Compare commits
44 Commits
uconsole-c
...
archive/uc
| Author | SHA1 | Date | |
|---|---|---|---|
| ca3faf40cf | |||
| 4f1864af70 | |||
| 67418f037a | |||
| fb01e4be1d | |||
| f57f2846ff | |||
| 288b7538d5 | |||
| fb7c3e6424 | |||
| 6961027218 | |||
| 8bf44a066e | |||
| 644c9a7645 | |||
| 52fa439409 | |||
| db2deda941 | |||
| 7f7634c1b1 | |||
| 1fa1cfaa76 | |||
| 4d2cba77e1 | |||
| 8d54e5e8fa | |||
| 42e5d4dd2d | |||
| 682402e0e6 | |||
| 9c4b50b4c3 | |||
| 8e395729ff | |||
| 346b41995f | |||
| 68900ca7b3 | |||
| 38eea77fd9 | |||
| b7b5ef0b53 | |||
| f0954efcaa | |||
| b0be414649 | |||
| 31dd0f36d4 | |||
| 653c69fcfd | |||
| a9b95c5d48 | |||
| 6771c9882a | |||
| 897f470a16 | |||
| eaf879c4d1 | |||
| 486758e51a | |||
| 34cc0a161a | |||
| a51e095717 | |||
| 9ebbb1c0c6 | |||
| 7f11da1878 | |||
| 29cc20bb04 | |||
| 1617ac9149 | |||
| 24f15c98cd | |||
| bdd6d03739 | |||
| a0a6663793 | |||
| b66ffadb79 | |||
| db2bd1d157 |
Submodule assets/compose updated: 3c92d93366...d3f2e3b7b9
98
flake.nix
Normal file → Executable file
98
flake.nix
Normal file → Executable file
@@ -2,33 +2,34 @@
|
||||
description = "Gortium infra flake";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
||||
nixpkgs.url = "github:nixos/nixpkgs?ref=25.11";
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.darwin.follows = "";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
lix = {
|
||||
url = "git+https://git.lix.systems/lix-project/lix?ref=main";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
# uConsole CM5 — pinned nixpkgs for kernel patch compatibility
|
||||
nixpkgs-uconsole.url = "github:NixOS/nixpkgs/nixos-25.11";
|
||||
nixpkgs-uconsole = {
|
||||
url = "github:nixos/nixpkgs/54170c54449ea4d6725efd30d719c5e505f1c10e";
|
||||
};
|
||||
nixos-uconsole = {
|
||||
url = "github:nixos-uconsole/nixos-uconsole/v1.1.0";
|
||||
inputs.nixpkgs.follows = "nixpkgs-uconsole";
|
||||
inputs.nixos-raspberrypi.follows = "nixos-raspberrypi";
|
||||
};
|
||||
nixos-raspberrypi = {
|
||||
url = "github:gortium/nixos-raspberrypi/cm5-cross-v1";
|
||||
inputs.nixpkgs.follows = "nixpkgs-uconsole";
|
||||
url = "github:nvmd/nixos-raspberrypi/v1.20260317.0";
|
||||
inputs.nixpkgs.follows = "nixos-uconsole/nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, agenix, lix
|
||||
, nixpkgs-uconsole, nixos-uconsole, nixos-raspberrypi
|
||||
, ... }@inputs:
|
||||
outputs = { self, nixpkgs, agenix, disko, lix, nixos-uconsole, nixos-raspberrypi, ... }@inputs:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
keys = import ./lib/keys.nix;
|
||||
@@ -39,7 +40,7 @@
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
"/root/.age/bootstrap.key" ];
|
||||
};
|
||||
overlays = [ agenix.overlays.default ];
|
||||
overlays = [ agenix.overlays.default (import ./overlays/reticulum.nix) ];
|
||||
pkgs = import nixpkgs {
|
||||
inherit system overlays;
|
||||
config.allowUnfree = true;
|
||||
@@ -94,77 +95,24 @@
|
||||
];
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# uConsole CM5 — cross-compilé (build sur x86_64, run sur ARM)
|
||||
# Approche incrémentale pour fixer l'écran
|
||||
# ============================================================
|
||||
uconsole-cm5 = nixpkgs-uconsole.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = {
|
||||
inherit self keys paths inputs;
|
||||
nixos-raspberrypi = nixos-raspberrypi;
|
||||
isCM4 = false;
|
||||
};
|
||||
uConsole = nixos-uconsole.lib.mkUConsoleSystem {
|
||||
variant = "cm5";
|
||||
specialArgs = { inherit self keys paths inputs nixos-raspberrypi; };
