Attempt to get Rpi to work

10 files changed, 176 insertions, 53 deletions

diff --git a/flake.lock b/flake.lock
index eaca5a2..e9072b8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -201,11 +201,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1734352517,
-        "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=",
+        "lastModified": 1736441705,
+        "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd",
+        "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337",
         "type": "github"
       },
       "original": {
@@ -245,11 +245,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1734435836,
-        "narHash": "sha256-kMBQ5PRiFLagltK0sH+08aiNt3zGERC2297iB6vrvlU=",
+        "lastModified": 1736657626,
+        "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4989a246d7a390a859852baddb1013f825435cee",
+        "rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 0639d2c..52da5f4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -62,17 +62,23 @@
     }
     // eachDefaultSystem (system: let
       pkgs = nixpkgs.legacyPackages."${system}".extend self.overlays.default;
-    in {
-      packages =
-        {default = pkgs.nixdeploy;}
-        // mapAttrs' (n: v: let
+
+      osFilterMap = attr:
+        mapAttrs' (n: v: let
           os =
             if v.config.nixpkgs.hostPlatform.system == system
             then v
             else (v.extendModules {modules = [{nixpkgs.buildPlatform.system = system;}];});
         in
-          nameValuePair "tarball-${n}" os.config.system.build.tarball)
-        (filterAttrs (_: v: v.config.system.build ? tarball) self.nixosConfigurations);
+          nameValuePair "${attr}-${n}" os.config.system.build."${attr}")
+        (filterAttrs (_: v: v.config.system.build ? "${attr}")
+          self.nixosConfigurations);
+    in {
+      packages =
+        {default = pkgs.nixdeploy;}
+        // (osFilterMap "toplevel")
+        // (osFilterMap "tarball")
+        // (osFilterMap "firmware");
       legacyPackages = pkgs;
       devShells = filterPackages system (import ./devShells pkgs);
       formatter = pkgs.alejandra;
diff --git a/nixos/configurations/adm-mpd.nix b/nixos/configurations/adm-mpd.nix
index ac3b4de..b2c7903 100644
--- a/nixos/configurations/adm-mpd.nix
+++ b/nixos/configurations/adm-mpd.nix
@@ -5,26 +5,16 @@
 }: let
   inherit (lib) filterAttrs;
 in {
-  nixpkgs.hostPlatform.system = "aarch64-linux";
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/mmcblk0p2";
-      options = ["compress=lzo" "subvol=@nix"];
-    };
-    "/home" = {
-      device = "/dev/mmcblk0p2";
-      options = ["compress=lzo" "subvol=@home"];
-    };
-    "/boot" = {
-      device = "/dev/mmcblk0p1";
-    };
+  cynerd.rpi = 3;
+  deploy = {
+    enable = true;
+    ssh.host = "nixos@mpd.adm";
   };
 
   networking.wireless = {
     enable = true;
     networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks;
-    environmentFile = "/run/secrets/wifi.env";
+    secretsFile = "/run/secrets/wifi.secrets";
     userControlled.enable = true;
   };
 
@@ -33,24 +23,24 @@ in {
   #alsa.enable = true;
   #pulse.enable = true;
   #};
-  hardware.pulseaudio = {
-    enable = true;
-    systemWide = true;
-    zeroconf.publish.enable = true;
-  };
+  #hardware.pulseaudio = {
+  #  enable = true;
+  #  systemWide = true;
+  #  zeroconf.publish.enable = true;
+  #};
 
-  services.spotifyd = {
-    enable = true;
-    settings.global = {
-      device_name = "Adámkovi";
-      device = "sysdefault";
-      mixer = "Master";
-      bitrate = 320;
-      cache_path = "/var/cahe/spotify";
-      no_audio_cache = true;
-      volume_normalisation = true;
-      normalisation_pregain = -10;
-      initial_volume = 60;
-    };
-  };
+  #services.spotifyd = {
+  #  enable = true;
+  #  settings.global = {
+  #    device_name = "Adámkovi";
+  #    device = "sysdefault";
+  #    mixer = "Master";
+  #    bitrate = 320;
+  #    cache_path = "/var/cahe/spotify";
+  #    no_audio_cache = true;
+  #    volume_normalisation = true;
+  #    normalisation_pregain = -10;
+  #    initial_volume = 60;
+  #  };
+  #};
 }
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index b332cab..4683cf2 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -48,10 +48,12 @@ in {
     fileSystems = ["/"];
   };
 
