aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore2
-rw-r--r--devShells/apo.nix4
-rw-r--r--devShells/c.nix26
-rw-r--r--devShells/default.nix2
-rw-r--r--flake.lock423
-rw-r--r--flake.nix113
-rw-r--r--lib/default.nix51
-rw-r--r--nixos/configurations/adm-mpd.nix58
-rw-r--r--nixos/configurations/adm-omnia.nix45
-rw-r--r--nixos/configurations/adm-omnia2.nix6
-rw-r--r--nixos/configurations/albert.nix41
-rw-r--r--nixos/configurations/binky.nix9
-rw-r--r--nixos/configurations/dean.nix15
-rw-r--r--nixos/configurations/errol.nix90
-rw-r--r--nixos/configurations/gaspode.nix1
-rw-r--r--nixos/configurations/lipwig.nix80
-rw-r--r--nixos/configurations/ridcully.nix29
-rw-r--r--nixos/configurations/spt-mox.nix127
-rw-r--r--nixos/configurations/spt-mox2.nix25
-rw-r--r--nixos/configurations/spt-mpd.nix1
-rw-r--r--nixos/configurations/spt-omnia.nix54
-rw-r--r--nixos/configurations/zd-mox.nix128
-rw-r--r--nixos/modules/backup.nix63
-rw-r--r--nixos/modules/desktop.nix57
-rw-r--r--nixos/modules/develop.nix45
-rw-r--r--nixos/modules/gaming.nix31
-rw-r--r--nixos/modules/generic.nix18
-rw-r--r--nixos/modules/home-assistant.nix164
-rw-r--r--nixos/modules/home-assistant/light.nix13
-rw-r--r--nixos/modules/home-assistant/sensors.nix19
-rw-r--r--nixos/modules/homeassistant.nix57
-rw-r--r--nixos/modules/hosts.nix25
-rw-r--r--nixos/modules/monitoring.nix2
-rw-r--r--nixos/modules/nixos-system.sh27
-rw-r--r--nixos/modules/openvpn.nix8
-rw-r--r--nixos/modules/packages.nix9
-rw-r--r--nixos/modules/rpi.md25
-rw-r--r--nixos/modules/rpi.nix88
-rw-r--r--nixos/modules/syncthing.nix161
-rw-r--r--nixos/modules/users.nix29
-rw-r--r--nixos/modules/wifi-adm.nix186
-rw-r--r--nixos/modules/wifi-client.nix2
-rw-r--r--nixos/modules/wifi-spt.nix157
-rw-r--r--nixos/modules/wifi-zd.nix137
-rw-r--r--nixos/modules/wireguard.nix (renamed from nixos/modules/wireguad.nix)33
-rw-r--r--pkgs/default.nix90
-rw-r--r--pkgs/dodo/default.nix37
-rw-r--r--pkgs/mtk-arm-trusted-firmware/default.nix64
-rw-r--r--pkgs/sdcv/default.nix33
-rw-r--r--pkgs/u-boot-add-openwrt-one.patch579
50 files changed, 2287 insertions, 1202 deletions
diff --git a/.gitignore b/.gitignore
index 542669d..e459b31 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-.nixdeploy
+.nixosdeploy
diff --git a/devShells/apo.nix b/devShells/apo.nix
index a800557..07ed91b 100644
--- a/devShells/apo.nix
+++ b/devShells/apo.nix
@@ -11,8 +11,10 @@ in
pkgs.buildPackages.mkShell {
packages = with pkgs; [
qtrvsim
- glibc.static
+ #glibc.static
riscvPkgs.buildPackages.gcc
+ pkgsCross.armv7l-hf-multiplatform.buildPackages.gcc
+ pkgsCross.armv7l-hf-multiplatform.glibc.static
];
inputsFrom = [c];
meta.platforms = pkgs.lib.platforms.linux;
diff --git a/devShells/c.nix b/devShells/c.nix
index 5798129..9a2db98 100644
--- a/devShells/c.nix
+++ b/devShells/c.nix
@@ -46,22 +46,16 @@ pkgs.mkShell {
libffi.dev
# Qt
- #qt6.qttools
- #qt6.qtbase
- #qt6.qttranslations
- #qt6.qtserialport
- #qt6.qtwebsockets
- #qt6.qtcharts
- #qt6.qtsvg
- #qt6.qtnetworkauth
- #qt6.qtwayland
- #qt6.wrapQtAppsHook
- libsForQt5.qtbase
- libsForQt5.qttranslations
- libsForQt5.qtserialport