|
||||
modules = [
|
||||
{
|
||||
# Cross-compile : build sur x86_64, run sur aarch64
|
||||
nixpkgs.buildPlatform = "x86_64-linux";
|
||||
nixpkgs.hostPlatform = "aarch64-linux";
|
||||
nixpkgs.overlays = overlays;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
boot.loader.raspberry-pi.bootloader = "kernel";
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"openclaw-2026.3.12"
|
||||
];
|
||||
}
|
||||
# nixos-raspberrypi — pkgs.rpi + overlays standardisés
|
||||
nixos-raspberrypi.nixosModules.nixpkgs-rpi
|
||||
nixos-raspberrypi.nixosModules.raspberry-pi-5.base
|
||||
nixos-raspberrypi.lib.inject-overlays
|
||||
nixos-raspberrypi.lib.inject-overlays-global
|
||||
# nixos-uconsole CM5 modules
|
||||
nixos-uconsole.nixosModules.kernel
|
||||
(nixos-uconsole.nixosModules.cm { lib = nixpkgs-uconsole.lib; isCM4 = false; })
|
||||
nixos-uconsole.nixosModules.base
|
||||
# Lix cross-compilé (lix.packages.aarch64-linux est natif → QEMU)
|
||||
({ config, lib, pkgs, inputs, ... }: let
|
||||
lix-cross = import inputs.nixpkgs-uconsole {
|
||||
localSystem = { system = "x86_64-linux"; };
|
||||
crossSystem = { system = "aarch64-linux"; };
|
||||
overlays = [ inputs.lix.overlays.default ];
|
||||
};
|
||||
in { nix.package = lix-cross.lix; })
|
||||
# agenix
|
||||
agenix.nixosModules.default
|
||||
# Notre config
|
||||
./hosts/uconsole-cm5/configuration.nix
|
||||
./hosts/uconsole-cm5/hardware-configuration.nix
|
||||
disko.nixosModules.disko
|
||||
./hosts/uConsole/configuration.nix
|
||||
./hosts/uConsole/hardware-configuration.nix
|
||||
./hosts/uConsole/disko-config.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
devShells.${system}.default = devShell;
|
||||
packages.${system} = {
|
||||
# Image SD flashable pour uConsole CM5 (SSH + WiFi + clés)
|
||||
# Usage : dd if=result of=/dev/sda bs=4M status=progress conv=fsync
|
||||
uconsole-cm5-image = (nixos-raspberrypi.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = {
|
||||
inherit self keys inputs;
|
||||
nixos-raspberrypi = nixos-raspberrypi;
|
||||
isCM4 = false;
|
||||
};
|
||||
modules = [
|
||||
{
|
||||
nixpkgs.buildPlatform = system;
|
||||
nixpkgs.hostPlatform = "aarch64-linux";
|
||||
}
|
||||
nixos-raspberrypi.nixosModules.nixpkgs-rpi
|
||||
nixos-raspberrypi.nixosModules.raspberry-pi-5.base
|
||||
nixos-raspberrypi.lib.inject-overlays-global
|
||||
nixos-raspberrypi.nixosModules.sd-image
|
||||
nixos-uconsole.nixosModules.kernel
|
||||
(nixos-uconsole.nixosModules.cm { lib = nixpkgs-uconsole.lib; isCM4 = false; })
|
||||
nixos-uconsole.nixosModules.base
|
||||
agenix.nixosModules.default
|
||||
./hosts/uconsole-cm5/configuration.nix
|
||||
];
|
||||
}).config.system.build.sdImage;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -9,8 +9,12 @@
|
||||
hoardingcow-mount.enable = true;
|
||||
|
||||
# Flakesss
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" "ca-derivations" ];
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" ];
|
||||
nix.settings.trusted-users = [ "root" "gortium" ];
|
||||
nix.settings.extra-platforms = [ "aarch64-linux" ];
|
||||
|
||||
# QEMU binfmt for cross-building aarch64 NixOS targets
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
||||
# Garbage collection
|
||||
nix.gc = {
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
feat: add Hyperspace Pods NixOS module
|
||||
|
||||
Create modules/nixos/services/hyperspace.nix for the Hyperspace Pods
|
||||
P2P AI cluster agent. Registered in flake.nix under lazyworkhorse.
