{ config, lib, pkgs, keys, ... }: { # Basic Host Info networking.hostName = "uConsole"; time.timeZone = "America/Montreal"; i18n.defaultLocale = "en_CA.UTF-8"; system.stateVersion = "25.11"; # ============================================================ # SSH Access — ta clé + clé de déploiement # ============================================================ services.openssh = { enable = true; settings.PermitRootLogin = lib.mkForce "prohibit-password"; settings.PasswordAuthentication = lib.mkForce false; }; users.users.root = { openssh.authorizedKeys.keys = [ keys.users.gortium.main keys.users.ai-worker.main ]; }; # ============================================================ # Networking — WiFi via NetworkManager # ============================================================ networking.networkmanager.enable = true; # ============================================================ # WiFi credentials from agenix (SSID + password encrypted) # Reused across hosts — all connect to the same home WiFi # ============================================================ age.secrets.home_wifi = { file = ../../secrets/home_wifi.age; owner = "root"; group = "root"; mode = "0400"; }; # Write WiFi connection at activation (reads decrypted age secret) systemd.services.ensure-wifi = { description = "Configure WiFi from age secret"; after = [ "network.target" "age-home_wifi.service" ]; wants = [ "age-home_wifi.service" ]; before = [ "NetworkManager-wait-online.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStart = let wifi-setup = pkgs.writeShellScript "wifi-setup" '' SSID="$(head -1 /run/secrets/home_wifi)" PASS="$(tail -1 /run/secrets/home_wifi)" if ! nmcli -t connection show "$SSID" >/dev/null 2>&1; then nmcli device wifi connect "$SSID" password "$PASS" fi ''; in "${wifi-setup}"; }; }; # ============================================================ # Kernel parameters from nixos-uconsole CM5 module # ============================================================ boot.kernelParams = [ "8250.nr_uarts=1" "console=tty1" ]; # ============================================================ # Console font for 5" 720x1280 display # ============================================================ console = { earlySetup = true; font = "ter-v24n"; packages = with pkgs; [ terminus_font ]; }; # ============================================================ # Display — vc4/panel_cwu50 loaded AFTER RP1 PCIe init # Rien dans initrd — tout RP1 est derrière PCIe # ============================================================ hardware.graphics.enable = true; boot.kernelModules = [ "panel_cwu50" # uConsole DSI panel driver "vc4" # VideoCore 4 KMS GPU driver "rp1_dsi" # RP1 DSI bridge driver ]; boot.initrd.kernelModules = lib.mkForce [ ]; # ============================================================ # CM5 Config.txt — [pi5] section (pas [cm5]) # ============================================================ hardware.raspberry-pi.extra-config = '' [all] gpio=10=ip,np gpio=11=op,dh [pi5] dtparam=pciex1=off dtoverlay=clockworkpi-uconsole-cm5 dtoverlay=dwc2,dr_mode=host dtoverlay=vc4-kms-v3d-pi5,cma-384 dtparam=nohdmi1=off ''; # ============================================================ # CM5 Display Backlight Fix # ============================================================ systemd.services.cm5-backlight-fix = { description = "CM5 Display Backlight Fix"; after = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; ExecStart = let fixScript = pkgs.writeShellScript "backlight-fix" '' for bl in /sys/class/backlight/*/brightness; do if [ -f "$bl" ]; then max=$(cat "$(dirname "$bl")/max_brightness" 2>/dev/null || echo 100) echo "$max" > "$bl" 2>/dev/null || true fi done ''; in "${fixScript}"; }; }; # ============================================================ # Minimal packages # ============================================================ environment.systemPackages = with pkgs; [ git vim htop libgpiod # GPIO control ]; }