Attempt to get Rpi to work

7 files changed, 149 insertions, 41 deletions

diff --git a/nixos/configurations/adm-mpd.nix b/nixos/configurations/adm-mpd.nix
index ac3b4de..b2c7903 100644
--- a/nixos/configurations/adm-mpd.nix
+++ b/nixos/configurations/adm-mpd.nix
@@ -5,26 +5,16 @@
 }: let
   inherit (lib) filterAttrs;
 in {
-  nixpkgs.hostPlatform.system = "aarch64-linux";
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/mmcblk0p2";
-      options = ["compress=lzo" "subvol=@nix"];
-    };
-    "/home" = {
-      device = "/dev/mmcblk0p2";
-      options = ["compress=lzo" "subvol=@home"];
-    };
-    "/boot" = {
-      device = "/dev/mmcblk0p1";
-    };
+  cynerd.rpi = 3;
+  deploy = {
+    enable = true;
+    ssh.host = "nixos@mpd.adm";
   };
 
   networking.wireless = {
     enable = true;
     networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks;
-    environmentFile = "/run/secrets/wifi.env";
+    secretsFile = "/run/secrets/wifi.secrets";
     userControlled.enable = true;
   };
 
@@ -33,24 +23,24 @@ in {
   #alsa.enable = true;
   #pulse.enable = true;
   #};
-  hardware.pulseaudio = {
-    enable = true;
-    systemWide = true;
-    zeroconf.publish.enable = true;
-  };
+  #hardware.pulseaudio = {
+  #  enable = true;
+  #  systemWide = true;
+  #  zeroconf.publish.enable = true;
+  #};
 
-  services.spotifyd = {
-    enable = true;
-    settings.global = {
-      device_name = "Adámkovi";
-      device = "sysdefault";
-      mixer = "Master";
-      bitrate = 320;
-      cache_path = "/var/cahe/spotify";
-      no_audio_cache = true;
-      volume_normalisation = true;
-      normalisation_pregain = -10;
-      initial_volume = 60;
-    };
-  };
+  #services.spotifyd = {
+  #  enable = true;
+  #  settings.global = {
+  #    device_name = "Adámkovi";
+  #    device = "sysdefault";
+  #    mixer = "Master";
+  #    bitrate = 320;
+  #    cache_path = "/var/cahe/spotify";
+  #    no_audio_cache = true;
+  #    volume_normalisation = true;
+  #    normalisation_pregain = -10;
+  #    initial_volume = 60;
+  #  };
+  #};
 }
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index b332cab..4683cf2 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -48,10 +48,12 @@ in {
     fileSystems = ["/"];
   };
 
-  networking = {
-    useNetworkd = true;
-    useDHCP = false;
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
   };
+
+  networking.useDHCP = false;
   systemd.network = {
     networks = {
       "end2" = {
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index e55e34f..f05d553 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -125,6 +125,6 @@ in {
   # TODO limit NSS clamping to just pppoe-wan
   networking.firewall.extraForwardRules = ''
     tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
-    iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
+    iifname {"home", "wg"} oifname {"home", "wg"} accept
   '';
 }
diff --git a/nixos/modules/Rpi.md b/nixos/modules/Rpi.md
new file mode 100644
index 0000000..43b172f
--- /dev/null
+++ b/nixos/modules/Rpi.md
@@ -0,0 +1,25 @@
+# Raspberry Pi SD card preparation steps
+
+```
+~# parted /dev/sdx
+(parted) mktable msdos
+(parted) mkpart primary fat16 0% 120M
+(parted) mkpart primary btrfs 120M 100%
+(parted) set 2 boot on
+(parted) quit
+~# mkfs.vfat -F16 /dev/sdx1
+~# mkfs.btrfs /dev/sdx2
+
+~# mount /dev/sdx1 /mnt
+~# nix build .#firmware-HOST
+~# cp -r result/* /mnt/
+~# umount mnt
+
+~# mount /dev/sdx2 /mnt
+~# nix copy --to /mnt .#toplevel-HOST
+~# nix build --print-out-paths .#toplevel-HOST
+~# nix eval .#nixosConfigurations.HOST.config.boot.loader.generic-extlinux-compatible.populateCmd
+"/nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -g 20 -t 5"
+~# /nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -c  -d ./mnt/boot
+~# umount mnt
+```
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 502d0c3..c5dbd98 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -31,8 +31,11 @@ in {
     };
 