|
||||
|
||||
- Fetches CLI binary v5.45.30 via fetchurl with SRI hash verification
|
||||
- Systemd system service: auto profile, configurable api port 8080,
|
||||
ai-worker user, GPU device access (kfd+dri), SupplementaryGroups
|
||||
for video+render groups, service hardening
|
||||
- Firewall: TCP 4001 libp2p, 30301 chain, 8080 API; UDP 4001 libp2p
|
||||
- AMD MI50 ROCm via HSA_OVERRIDE_GFX_VERSION=9.0.6
|
||||
- Adds video+render groups to ai-worker for persistent GPU access
|
||||
@@ -1,134 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.hyperspace;
|
||||
|
||||
hyperspacePkg = pkgs.stdenv.mkDerivation {
|
||||
name = "hyperspace-pods-${cfg.version}";
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://github.com/hyperspaceai/aios-cli/releases/download/v${cfg.version}/aios-cli-x86_64-unknown-linux-gnu.tar.gz";
|
||||
hash = cfg.packageHash;
|
||||
};
|
||||
sourceRoot = ".";
|
||||
installPhase = ''
|
||||
mkdir -p $out/libexec $out/bin
|
||||
cp -r * $out/libexec/
|
||||
chmod +x $out/libexec/aios-cli
|
||||
ln -s $out/libexec/aios-cli $out/bin/hyperspace
|
||||
'';
|
||||
};
|
||||
in {
|
||||
options.services.hyperspace = {
|
||||
enable = lib.mkEnableOption "Hyperspace Pods P2P AI cluster agent";
|
||||
|
||||
version = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "5.45.30";
|
||||
description = "Hyperspace CLI version to download.";
|
||||
};
|
||||
|
||||
packageHash = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "sha256-f6fJ8t3exqtYwUD5j+WvD+Hm0oN/Eef0X+R9Rj23dE0=";
|
||||
description = ''
|
||||
SRI hash of the hyperspace release tarball (sha256-<base64>).
|
||||
Must be updated when version changes. Generate with:
|
||||
nix store prefetch-file --hash-algo sha256 \\
|
||||
https://github.com/hyperspaceai/aios-cli/releases/download/v{version}/aios-cli-x86_64-unknown-linux-gnu.tar.gz
|
||||
'';
|
||||
};
|
||||
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "ai-worker";
|
||||
description = "System user to run the Hyperspace agent.";
|
||||
};
|
||||
|
||||
apiPort = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = 8080;
|
||||
description = "OpenAI-compatible API port (configurable via --api-port).";
|
||||
};
|
||||
|
||||
profile = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "auto";
|
||||
description = ''
|
||||
Agent profile. Options: auto (auto-detect hardware), full (all capabilities),
|
||||
inference (GPU inference only), embedding (CPU embedding only),
|
||||
relay (lightweight relay), storage (storage + memory).