- libsForQt5.qtwebsockets
- libsForQt5.qtcharts
- libsForQt5.qtwayland
+ qt6.qttools
+ qt6.qtbase
+ qt6.qttranslations
+ qt6.qtserialport
+ qt6.qtwebsockets
+ qt6.qtcharts
+ qt6.qtsvg
+ qt6.qtnetworkauth
+ qt6.qtwayland
+ qt6.wrapQtAppsHook
];
meta.platforms = pkgs.lib.platforms.linux;
}
diff --git a/devShells/default.nix b/devShells/default.nix
index d09fa70..e6a80ad 100644
--- a/devShells/default.nix
+++ b/devShells/default.nix
@@ -1,6 +1,6 @@
pkgs: rec {
c = import ./c.nix pkgs;
- musl = import ./c.nix pkgs.pkgsMusl;
+ #musl = import ./c.nix pkgs.pkgsMusl;
#llvm = import ./c.nix pkgs.pkgsLLVM;
apo = import ./apo.nix pkgs c;
}
diff --git a/flake.lock b/flake.lock
index a090908..3d515f8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1723293904,
- "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+ "lastModified": 1754433428,
+ "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+ "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
"type": "github"
},
"original": {
@@ -29,11 +29,11 @@
]
},
"locked": {
- "lastModified": 1700795494,
- "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+ "lastModified": 1744478979,
+ "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+ "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
@@ -43,33 +43,33 @@
"type": "github"
}
},
- "flake-utils": {
+ "ellembimages": {
"inputs": {
- "systems": "systems_2"
+ "flakepy": "flakepy_2",
+ "nixpkgs": "nixpkgs_9",
+ "systems": "systems_5"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
- "type": "github"
+ "lastModified": 1756392836,
+ "narHash": "sha256-5IQOYHgVEiNNu5eT2Sqi+rxqcK9JOt9endqlcZaf4A8=",
+ "owner": "elektroline-predator",
+ "repo": "ellembimages",
+ "rev": "b584dfe5a257c93245ce4da23c0bc61621efd01a",
+ "type": "gitlab"
},
"original": {
- "id": "flake-utils",
- "type": "indirect"
+ "owner": "elektroline-predator",
+ "repo": "ellembimages",
+ "type": "gitlab"
}
},
- "flake-utils_2": {
- "inputs": {
- "systems": "systems_3"
- },
+ "flake-utils": {
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1678901627,
+ "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
@@ -77,30 +77,16 @@
"type": "indirect"
}
},
- "flake-utils_3": {
+ "flake-utils_2": {
"inputs": {
- "systems": "systems_4"
- },
- "locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
- "type": "github"
+ "systems": "systems_8"
},
- "original": {
- "id": "flake-utils",
- "type": "indirect"
- }
- },
- "flake-utils_4": {
"locked": {
- "lastModified": 1678901627,
- "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "lastModified": 1705309234,
+ "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@@ -108,55 +94,61 @@
"type": "indirect"
}
},
- "flake-utils_5": {
+ "flakepy": {
"inputs": {
- "systems": "systems_5"
+ "nixpkgs": "nixpkgs_6",
+ "systems": "systems_3"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
- "type": "github"
+ "lastModified": 1751271815,
+ "narHash": "sha256-TrMceYyeUXdQZlj/qZCznJB4iHdKj+d1cHXzcaoi3ig=",
+ "owner": "Cynerd",
+ "repo": "flakepy",
+ "rev": "d59cf207f55256163badc539a65669ad9bb1ba95",
+ "type": "gitlab"
},
"original": {
- "id": "flake-utils",
- "type": "indirect"
