152 lines
4.7 KiB
Nix
152 lines
4.7 KiB
Nix
{ config, lib, pkgs, keys, ... }:
|
|
|
|
{
|
|
# Basic Host Info
|
|
networking.hostName = "uConsole";
|
|
time.timeZone = "America/Montreal";
|
|
i18n.defaultLocale = "en_CA.UTF-8";
|
|
system.stateVersion = "25.11";
|
|
|
|
# ============================================================
|
|
# SSH Access — ta clé + clé de déploiement
|
|
# ============================================================
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = lib.mkForce "prohibit-password";
|
|
settings.PasswordAuthentication = lib.mkForce false;
|
|
};
|
|
|
|
users.users.root = {
|
|
openssh.authorizedKeys.keys = [
|
|
keys.users.gortium.main
|
|
keys.users.ai-worker.main
|
|
];
|
|
};
|
|
|
|
# ============================================================
|
|
# Networking — WiFi via NetworkManager
|
|
# ============================================================
|
|
networking.networkmanager.enable = true;
|
|
|
|
# ============================================================
|
|
# WiFi credentials from agenix (SSID + password encrypted)
|
|
# Reused across hosts — all connect to the same home WiFi
|
|
# ============================================================
|
|
age.secrets.home_wifi = {
|
|
file = ../../secrets/home_wifi.age;
|
|
owner = "root";
|
|
group = "root";
|
|
mode = "0400";
|
|
};
|
|
|
|
# Write WiFi connection at activation (reads decrypted age secret)
|
|
systemd.services.ensure-wifi = {
|
|
description = "Configure WiFi from age secret";
|
|
after = [ "network.target" "age-home_wifi.service" ];
|
|
wants = [ "age-home_wifi.service" ];
|
|
before = [ "NetworkManager-wait-online.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
ExecStart = let
|
|
wifi-setup = pkgs.writeShellScript "wifi-setup" ''
|
|
SSID="$(head -1 /run/secrets/home_wifi)"
|
|
PASS="$(tail -1 /run/secrets/home_wifi)"
|
|
if ! nmcli -t connection show "$SSID" >/dev/null 2>&1; then
|
|
nmcli device wifi connect "$SSID" password "$PASS"
|
|
fi
|
|
'';
|
|
in "${wifi-setup}";
|
|
};
|
|
};
|
|
|
|
# ============================================================
|
|
# Kernel parameters from nixos-uconsole CM5 module
|
|
# ============================================================
|
|
boot.kernelParams = [
|
|
"8250.nr_uarts=1"
|
|
"console=tty1"
|
|
];
|
|
|
|
# ============================================================
|
|
# Console font for 5" 720x1280 display
|
|
# ============================================================
|
|
console = {
|
|
earlySetup = true;
|
|
font = "ter-v24n";
|
|
packages = with pkgs; [ terminus_font ];
|
|
};
|
|
|
|
# ============================================================
|
|
# Display — vc4/panel_cwu50 loaded AFTER RP1 PCIe init
|
|
# Rien dans initrd — tout RP1 est derrière PCIe
|
|
# ============================================================
|
|
hardware.graphics.enable = true;
|
|
|
|
boot.kernelModules = [
|
|
"panel_cwu50" # uConsole DSI panel driver
|
|
"vc4" # VideoCore 4 KMS GPU driver
|
|
"rp1_dsi" # RP1 DSI bridge driver
|
|
];
|
|
|
|
boot.initrd.kernelModules = lib.mkForce [ ];
|
|
|
|
# ============================================================
|
|
# CM5 Config.txt — override complet (clear les defaults de nixos-uconsole)
|
|
# ============================================================
|
|
hardware.raspberry-pi.config = { };
|
|
|
|
hardware.raspberry-pi.extra-config = ''
|
|
[all]
|
|
arm_64bit=1
|
|
enable_uart=1
|
|
disable_audio_dither=1
|
|
dtdebug=1
|
|
gpio=10=ip,np
|
|
gpio=11=op,dh
|
|
dtoverlay=audremap
|
|
dtparam=ant2=on
|
|
dtparam=audio=on
|
|
dtparam=pin_12_13=on
|
|
|
|
[pi5]
|
|
dtoverlay=clockworkpi-uconsole-cm5
|
|
dtoverlay=vc4-kms-v3d-pi5,cma-384
|
|
dtparam=pciex1=off
|
|
dtparam=nohdmi1=off
|
|
'';
|
|
|
|
# ============================================================
|
|
# CM5 Display Backlight Fix
|
|
# ============================================================
|
|
systemd.services.cm5-backlight-fix = {
|
|
description = "CM5 Display Backlight Fix";
|
|
after = [ "multi-user.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = let
|
|
fixScript = pkgs.writeShellScript "backlight-fix" ''
|
|
for bl in /sys/class/backlight/*/brightness; do
|
|
if [ -f "$bl" ]; then
|
|
max=$(cat "$(dirname "$bl")/max_brightness" 2>/dev/null || echo 100)
|
|
echo "$max" > "$bl" 2>/dev/null || true
|
|
fi
|
|
done
|
|
'';
|
|
in "${fixScript}";
|
|
};
|
|
};
|
|
|
|
# ============================================================
|
|
# Minimal packages
|
|
# ============================================================
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
vim
|
|
htop
|
|
libgpiod # GPIO control
|
|
];
|
|
}
|