@ -27,12 +27,12 @@ static const struct drm_display_mode default_mode = {
+ 	.clock = 61020,
+-	.hdisplay = 1280,
+-	.hsync_start = 1280 + 8,
+-	.hsync_end = 1280 + 8 + 2,
+-	.htotal = 1280 + 8 + 2 + 16,
+-	.vdisplay = 720,
+-	.vsync_start = 720 + 30,
+-	.vsync_end = 720 + 30 + 15,
+-	.vtotal = 720 + 30 + 15 + 15,
+	.hdisplay = 720,
+	.hsync_start = 720 + 30,
+	.hsync_end = 720 + 30 + 15,
+	.htotal = 720 + 30 + 15 + 15,
+	.vdisplay = 1280,
+	.vsync_start = 1280 + 8,
+	.vsync_end = 1280 + 8 + 2,
+	.vtotal = 1280 + 8 + 2 + 16,
+ };
+ 
+ static inline struct cwu50 *panel_to_cwu50(struct drm_panel *panel)
+@@ -586,7 +586,8 @@ static int cwu50_init_sequence2(struct cwu50 *ctx)
+ {
+ 	struct mipi_dsi_device *dsi = to_mipi_dsi_device(ctx->dev);
+-	int err;
+	int err;
+	u8 buf[4];
+ 
+ 	dcs_write_seq(0xE0,0x00);
+ 
+@@ -633,6 +634,12 @@ static int cwu50_init_sequence2(struct cwu50 *ctx)
+ 
+ 	dcs_write_seq(0x11);// SLPOUT
+ 	msleep (200);
+	dcs_write_seq(0xE0,0x00);
+	mipi_dsi_dcs_read(dsi, 0x04, buf, 3);
+
+	if(buf[0] == 0x39) ctx->is_new_panel = 1;
+
+	dcs_write_seq(0xE0,0x00);
+ 
+ 	dcs_write_seq(0x29);// DSiPON
+ 	msleep (100);
Author	SHA1	Message	Date
Hermes	2f081d3e19	fix: panel-cwu50 timing fix from Rex's kernel - native 720x1280 mode Swap H/V display mode to native panel resolution (720x1280) instead of rotated (1280x720). The DRM/KMS pipeline handles rotation via connector orientation property. Setting wrong horizontal resolution caused DSI controller to send extra pixels per line, resulting in horizontal repetition. Add DCS-based panel detection in init_sequence2 as supplemental check. Based on ak-rex/ClockworkPi-linux rpi-6.12.y branch panel-cwu50.c. Replaces old 0008 patches (DSI_INIT0, BURST removal) that didn't fix the issue.	2026-06-13 20:19:19 -04:00
Thierry Pouplier	5aca97e057	Merge pull request 'feat: add uConsole CM5 host with Reticulum mesh network support' (#61 ) from feat/uconsole-cm5-v3 into master Reviewed-on: #61	2026-06-06 13:19:19 +00:00
Hermes	a51e095717	feat: enable aarch64 cross-build on lazyworkhorse (QEMU binfmt + extra-platforms)	2026-06-06 09:16:23 -04:00
Hermes	9ebbb1c0c6	fix: bump nixos-raspberrypi to v1.20260517.0 (matches nixos-uconsole tested version)	2026-06-05 23:38:21 -04:00
Hermes	7f11da1878	fix: let nixos-raspberrypi manage kernel version (patches incompatible with linuxPackages_latest)	2026-06-05 23:33:10 -04:00
Hermes	29cc20bb04	fix: add wants=network-online.target to rnsd and kismet services to silence eval warnings	2026-06-05 22:58:09 -04:00
Hermes	1617ac9149	fix: migrate from deprecated kernelboot to kernel bootloader for nixos-raspberrypi	2026-06-05 22:57:26 -04:00
Hermes	24f15c98cd	fix: add format=setuptools to all reticulum overlay python packages	2026-06-05 22:46:54 -04:00
Hermes	bdd6d03739	fix: use mkForce for PermitRootLogin to override upstream module default	2026-06-05 22:45:59 -04:00
Hermes	a0a6663793	fix: use mkForce for PasswordAuthentication to override upstream module default	2026-06-05 22:45:30 -04:00
Hermes	b66ffadb79	fix: add missing 'keys' to uConsole module args	2026-06-05 22:43:53 -04:00
Hermes	db2bd1d157	feat: add uConsole CM5 host configuration with Reticulum mesh stack - New NixOS host 'uConsole' for ClockworkPi CM5 portable terminal - flake.nix: add nixos-uconsole and nixos-raspberrypi inputs - Imports: nixos-uconsole.nixosModules.uconsole-cm5, nixos-raspberrypi.nixosModules.raspberry-pi-5.base - Full package list: base tools, HAM radio, SDR/RF, mesh/LoRa, security tools, GPS/maps - Reticulum stack (rns 1.2.9, lxmf 0.9.8, nomadnet 1.1.1) built from PyPI via overlays/reticulum.nix - systemd services: rnsd (Reticulum daemon), kismet (Wi-Fi IDS) - Kernel modules for SDR (rtl-sdr, dvb) and USB WiFi - Follows existing host config conventions (cyt-pi as template)	2026-05-20 14:34:15 -04:00