+ "owner": "Cynerd",
+ "repo": "flakepy",
+ "type": "gitlab"
}
},
- "flake-utils_6": {
+ "flakepy_2": {
"inputs": {
- "systems": "systems_6"
+ "nixpkgs": "nixpkgs_8",
+ "systems": "systems_4"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
- "type": "github"
+ "lastModified": 1756370037,
+ "narHash": "sha256-c1FeGRrH80ZwBrIBOUbSOik9b23OmVcTOledPgAyAug=",
+ "owner": "Cynerd",
+ "repo": "flakepy",
+ "rev": "efba745f06b26d48e501be00deadcf4706d85b21",
+ "type": "gitlab"
},
"original": {
- "id": "flake-utils",
- "type": "indirect"
+ "owner": "Cynerd",
+ "repo": "flakepy",
+ "type": "gitlab"
}
},
- "flake-utils_7": {
+ "flakepy_3": {
"inputs": {
- "systems": "systems_7"
+ "nixpkgs": "nixpkgs_10",
+ "systems": "systems_6"
},
"locked": {
- "lastModified": 1705309234,
- "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
- "type": "github"
+ "lastModified": 1751271815,
+ "narHash": "sha256-TrMceYyeUXdQZlj/qZCznJB4iHdKj+d1cHXzcaoi3ig=",
+ "owner": "Cynerd",
+ "repo": "flakepy",
+ "rev": "d59cf207f55256163badc539a65669ad9bb1ba95",
+ "type": "gitlab"
},
"original": {
- "id": "flake-utils",
- "type": "indirect"
+ "owner": "Cynerd",
+ "repo": "flakepy",
+ "type": "gitlab"
}
},
"home-manager": {
@@ -167,11 +159,11 @@
]
},
"locked": {
- "lastModified": 1703113217,
- "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+ "lastModified": 1745494811,
+ "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+ "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
@@ -180,17 +172,31 @@
"type": "github"
}
},
- "nixdeploy": {
+ "nixos-hardware": {
+ "locked": {
+ "lastModified": 1757103352,
+ "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=",
+ "owner": "NixOS",
+ "repo": "nixos-hardware",
+ "rev": "11b2a10c7be726321bb854403fdeec391e798bf0",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixos-hardware",
+ "type": "indirect"
+ }
+ },
+ "nixosdeploy": {
"inputs": {
- "flake-utils": "flake-utils_2",
- "nixpkgs": "nixpkgs_2"
+ "nixpkgs": "nixpkgs_2",
+ "systems": "systems_2"
},
"locked": {
- "lastModified": 1718017207,
- "narHash": "sha256-JQoiRu2+7PbRlPk4S0kX4ss7yK3O+D7GeXscx+87T3M=",
+ "lastModified": 1755690157,
+ "narHash": "sha256-32jQ9CPCVM5jh5tVxAWdwNR4r2KEcogHbvjsmBQHrKE=",
"owner": "cynerd",
"repo": "nixosdeploy",
- "rev": "a44b1eed846479923a968eb465ab39a4bd919434",
+ "rev": "ad7d8f43ecf986e227fa6e1eab522ddc5193a07e",
"type": "gitlab"
},
"original": {
@@ -199,43 +205,71 @@
"type": "gitlab"
}
},
- "nixos-hardware": {
+ "nixpkgs": {
"locked": {
- "lastModified": 1725716377,
- "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=",
+ "lastModified": 1754028485,
+ "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
- "repo": "nixos-hardware",
- "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6",
+ "repo": "nixpkgs",
+ "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
- "id": "nixos-hardware",
+ "owner": "NixOS",
+ "ref": "nixos-25.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_10": {
+ "locked": {
+ "lastModified": 1751180975,
+ "narHash": "sha256-BKk4yDiXr4LdF80OTVqYJ53Q74rOcA/82EClXug8xsY=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "a48741b083d4f36dd79abd9f760c84da6b4dc0e5",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
