Hermes
db2bd1d157
- New NixOS host 'uConsole' for ClockworkPi CM5 portable terminal - flake.nix: add nixos-uconsole and nixos-raspberrypi inputs - Imports: nixos-uconsole.nixosModules.uconsole-cm5, nixos-raspberrypi.nixosModules.raspberry-pi-5.base - Full package list: base tools, HAM radio, SDR/RF, mesh/LoRa, security tools, GPS/maps - Reticulum stack (rns 1.2.9, lxmf 0.9.8, nomadnet 1.1.1) built from PyPI via overlays/reticulum.nix - systemd services: rnsd (Reticulum daemon), kismet (Wi-Fi IDS) - Kernel modules for SDR (rtl-sdr, dvb) and USB WiFi - Follows existing host config conventions (cyt-pi as template)
168 lines
5.5 KiB
Nix
168 lines
5.5 KiB
Nix
{ config, lib, pkgs, paths, self, ... }:
|
|
|
|
{
|
|
# Basic Host Info
|
|
networking.hostName = "uConsole";
|
|
time.timeZone = "America/Montreal";
|
|
i18n.defaultLocale = "en_CA.UTF-8";
|
|
|
|
# System State
|
|
system.stateVersion = "25.05";
|
|
|
|
# Boot & Hardware (uconsole-cm5 module handles boot.loader)
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
# Networking
|
|
networking.networkmanager.enable = true;
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "prohibit-password";
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
# User
|
|
users.users.gortium = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "networkmanager" "video" "dialout" "kismet" ];
|
|
openssh.authorizedKeys.keys = [
|
|
keys.users.gortium.main
|
|
keys.users.gortium.gitea
|
|
];
|
|
};
|
|
security.sudo.extraRules = [
|
|
{
|
|
users = [ "gortium" ];
|
|
commands = [
|
|
{
|
|
command = "ALL";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
# ============================================================
|
|
# Package groups
|
|
# ============================================================
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
# ===== Base =====
|
|
emacs-pgtk
|
|
git
|
|
ripgrep
|
|
fd
|
|
htop
|
|
tmux
|
|
neovim
|
|
|
|
# ===== HAM Radio =====
|
|
js8call
|
|
wsjtx
|
|
fldigi
|
|
pat # Winlink client
|
|
direwolf # AX.25 packet modem
|
|
chirp # Radio programming tool
|
|
hamlib # Ham radio control libraries
|
|
trustedqsl # Logbook of the World (LoTW)
|
|
|
|
# ===== SDR / RF =====
|
|
sdrpp # SDR++ spectrum analyzer
|
|
gqrx # SDR receiver GUI
|
|
rtl-sdr # RTL-SDR drivers & utilities
|
|
inspectrum # Offline signal analysis
|
|
soapysdr-with-plugins # SoapySDR + hardware support plugins
|
|
|
|
# ===== Mesh / LoRa =====
|
|
meshtastic # Python CLI for Meshtastic devices
|
|
reticulumStack # Reticulum Network Stack (rnsd, rnsh, rncp, rnx, rnpath, etc.)
|
|
lxmf # LXMF messaging protocol
|
|
nomadnet # Nomad Network client
|
|
|
|
# ===== Security =====
|
|
nmap
|
|
aircrack-ng
|
|
kismet # Wi-Fi monitor / IDS
|
|
bettercap # MITM/network attack framework
|
|
wireshark # Packet analyzer
|
|
hashcat # GPU password cracker
|
|
john # John the Ripper
|
|
sqlmap # SQL injection tool
|
|
|
|
# ===== GPS / Maps =====
|
|
foxtrotgps
|
|
viking # GPS map editor
|
|
gpsbabel # GPS data conversion
|
|
];
|
|
|
|
# Packages noted but not in unstable nixpkgs:
|
|
# - metasploit: unfree; install manually via Git clone
|
|
# - burpsuite: unfree Java app (Community Edition available for download)
|
|
# - sidechannel: not a distinct PyPI package; functionality covered by
|
|
# the Reticulum stack. For LXMF GUI client, install Sideband manually
|
|
# from github.com/markqvist/Sideband
|
|
|
|
# ============================================================
|
|
# Reticulum Service (rnsd)
|
|
# ============================================================
|
|
systemd.services.rnsd = {
|
|
description = "Reticulum Network Stack Daemon";
|
|
after = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
User = "gortium";
|
|
Group = "gortium";
|
|
ExecStart = "${pkgs.reticulumStack}/bin/rnsd";
|
|
Restart = "always";
|
|
RestartSec = "10s";
|
|
LimitNOFILE = 65536;
|
|
};
|
|
};
|
|
|
|
# ============================================================
|
|
# Kismet Service (Wi-Fi monitoring / mesh node)
|
|
# ============================================================
|
|
systemd.services.kismet = {
|
|
description = "Kismet Wi-Fi Monitor & IDS";
|
|
after = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
User = "gortium";
|
|
Group = "kismet";
|
|
ExecStart = "${pkgs.kismet}/bin/kismet -c wlan0 --log-base=/home/gortium/kismet_logs --no-nc-ui";
|
|
Restart = "always";
|
|
RestartSec = "10s";
|
|
};
|
|
};
|
|
|
|
# ============================================================
|
|
# Kernel modules for SDR and radio
|
|
# ============================================================
|
|
boot.kernelModules = [
|
|
"88x2bu" # Realtek 8812/8821BU USB WiFi (common adapter)
|
|
"rtl8xxxu" # RTL8188/8192/8723 USB WiFi
|
|
"rtl2832_sdr" # RTL-SDR kernel module
|
|
"dvb_usb_rtl28xxu" # RTL-SDR DVB-T
|
|
];
|
|
|
|
boot.blacklistedKernelModules = [ ];
|
|
|
|
# ============================================================
|
|
# Extra udev rules for SDR and HAM radio devices
|
|
# ============================================================
|
|
services.udev.packages = with pkgs; [ rtl-sdr ];
|
|
|
|
# ============================================================
|
|
# Enable IPv6 for Reticulum mesh
|
|
# ============================================================
|
|
networking.enableIPv6 = true;
|
|
|
|
# ============================================================
|
|
# Firewall: open ports for Reticulum (optional)
|
|
# ============================================================
|
|
networking.firewall.allowedTCPPorts = [ 22 ]; # SSH only
|
|
networking.firewall.allowedUDPPorts = [ ];
|
|
# Reticulum uses its own encryption and doesn't need open ports
|
|
# for basic mesh operations (peer-to-peer discovery).
|
|
# For TCP interfaces, open additional ports as needed.
|
|
}
|