|
||||
'';
|
||||
};
|
||||
|
||||
autoStart = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "Start the agent automatically on boot.";
|
||||
};
|
||||
|
||||
openFirewall = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "Open P2P mesh (4001 TCP+UDP, 30301 TCP) and API port in the firewall.";
|
||||
};
|
||||
|
||||
extraArgs = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
description = "Extra arguments to pass to 'hyperspace start'.";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.hyperspace = {
|
||||
description = "Hyperspace Pods P2P AI Cluster Agent";
|
||||
after = [ "network.target" "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
wantedBy = lib.mkIf cfg.autoStart [ "multi-user.target" ];
|
||||
|
||||
path = with pkgs; [ bash coreutils ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = cfg.user;
|
||||
Group = cfg.user;
|
||||
WorkingDirectory = "${hyperspacePkg}/libexec";
|
||||
ExecStart = "${hyperspacePkg}/bin/hyperspace start --profile ${cfg.profile} --api-port ${toString cfg.apiPort} ${lib.escapeShellArgs cfg.extraArgs}";
|
||||
Restart = "on-failure";
|
||||
RestartSec = 5;
|
||||
|
||||
# AMD MI50 (ROCm) device access
|
||||
DeviceAllow = [ "/dev/kfd rw" "/dev/dri rw" ];
|
||||
|
||||
# Supplementary groups for GPU/accelerator access
|
||||
SupplementaryGroups = [ "video" "render" ];
|
||||
|
||||
# Hardening
|
||||
NoNewPrivileges = true;
|
||||
ProtectHome = "tmpfs";
|
||||
ProtectSystem = "strict";
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = false; # Needs /dev/kfd and /dev/dri
|
||||
};
|
||||
|
||||
environment = {
|
||||
HSA_OVERRIDE_GFX_VERSION = "9.0.6";
|
||||
HOME = "/home/${cfg.user}";
|
||||
};
|
||||
};
|
||||
|
||||
# Firewall ports for P2P mesh (libp2p 4001, chain 30301) and API
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 4001 30301 cfg.apiPort ];
|
||||
networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ 4001 ];
|
||||
|
||||
# Add GPU/accelerator groups to the service user (persistent beyond service restarts)
|
||||
users.users = lib.mkIf (cfg.user == "ai-worker") {
|
||||
ai-worker = {
|
||||
extraGroups = [ "video" "render" ];
|
||||
};
|
||||
};
|
||||
|
||||
# ROCm override for AMD MI50 (gfx906) compatibility
|
||||
environment.variables.HSA_OVERRIDE_GFX_VERSION = "9.0.6";
|
||||
};
|
||||
}
|
||||
286
hosts/uConsole/configuration.nix
Executable file
286
hosts/uConsole/configuration.nix
Executable file
@@ -0,0 +1,286 @@
|
||||
{ config, lib, pkgs, paths, self, keys, ... }:
|
||||
|
||||
let
|
||||
# Backlight fallback for CM5 display quirk
|
||||
# The kernel driver usually handles this, but some boots need a kick
|
||||
backlightFixScript = pkgs.writeShellScript "backlight-fix" ''
|
||||
# Try sysfs backlight control
|
||||
for bl in /sys/class/backlight/*/brightness; do
|
||||
if [ -f "$bl" ]; then
|
||||
max=$(cat "$(dirname "$bl")/max_brightness" 2>/dev/null || echo 100)
|
||||
echo "$max" > "$bl" 2>/dev/null || true
|
||||
fi
|
||||
done
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
# Basic Host Info
|
||||
networking.hostName = "uConsole";
|
||||
time.timeZone = "America/Montreal";
|
||||
i18n.defaultLocale = "en_CA.UTF-8";
|
||||
|
||||
# System State
|
||||
system.stateVersion = "25.11";
|
||||
|
||||
# Boot & Hardware (migrated to kernel bootloader per nixos-raspberrypi deprecation notice)
|
||||
boot.loader.raspberry-pi.bootloader = "kernel";
|
||||
# kernel managed by nixos-raspberrypi module — don't override, patches are version-specific
|
||||
# boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
# Kernel parameters matching nixos-uconsole CM5 module
|
||||
# console=tty1 is critical — without it, console output goes to ttyAMA0 not fb0
|
||||
boot.kernelParams = [
|
||||
"8250.nr_uarts=1"
|
||||
"console=tty1"
|
||||
];
|
||||
|
||||
# Enable Mesa GPU drivers — REQUIRED for VC4 display pipeline to initialize
|
||||
hardware.graphics.enable = true;
|
||||
|
||||