-  networking = {
-    useNetworkd = true;
-    useDHCP = false;
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
   };
+
+  networking.useDHCP = false;
   systemd.network = {
     networks = {
       "end2" = {
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index e55e34f..f05d553 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -125,6 +125,6 @@ in {
   # TODO limit NSS clamping to just pppoe-wan
   networking.firewall.extraForwardRules = ''
     tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
-    iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
+    iifname {"home", "wg"} oifname {"home", "wg"} accept
   '';
 }
diff --git a/nixos/modules/Rpi.md b/nixos/modules/Rpi.md
new file mode 100644
index 0000000..43b172f
--- /dev/null
+++ b/nixos/modules/Rpi.md
@@ -0,0 +1,25 @@
+# Raspberry Pi SD card preparation steps
+
+```
+~# parted /dev/sdx
+(parted) mktable msdos
+(parted) mkpart primary fat16 0% 120M
+(parted) mkpart primary btrfs 120M 100%
+(parted) set 2 boot on
+(parted) quit
+~# mkfs.vfat -F16 /dev/sdx1
+~# mkfs.btrfs /dev/sdx2
+
+~# mount /dev/sdx1 /mnt
+~# nix build .#firmware-HOST
+~# cp -r result/* /mnt/
+~# umount mnt
+
+~# mount /dev/sdx2 /mnt
+~# nix copy --to /mnt .#toplevel-HOST
+~# nix build --print-out-paths .#toplevel-HOST
+~# nix eval .#nixosConfigurations.HOST.config.boot.loader.generic-extlinux-compatible.populateCmd
+"/nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -g 20 -t 5"
+~# /nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -c  -d ./mnt/boot
+~# umount mnt
+```
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 502d0c3..c5dbd98 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -31,8 +31,11 @@ in {
     };
 
     boot = {
-      loader.systemd-boot.enable = mkOverride 1100 true;
-      loader.efi.canTouchEfiVariables = mkDefault true;
+      loader = {
+        systemd-boot.enable = mkOverride 1100 true;
+        efi.canTouchEfiVariables = mkDefault true;
+        grub.enable = mkOverride 1100 false;
+      };
       kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest;
       kernelParams = ["boot.shell_on_fail"];
     };
diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix
index 3dd4fbc..55db94d 100644
--- a/nixos/modules/packages.nix
+++ b/nixos/modules/packages.nix
@@ -41,7 +41,6 @@ in {
       btop
       iotop
       mc
-      screen
       tmux
 
       # ls tools
@@ -73,6 +72,7 @@ in {
       nmap
       ltrace
       pv
+      screen
     ]
     ++ optionals (!isNative) [
       ncdu_1
diff --git a/nixos/modules/rpi.nix b/nixos/modules/rpi.nix
new file mode 100644
index 0000000..e4e10fe
--- /dev/null
+++ b/nixos/modules/rpi.nix
@@ -0,0 +1,88 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkOption types mkMerge mkIf;
+
+  configTxt = pkgs.writeText "config.txt" ''
+    [pi3]
+    kernel=u-boot-rpi3.bin
+
+    # Boot in 64-bit mode.
+    arm_64bit=1
+
+    # Otherwise the serial output will be garbled.
+    core_freq=250
+    # Boot in 64-bit mode.
+    arm_64bit=1
+
+    [all]
+    # U-Boot needs this to work, regardless of whether UART is actually used or not.
+    # Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
+    # a requirement in the future.
+    enable_uart=1
+
+    # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
+    # when attempting to show low-voltage or overtemperature warnings.
+    avoid_warnings=1
+  '';
+in {
+  options.cynerd.rpi = mkOption {
+    type = with types; nullOr (enum [2 3]);
+    default = null;
+    description = "If machine is RaspberryPi and which version";
+  };
+
+  config = mkMerge [
+    (mkIf (config.cynerd.rpi == 2) {
+      nixpkgs.hostPlatform.system = "armv7l-linux";
+    })
+    (mkIf (config.cynerd.rpi == 3) {
+      nixpkgs.hostPlatform.system = "aarch64-linux";
+      boot.kernelParams = ["console=ttyS1,115200n8"];
+    })
+    (mkIf (config.cynerd.rpi != null) {
+      boot.loader = {
+        systemd-boot.enable = false;
+        efi.canTouchEfiVariables = false;
+        generic-extlinux-compatible.enable = true;
+      };
+      boot.consoleLogLevel = 7;
+
+      fileSystems = {
+        "/" = {
+          device = "/dev/mmcblk0p2";
+          fsType = "ext4";
+        };
+        #"/" = {
+        #  device = "/dev/mmcblk0p2";
+        #  fsType = "btrfs";
+        #  options = ["compress=lzo"];
+        #};
+        "/boot/firmware" = {
+          device = "/dev/mmcblk0p1";
+          fsType = "vfat";
+          options = ["nofail"];
+        };
+      };
+
+      services.journald.extraConfig = ''
+        SystemMaxUse=512M
+      '';
+
+      system.build.firmware = pkgs.callPackage ({stdenvNoCC}:
+        stdenvNoCC.mkDerivation {
+          name = "${config.system.name}-firmware";
+          buildCommand = ''
+            mkdir $out
+            cp -r ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/
+            cp ${configTxt} $out/config.txt
+            # TODO support rpi2
+            cp ${pkgs.ubootRaspberryPi3_btrfs}/u-boot.bin $out/u-boot-rpi3.bin
+          '';
+        }) {};
+    })
+  ];
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index a984d9b..9ea9a99 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -37,6 +37,15 @@ final: prev: {
   zigbee2mqtt = prev.zigbee2mqtt.overrideAttrs {
     npmInstallFlags = ["--no-optional"]; # Fix cross build
   };
+  ubootRaspberryPi3_btrfs = prev.buildUBoot {
+    defconfig = "rpi_3_defconfig";
+    extraConfig = ''
+      CONFIG_FS_BTRFS=y
+      CONFIG_CMD_BTRFS=y
+    '';
+    extraMeta.platforms = ["aarch64-linux"];
+    filesToInstall = ["u-boot.bin"];
+  };
 
   # Older version of packages
   flac134 = prev.flac.overrideAttrs {