"type": "indirect"
}
},
- "nixpkgs": {
+ "nixpkgs_11": {
"locked": {
- "lastModified": 1703013332,
- "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+ "lastModified": 1753091883,
+ "narHash": "sha256-oVZt8VRJkO2Gytc7D2Pfqqy7wTnSECzdKPnoL9z8iFA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+ "rev": "2baf8e1658cba84a032c3a8befb1e7b06629242a",
"type": "github"
},
"original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_12": {
+ "locked": {
+ "lastModified": 1707877513,
+ "narHash": "sha256-sp0w2apswd3wv0sAEF7StOGHkns3XUQaO5erhWFZWXk=",
"owner": "NixOS",
- "ref": "nixos-unstable",
"repo": "nixpkgs",
+ "rev": "89653a03e0915e4a872788d10680e7eec92f8600",
"type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1712883908,
- "narHash": "sha256-icE1IJE9fHcbDfJ0+qWoDdcBXUoZCcIJxME4lMHwvSM=",
+ "lastModified": 1744096231,
+ "narHash": "sha256-kUfx3FKU1Etnua3EaKvpeuXs7zoFiAcli1gBwkPvGSs=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9",
+ "rev": "b2b0718004cc9a5bca610326de0a82e6ea75920b",
"type": "github"
},
"original": {
@@ -245,26 +279,26 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1725857262,
- "narHash": "sha256-m9n0PncgZepVgmjOO1rfVXMgUACDOwZbhjSRjJ/NUpM=",
+ "lastModified": 1757068644,
+ "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "5af6aefbcc55670e36663fd1f8a796e1e323001a",
+ "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9",
"type": "github"
},
"original": {
"id": "nixpkgs",
- "ref": "nixos-unstable-small",
+ "ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_4": {
"locked": {
- "lastModified": 1715653339,
- "narHash": "sha256-7lR9tpVXviSccl07GXI0+ve/natd24HAkuy1sQp0OlI=",
+ "lastModified": 1755268003,
+ "narHash": "sha256-nNaeJjo861wFR0tjHDyCnHs1rbRtrMgxAKMoig9Sj/w=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "abd6d48f8c77bea7dc51beb2adfa6ed3950d2585",
+ "rev": "32f313e49e42f715491e1ea7b306a87c16fe0388",
"type": "github"
},
"original": {
@@ -288,11 +322,11 @@
},
"nixpkgs_6": {
"locked": {
- "lastModified": 1724300212,
- "narHash": "sha256-x3jl6OWTs+L9C7EtscuWZmGZWI0iSBDafvg3X7JMa1A=",
+ "lastModified": 1751180975,
+ "narHash": "sha256-BKk4yDiXr4LdF80OTVqYJ53Q74rOcA/82EClXug8xsY=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "4de4818c1ffa76d57787af936e8a23648bda6be4",
+ "rev": "a48741b083d4f36dd79abd9f760c84da6b4dc0e5",
"type": "github"
},
"original": {
@@ -302,11 +336,11 @@
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1722141560,
- "narHash": "sha256-Ul3rIdesWaiW56PS/Ak3UlJdkwBrD4UcagCmXZR9Z7Y=",
+ "lastModified": 1753091883,
+ "narHash": "sha256-oVZt8VRJkO2Gytc7D2Pfqqy7wTnSECzdKPnoL9z8iFA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "038fb464fcfa79b4f08131b07f2d8c9a6bcc4160",
+ "rev": "2baf8e1658cba84a032c3a8befb1e7b06629242a",
"type": "github"
},
"original": {
@@ -316,11 +350,25 @@
},
"nixpkgs_8": {
"locked": {
- "lastModified": 1707877513,
- "narHash": "sha256-sp0w2apswd3wv0sAEF7StOGHkns3XUQaO5erhWFZWXk=",
+ "lastModified": 1751180975,