# Console font sized for the 5" 720x1280 display (from nixos-uconsole base module)
|
||||
console = {
|
||||
earlySetup = true;
|
||||
font = "ter-v24n";
|
||||
packages = with pkgs; [ terminus_font ];
|
||||
};
|
||||
|
||||
# Networking
|
||||
networking.networkmanager.enable = true;
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# TODO: lock down after first deployment
|
||||
settings.PermitRootLogin = lib.mkForce "yes";
|
||||
settings.PasswordAuthentication = lib.mkForce true;
|
||||
};
|
||||
|
||||
# User
|
||||
users.users.gortium = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "networkmanager" "video" "dialout" "kismet" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
keys.users.gortium.main
|
||||
keys.users.gortium.gitea
|
||||
];
|
||||
};
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = [ "gortium" ];
|
||||
commands = [
|
||||
{
|
||||
command = "ALL";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
# ============================================================
|
||||
# Package groups
|
||||
# ============================================================
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# ===== Base =====
|
||||
emacs-pgtk
|
||||
git
|
||||
ripgrep
|
||||
fd
|
||||
htop
|
||||
tmux
|
||||
neovim
|
||||
libgpiod # GPIO control (for internal USB hub, AIO modules)
|
||||
|
||||
# ===== HAM Radio =====
|
||||
js8call
|
||||
wsjtx
|
||||
fldigi
|
||||
pat # Winlink client
|
||||
direwolf # AX.25 packet modem
|
||||
chirp # Radio programming tool
|
||||
hamlib # Ham radio control libraries
|
||||
trustedqsl # Logbook of the World (LoTW)
|
||||
|
||||
# ===== SDR / RF =====
|
||||
sdrpp # SDR++ spectrum analyzer
|
||||
gqrx # SDR receiver GUI
|
||||
rtl-sdr # RTL-SDR drivers & utilities
|
||||
inspectrum # Offline signal analysis
|
||||
soapysdr-with-plugins # SoapySDR + hardware support plugins
|
||||
|
||||
# ===== Mesh / LoRa =====
|
||||
# meshtastic not available in nixpkgs 25.11 stable; install manually:
|
||||
# nix shell nixpkgs#meshtastic -c meshtastic
|
||||
reticulumStack # Reticulum Network Stack (rnsd, rnsh, rncp, rnx, rnpath, etc.)
|
||||
lxmf # LXMF messaging protocol
|
||||
nomadnet # Nomad Network client
|
||||
|
||||
# ===== Security =====
|
||||
nmap
|
||||
aircrack-ng
|
||||
kismet # Wi-Fi monitor / IDS
|
||||
bettercap # MITM/network attack framework
|
||||
wireshark # Packet analyzer
|
||||
hashcat # GPU password cracker
|
||||
john # John the Ripper
|
||||
sqlmap # SQL injection tool
|
||||
|
||||
# ===== GPS / Maps =====
|
||||
foxtrotgps
|
||||
viking # GPS map editor
|
||||
gpsbabel # GPS data conversion
|
||||
];
|
||||
|
||||
# Packages noted but not in unstable nixpkgs:
|
||||
# - metasploit: unfree; install manually via Git clone
|
||||
# - burpsuite: unfree Java app (Community Edition available for download)
|
||||
# - sidechannel: not a distinct PyPI package; functionality covered by
|
||||
# the Reticulum stack. For LXMF GUI client, install Sideband manually
|
||||
# from github.com/markqvist/Sideband
|
||||
|
||||
# ============================================================
|
||||
# Reticulum Service (rnsd)
|
||||
# ============================================================
|
||||
systemd.services.rnsd = {
|
||||
description = "Reticulum Network Stack Daemon";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "gortium";
|
||||
Group = "gortium";
|
||||
ExecStart = "${pkgs.reticulumStack}/bin/rnsd";
|
||||
Restart = "always";
|
||||
RestartSec = "10s";
|
||||
LimitNOFILE = 65536;
|
||||
};
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# Kismet Service (Wi-Fi monitoring / mesh node)
|
||||
# ============================================================
|
||||
systemd.services.kismet = {
|
||||
description = "Kismet Wi-Fi Monitor & IDS";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "gortium";
|
||||
Group = "kismet";
|
||||
ExecStart = "${pkgs.kismet}/bin/kismet -c wlan0 --log-base=/home/gortium/kismet_logs --no-nc-ui";
|
||||
Restart = "always";
|
||||