     boot = {
-      loader.systemd-boot.enable = mkOverride 1100 true;
-      loader.efi.canTouchEfiVariables = mkDefault true;
+      loader = {
+        systemd-boot.enable = mkOverride 1100 true;
+        efi.canTouchEfiVariables = mkDefault true;
+        grub.enable = mkOverride 1100 false;
+      };
       kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest;
       kernelParams = ["boot.shell_on_fail"];
     };
diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix
index 3dd4fbc..55db94d 100644
--- a/nixos/modules/packages.nix
+++ b/nixos/modules/packages.nix
@@ -41,7 +41,6 @@ in {
       btop
       iotop
       mc
-      screen
       tmux
 
       # ls tools
@@ -73,6 +72,7 @@ in {
       nmap
       ltrace
       pv
+      screen
     ]
     ++ optionals (!isNative) [
       ncdu_1
diff --git a/nixos/modules/rpi.nix b/nixos/modules/rpi.nix
new file mode 100644
index 0000000..e4e10fe
--- /dev/null
+++ b/nixos/modules/rpi.nix
@@ -0,0 +1,88 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkOption types mkMerge mkIf;
+
+  configTxt = pkgs.writeText "config.txt" ''
+    [pi3]
+    kernel=u-boot-rpi3.bin
+
+    # Boot in 64-bit mode.
+    arm_64bit=1
+
+    # Otherwise the serial output will be garbled.
+    core_freq=250
+    # Boot in 64-bit mode.
+    arm_64bit=1
+
+    [all]
+    # U-Boot needs this to work, regardless of whether UART is actually used or not.
+    # Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
+    # a requirement in the future.
+    enable_uart=1
+
+    # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
+    # when attempting to show low-voltage or overtemperature warnings.
+    avoid_warnings=1
+  '';
+in {
+  options.cynerd.rpi = mkOption {
+    type = with types; nullOr (enum [2 3]);
+    default = null;
+    description = "If machine is RaspberryPi and which version";
+  };
+
+  config = mkMerge [
+    (mkIf (config.cynerd.rpi == 2) {
+      nixpkgs.hostPlatform.system = "armv7l-linux";
+    })
+    (mkIf (config.cynerd.rpi == 3) {
+      nixpkgs.hostPlatform.system = "aarch64-linux";
+      boot.kernelParams = ["console=ttyS1,115200n8"];
+    })
+    (mkIf (config.cynerd.rpi != null) {
+      boot.loader = {
+        systemd-boot.enable = false;
+        efi.canTouchEfiVariables = false;
+        generic-extlinux-compatible.enable = true;
+      };
+      boot.consoleLogLevel = 7;
+
+      fileSystems = {
+        "/" = {
+          device = "/dev/mmcblk0p2";
+          fsType = "ext4";
+        };
+        #"/" = {
+        #  device = "/dev/mmcblk0p2";
+        #  fsType = "btrfs";
+        #  options = ["compress=lzo"];
+        #};
+        "/boot/firmware" = {
+          device = "/dev/mmcblk0p1";
+          fsType = "vfat";
+          options = ["nofail"];
+        };
+      };
+
+      services.journald.extraConfig = ''
+        SystemMaxUse=512M
+      '';
+
+      system.build.firmware = pkgs.callPackage ({stdenvNoCC}:
+        stdenvNoCC.mkDerivation {
+          name = "${config.system.name}-firmware";
+          buildCommand = ''
+            mkdir $out
+            cp -r ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/
+            cp ${configTxt} $out/config.txt
+            # TODO support rpi2
+            cp ${pkgs.ubootRaspberryPi3_btrfs}/u-boot.bin $out/u-boot-rpi3.bin
+          '';
+        }) {};
+    })
+  ];
+}