+ "narHash": "sha256-BKk4yDiXr4LdF80OTVqYJ53Q74rOcA/82EClXug8xsY=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "89653a03e0915e4a872788d10680e7eec92f8600",
+ "rev": "a48741b083d4f36dd79abd9f760c84da6b4dc0e5",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_9": {
+ "locked": {
+ "lastModified": 1756288264,
+ "narHash": "sha256-Om8adB1lfkU7D33VpR+/haZ2gI5r3Q+ZbIPzE5sYnwE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9",
"type": "github"
},
"original": {
@@ -330,15 +378,14 @@
},
"nixturris": {
"inputs": {
- "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
- "lastModified": 1715772678,
- "narHash": "sha256-UxVyJzWt4/TzJhfbX2LcKAb1fhAH0PXJA9boUaHsyZ0=",
+ "lastModified": 1755529547,
+ "narHash": "sha256-p8/c1Vf3jpz/un9vSMhYg5OZ9JKclAiUL5tqNoURBks=",
"owner": "cynerd",
"repo": "nixturris",
- "rev": "c3cf29dba9af8a226e527f11b80305bcdd22e5dd",
+ "rev": "7323f9aa5c20824861e137b90d5ba10729224ae5",
"type": "gitlab"
},
"original": {
@@ -349,11 +396,11 @@
},
"personal-secret": {
"locked": {
- "lastModified": 1718186830,
- "narHash": "sha256-gWvYesgp4/ZHuZZDpSSgpNm/lFGLAZaBnVw1MG0eHC4=",
+ "lastModified": 1753116365,
+ "narHash": "sha256-ilY/TB/McunFYw5P8MEICMopP/BnCoB8NrRc0Y0ReyE=",
"ref": "refs/heads/master",
- "rev": "07c3c94e37721b4a1365a2cd1ad84a1bac10c4da",
- "revCount": 108,
+ "rev": "0266c14d8f1a57153be83ed12dae57861f222e28",
+ "revCount": 136,
"type": "git",
"url": "ssh://git@cynerd.cz/nixos-personal-secret"
},
@@ -364,15 +411,34 @@
},
"pyshv": {
"inputs": {
- "flake-utils": "flake-utils_6",
+ "flakepy": "flakepy",
"nixpkgs": "nixpkgs_7"
},
"locked": {
- "lastModified": 1724333785,
- "narHash": "sha256-17pWZPRa4UcVOEnaawyshGWnFzoRXBuZNM3t24SV15w=",
+ "lastModified": 1753438446,
+ "narHash": "sha256-CPF/qCTzxUNbuZo6C/coefYOVVYQqTzvSa5KuznutIM=",
+ "owner": "silicon-heaven",
+ "repo": "pyshv",
+ "rev": "7f56bca6560641f2de6efb839be99a08465c51d3",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "silicon-heaven",
+ "repo": "pyshv",
+ "type": "gitlab"
+ }
+ },
+ "pyshv_2": {
+ "inputs": {
+ "flakepy": "flakepy_3",
+ "nixpkgs": "nixpkgs_11"
+ },
+ "locked": {
+ "lastModified": 1753438446,
+ "narHash": "sha256-CPF/qCTzxUNbuZo6C/coefYOVVYQqTzvSa5KuznutIM=",
"owner": "silicon-heaven",
"repo": "pyshv",
- "rev": "afe9817a30656a9750e9868aa1eccbf8d3c77562",
+ "rev": "7f56bca6560641f2de6efb839be99a08465c51d3",
"type": "gitlab"
},
"original": {
@@ -384,29 +450,30 @@
"root": {
"inputs": {
"agenix": "agenix",
- "flake-utils": "flake-utils",
- "nixdeploy": "nixdeploy",
"nixos-hardware": "nixos-hardware",
+ "nixosdeploy": "nixosdeploy",
"nixpkgs": "nixpkgs_3",
"nixturris": "nixturris",
"personal-secret": "personal-secret",
"shellrc": "shellrc",
"shvcli": "shvcli",
+ "shvcli-ell": "shvcli-ell",
+ "systems": "systems_7",
"usbkey": "usbkey",
"vpsadminos": "vpsadminos"
}
},
"shellrc": {
"inputs": {
- "flake-utils": "flake-utils_4",
+ "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_5"
},
"locked": {
- "lastModified": 1721899791,
- "narHash": "sha256-dT+kwR2nuymeq3qqzc5//g4nQJRG1pVWUeZztCXgYCM=",
+ "lastModified": 1756365336,
+ "narHash": "sha256-pqSx0uGuQcHJBYbJiA9gw00zUXBqAjagjjtD/RPcGr4=",
"ref": "refs/heads/master",