RestartSec = "10s";
|
||||
};
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# Kernel modules for SDR, radio, and WiFi
|
||||
# ============================================================
|
||||
boot.kernelModules = [
|
||||
"mt7921u" # MediaTek MT7921 USB WiFi (uConsole AC1200)
|
||||
"88x2bu" # Realtek 8812/8821BU USB WiFi (common adapter)
|
||||
"rtl8xxxu" # RTL8188/8192/8723 USB WiFi
|
||||
"rtl2832_sdr" # RTL-SDR kernel module
|
||||
"dvb_usb_rtl28xxu" # RTL-SDR DVB-T
|
||||
# Display drivers — loaded AFTER RP1 PCIe southbridge init (~12s)
|
||||
# NOTHING in initrd — ALL RP1 hardware is behind PCIe
|
||||
"panel_cwu50" # uConsole DSI panel driver
|
||||
"vc4" # VideoCore 4 KMS GPU driver
|
||||
"rp1_dsi" # RP1 DSI bridge driver
|
||||
];
|
||||
|
||||
boot.blacklistedKernelModules = [ ];
|
||||
|
||||
# Rien dans initrd pour le display — tout RP1 est derrière PCIe
|
||||
boot.initrd.kernelModules = lib.mkForce [ ];
|
||||
|
||||
# ============================================================
|
||||
# Extra udev rules for SDR and HAM radio devices
|
||||
# ============================================================
|
||||
services.udev.packages = with pkgs; [ rtl-sdr ];
|
||||
|
||||
|
||||
|
||||
# ============================================================
|
||||
# Enable IPv6 for Reticulum mesh
|
||||
# ============================================================
|
||||
networking.enableIPv6 = true;
|
||||
|
||||
# ============================================================
|
||||
# Firewall: open ports for Reticulum (optional)
|
||||
# ============================================================
|
||||
networking.firewall.allowedTCPPorts = [ 22 ]; # SSH only
|
||||
networking.firewall.allowedUDPPorts = [ ];
|
||||
# Reticulum uses its own encryption and doesn't need open ports
|
||||
# for basic mesh operations (peer-to-peer discovery).
|
||||
# For TCP interfaces, open additional ports as needed.
|
||||
|
||||
# ============================================================
|
||||
# Hyprland Wayland compositor (manual start)
|
||||
# No SDDM — boot to console, user starts Hyprland with command
|
||||
# Display modules (vc4/panel_cwu50) load late after RP1 PCIe init
|
||||
# ============================================================
|
||||
programs.hyprland = {
|
||||
enable = true;
|
||||
xwayland.enable = true;
|
||||
};
|
||||
# SDDM disabled — was blocking boot when display isn't ready
|
||||
# services.displayManager.sddm = {
|
||||
# enable = true;
|
||||
# wayland.enable = true;
|
||||
# };
|
||||
|
||||
# ============================================================
|
||||
# CM5 Config.txt Fix: use [pi5] section (not [cm5])
|
||||
# Rex's images use [pi5], the CM5 firmware may not detect [cm5]
|
||||
# ============================================================
|
||||
# Merge nixos-uconsole GPIO config with our [pi5] overrides
|
||||
# GPIO 10/11 are from nixos-uconsole configtxt.nix (audio amplifier)
|
||||
# [pi5] section fixes the CM5 detection issue — firmware matches [pi5] not [cm5]
|
||||
hardware.raspberry-pi.extra-config = ''
|
||||
[all]
|
||||
gpio=10=ip,np
|
||||
gpio=11=op,dh
|
||||
|
||||
[pi5]
|
||||
dtparam=pciex1=off
|
||||
dtoverlay=clockworkpi-uconsole-cm5
|
||||
dtoverlay=dwc2,dr_mode=host
|
||||
dtoverlay=vc4-kms-v3d-pi5,cma-384
|
||||
dtparam=nohdmi1=off
|
||||
'';
|
||||
|
||||
# ============================================================
|
||||
# CM5 Display Backlight Fix
|
||||
# The kernel driver initializes backlight, but some boots fail.
|
||||
# This service kicks it after boot as a reliable fallback.
|
||||
# ============================================================
|
||||
systemd.services.cm5-backlight-fix = {
|
||||
description = "CM5 Display Backlight Fix";
|
||||
after = [ "multi-user.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${backlightFixScript}";
|
||||
};
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# Internal USB Hub Enable (GPIO 23) — DISABLED