- "rev": "0adc7c32594913d0f4ec774a85cb03554cd719d4",
- "revCount": 112,
+ "rev": "748c5894119254a4ead74cb7c85dbbe24c5bc667",
+ "revCount": 117,
"type": "git",
"url": "https://git.cynerd.cz/shellrc"
},
@@ -417,16 +484,14 @@
},
"shvcli": {
"inputs": {
- "flake-utils": "flake-utils_5",
- "nixpkgs": "nixpkgs_6",
"pyshv": "pyshv"
},
"locked": {
- "lastModified": 1724334728,
- "narHash": "sha256-AXMBOOED8GTdJvpzwZtSkq1GBBzV3/pcWk3mpgQryzo=",
+ "lastModified": 1756393169,
+ "narHash": "sha256-scrJw1J3W2nbWLQEaS/lw0a5ugvPmnFbndQgxqKUSv4=",
"owner": "silicon-heaven",
"repo": "shvcli",
- "rev": "77bec05261b5f077ad2790ba4d592acdad3815b1",
+ "rev": "d344dc60db68719498c9812345d83b336884de6b",
"type": "github"
},
"original": {
@@ -435,6 +500,43 @@
"type": "github"
}
},
+ "shvcli-ell": {
+ "inputs": {
+ "ellembimages": "ellembimages",
+ "shvcli": "shvcli_2"
+ },
+ "locked": {
+ "lastModified": 1756395348,
+ "narHash": "sha256-1KqGZ2ZdJRNZMgdkTMVDqJeCkC4mthajDf0utWctC28=",
+ "owner": "elektroline-predator",
+ "repo": "shvcli-ell",
+ "rev": "9947888157c64234e5a345e8c93034a21ae958be",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "elektroline-predator",
+ "repo": "shvcli-ell",
+ "type": "gitlab"
+ }
+ },
+ "shvcli_2": {
+ "inputs": {
+ "pyshv": "pyshv_2"
+ },
+ "locked": {
+ "lastModified": 1756393169,
+ "narHash": "sha256-scrJw1J3W2nbWLQEaS/lw0a5ugvPmnFbndQgxqKUSv4=",
+ "owner": "silicon-heaven",
+ "repo": "shvcli",
+ "rev": "d344dc60db68719498c9812345d83b336884de6b",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "silicon-heaven",
+ "repo": "shvcli",
+ "type": "gitlab"
+ }
+ },
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -460,9 +562,8 @@
"type": "github"
},
"original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
+ "id": "systems",
+ "type": "indirect"
}
},
"systems_3": {
@@ -475,9 +576,8 @@
"type": "github"
},
"original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
+ "id": "systems",
+ "type": "indirect"
}
},
"systems_4": {
@@ -490,9 +590,8 @@
"type": "github"
},
"original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
+ "id": "systems",
+ "type": "indirect"
}
},
"systems_5": {
@@ -505,9 +604,8 @@
"type": "github"
},
"original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
+ "id": "systems",
+ "type": "indirect"
}
},
"systems_6": {
@@ -520,12 +618,25 @@
"type": "github"
},
"original": {
+ "id": "systems",
+ "type": "indirect"
+ }
+ },
+ "systems_7": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
+ },
+ "original": {
+ "id": "systems",
+ "type": "indirect"
}
},
- "systems_7": {
+ "systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -542,15 +653,15 @@
},
"usbkey": {
"inputs": {
- "flake-utils": "flake-utils_7",
- "nixpkgs": "nixpkgs_8"
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": "nixpkgs_12"
},
"locked": {
- "lastModified": 1707940956,
- "narHash": "sha256-XUJEkayw/HJlSC1z1pZICju/IA5hx1mgF//ZYHY5QUM=",
+ "lastModified": 1744029480,
+ "narHash": "sha256-74ch+U8HooU4UQ+Axyhw7gvTiTQirDWPL33Z50vE9mM=",
"owner": "cynerd",
"repo": "usbkey",
- "rev": "01e2e4b0435163ce65c07573d2dccbfdcca10c36",