|
||||
# This service freeze the CM5 because gpioset 0 23=1 writes
|
||||
# to the wrong GPIO chip (BCM2712 native, not RP1).
|
||||
# Enable manually after boot once the correct chip is confirmed:
|
||||
# gpioset 0 23=1 # on chip 0 (BCM2712, CORE_VOLT or critical)
|
||||
# gpioset 512 23=1 # on chip 512 (RP1, likely correct)
|
||||
# ============================================================
|
||||
# systemd.services.enable-gpio23-usb-hub = {
|
||||
# description = "Enable Internal USB Hub (GPIO 23)";
|
||||
# before = [ "network.target" ];
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# RemainAfterExit = true;
|
||||
# ExecStart = "${pkgs.libgpiod}/bin/gpioset 0 23=1";
|
||||
# ExecStop = "${pkgs.libgpiod}/bin/gpioset 0 23=0";
|
||||
# };
|
||||
# };
|
||||
}
|
||||
46
hosts/uConsole/disko-config.nix
Normal file
46
hosts/uConsole/disko-config.nix
Normal file
@@ -0,0 +1,46 @@
|
||||
{ lib, ... }:
|
||||
{
|
||||
disko.devices.disk.main = {
|
||||
type = "disk";
|
||||
device = "/dev/mmcblk0";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
name = "FIRMWARE";
|
||||
size = "1G";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot/firmware";
|
||||
mountOptions = [
|
||||
"fmask=0022"
|
||||
"dmask=0022"
|
||||
];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "NIXOS_UCM5";
|
||||
size = "30G";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "noatime" ];
|
||||
};
|
||||
};
|
||||
home = {
|
||||
name = "NIXOS_HOME";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "noatime" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
39
hosts/uConsole/hardware-configuration.nix
Normal file
39
hosts/uConsole/hardware-configuration.nix
Normal file
@@ -0,0 +1,39 @@
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sdhci_pci" "nvme" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# Filesystems for NixOS install.
|
||||
# mkForce overrides disko's auto-generated paths so we can use
|
||||
# filesystem labels (by-label) which work with loop device installs.
|
||||
# Disko will set its own paths when nixos-anywhere is used.
|
||||
fileSystems."/" = lib.mkForce {
|
||||
device = "/dev/disk/by-label/NIXOS_UCM5";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot/firmware" = lib.mkForce {
|
||||
device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" = lib.mkForce {
|
||||
device = "/dev/disk/by-label/NIXOS_HOME";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
{ config, lib, pkgs, keys, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "uConsole";
|
||||
time.timeZone = "America/Montreal";
|
||||
i18n.defaultLocale = "en_CA.UTF-8";
|
||||
system.stateVersion = "25.11";
|
||||
|
||||
# SSH — root access avec clés gortium + ai-worker
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PermitRootLogin = lib.mkForce "prohibit-password";
|
||||
PasswordAuthentication = lib.mkForce false;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = with keys; [
|
||||
users.gortium.main
|
||||
users.ai-worker.main
|
||||
];
|
||||
|
||||
# WiFi via NetworkManager + secret agenix
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Firmware
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sdhci_pci" "nvme" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# SD card partitions (nixos-uconsole layout)
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot/firmware" = {
|
||||
device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
}
|
||||
92
overlays/reticulum.nix
Executable file
92
overlays/reticulum.nix
Executable file
@@ -0,0 +1,92 @@
|
||||
final: prev: let
|
||||
python3 = final.python3;
|
||||
pyPkgs = python3.pkgs;
|
||||
in
|
||||
{
|
||||
reticulumStack = python3.pkgs.buildPythonApplication rec {
|
||||
pname = "reticulum";
|
||||
version = "1.2.9";
|
||||
format = "setuptools";
|
||||
src = pyPkgs.fetchPypi {
|
||||
pname = "rns";
|
||||
inherit version;
|
||||
sha256 = "554814231c237b9caacf8df669312e57dd7d3f84b6d4810125087d1a79a75d75";
|
||||
};
|
||||
patchPhase = ''
|
||||
# Fix license_files syntax: ("LICENSE") is a string not tuple
|
||||
# Newer setuptools iterates over it char by char, fails on 'S'
|
||||
substituteInPlace setup.py \
|
||||
--replace-fail 'license_files = ("LICENSE")' 'license_files = ("LICENSE",)'
|
||||
'';
|
||||
propagatedBuildInputs = with pyPkgs; [ cryptography pyserial ];
|
||||
doCheck = false;
|
||||
pythonImportsCheck = [ "RNS" ];
|
||||
meta = with final.lib; {
|
||||
description = "Self-configuring, encrypted and resilient mesh networking stack";
|
||||
homepage = "https://reticulum.network/";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
};
|
||||
|
||||
lxmf = python3.pkgs.buildPythonApplication rec {
|
||||
pname = "lxmf";
|
||||
version = "0.9.8";
|
||||
format = "setuptools";
|
||||
src = pyPkgs.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "30f39f3a975a049c12ee2cfceb3261d24cb5adec881c6821f7354464b3f3650c";
|
||||
};
|
||||
propagatedBuildInputs = [ final.reticulumStack ];
|
||||
doCheck = false;
|
||||
pythonImportsCheck = [ "LXMF" ];
|
||||
meta = with final.lib; {
|
||||
description = "Lightweight Extensible Message Format for Reticulum";
|
||||
homepage = "https://github.com/markqvist/lxmf";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
};
|
||||
|
||||
nomadnet = python3.pkgs.buildPythonApplication rec {
|
||||
pname = "nomadnet";
|
||||
version = "1.1.1";
|
||||
format = "setuptools";
|
||||
src = pyPkgs.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "fa13b64a10e75b705a58024815ab72451700aa726af96d415ba99dec28dfc40a";
|
||||
};
|
||||
propagatedBuildInputs = with pyPkgs; [ final.reticulumStack final.lxmf urwid qrcode ];
|
||||
doCheck = false;
|
||||
pythonImportsCheck = [ "nomadnet" ];
|
||||
meta = with final.lib; {
|
||||
description = "Nomad Network — resilient mesh communications platform";
|
||||
homepage = "https://github.com/markqvist/NomadNet";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
};
|
||||
|
||||
rnsh = python3.pkgs.buildPythonApplication rec {
|
||||
pname = "rnsh";
|
||||
version = "0.1.7";
|
||||
format = "setuptools";
|
||||
src = pyPkgs.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "9cb72f25abb1c6d300f8014b264184ff78f592fe88e36094938012990b797c93";
|
||||
};
|
||||
propagatedBuildInputs = [ final.reticulumStack ];
|
||||
doCheck = false;
|
||||
pythonImportsCheck = [ "rnsh" ];
|
||||
meta = with final.lib; {
|
||||
description = "Remote shell over Reticulum";
|
||||
homepage = "https://github.com/acehoss/rnsh";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
};
|
||||
}
|
||||
# meshtastic may not exist in all nixpkgs versions (e.g. not in 25.11)
|
||||
// prev.lib.optionalAttrs (prev ? meshtastic) {
|
||||
inherit (prev) meshtastic;
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSAycE1Y
|
||||
YmMvUWZpK2VKQVlqaHFtaERBRGROcFIyL0d6dEVRQmFxLzlqdFZNCkYxWkNIUXRZ
|
||||
V0dQOG4zY3U3Nk1JelBtY0cwUGdxaEI3dmZaVTZId04rVTQKLT4geV1cZC4wMnst
|
||||
Z3JlYXNlIDYgOG1IME1xCkQ0RGN1NU1FUWk0Y1RmamNEY0tJWmFQNGdoMkROcGVy
|
||||
aU5UYVFobVRLMVVUQ1JicUM2c0tSVzRQdEZ0VE5YamQKZUxPeVpLWDZJR0hqemdD
|
||||
cmkyUUdFZEZKZjBDNGhmNFR6bVUKLS0tIDRQUGR5RGI5UEhGNk5EQWw4dFk0R01k
|
||||
TUJWOFpleXBUajFPckFmem52cGsKHzn+QnuYLI2NEh5WWZQHrNuvVzYk+kVjsAsn
|
||||
KNS2dHjvadAopVY2Gypldf1p2RRtmgZkDHaPlNzv5Hk=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
@@ -11,5 +11,4 @@ in
|
||||
"lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys;
|
||||
"n8n_ssh_key.age".publicKeys = authorizedKeys;
|
||||
"openclaw_gateway_token.age".publicKeys = authorizedKeys;
|
||||
"home_wifi.age".publicKeys = authorizedKeys;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user