+ "rev": "8905d295c7bc7d44e5dcb925ef6e96bd416c134e",
"type": "gitlab"
},
"original": {
@@ -561,11 +672,11 @@
},
"vpsadminos": {
"locked": {
- "lastModified": 1725810385,
- "narHash": "sha256-+6UULi05KMHmLfhlrNGhMdLZUoQeC5Dc1nLFdINyeyI=",
+ "lastModified": 1755964485,
+ "narHash": "sha256-+YzznL/mHiSjDFC8vJsSgQ+pvjhqWMsLRjegEKSNv/4=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
- "rev": "37c5eb47ca3f11deac83e4ada20a6c21d5487f29",
+ "rev": "20f55b1d9bee4fdab62494d4471854d6586d3637",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index c9a68bd..587af86 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,14 +2,15 @@
description = "Cynerd's personal flake";
inputs = {
- nixpkgs.url = "nixpkgs/nixos-unstable-small";
+ nixpkgs.url = "flake:nixpkgs/nixos-unstable";
nixos-hardware.url = "nixos-hardware";
- nixdeploy.url = "gitlab:cynerd/nixosdeploy";
+ nixosdeploy.url = "gitlab:cynerd/nixosdeploy";
personal-secret.url = "git+ssh://git@cynerd.cz/nixos-personal-secret";
shellrc.url = "git+https://git.cynerd.cz/shellrc";
agenix.url = "github:ryantm/agenix";
shvcli.url = "github:silicon-heaven/shvcli";
+ shvcli-ell.url = "gitlab:elektroline-predator/shvcli-ell";
usbkey.url = "gitlab:cynerd/usbkey";
@@ -19,63 +20,75 @@
outputs = {
self,
- flake-utils,
+ systems,
nixpkgs,
- nixdeploy,
+ nixosdeploy,
personal-secret,
shellrc,
agenix,
shvcli,
+ shvcli-ell,
usbkey,
nixturris,
...
}: let
- inherit (flake-utils.lib) eachDefaultSystem filterPackages;
- inherit (nixpkgs.lib) mapAttrs' nameValuePair filterAttrs;
- in
- {
- overlays = {
- lib = _: prev: import ./lib prev;
- pkgs = final: prev: import ./pkgs final prev;
- default = nixpkgs.lib.composeManyExtensions [
- agenix.overlays.default
- nixdeploy.overlays.default
- self.overlays.pkgs
- shellrc.overlays.default
- shvcli.overlays.default
- usbkey.overlays.default
- ];
- };
+ inherit (nixpkgs.lib) genAttrs mapAttrs' nameValuePair filterAttrs;
+ forSystems = genAttrs (import systems);
+ withPkgs = func: forSystems (system: func self.legacyPackages.${system});
- nixosModules = import ./nixos/modules {
- inherit (nixpkgs) lib;
- default_modules = [
- nixdeploy.nixosModules.default
- nixturris.nixosModules.default
- personal-secret.nixosModules.default
- shellrc.nixosModules.default
- usbkey.nixosModules.default
- ];
- };
+ osFilterMap = system: attr:
+ mapAttrs' (n: v: let
+ os =
+ if v.config.nixpkgs.hostPlatform.system == system
+ then v
+ else (v.extendModules {modules = [{nixpkgs.buildPlatform.system = system;}];});
+ in
+ nameValuePair "${attr}-${n}" os.config.system.build."${attr}")
+ (filterAttrs (_: v: v.config.system.build ? "${attr}")
+ self.nixosConfigurations);
+ in {
+ overlays = {
+ lib = import ./lib;
+ pkgs = import ./pkgs;
+ default = nixpkgs.lib.composeManyExtensions [
+ agenix.overlays.default
+ nixosdeploy.overlays.default
+ self.overlays.pkgs
+ shellrc.overlays.default
+ shvcli.overlays.default
+ shvcli-ell.inputs.ellembimages.overlays.default
+ shvcli-ell.overlays.packages
+ usbkey.overlays.default
+ ];
+ };
- nixosConfigurations = import ./nixos/configurations self;
- lib = import ./lib nixpkgs.lib;
- }
- // eachDefaultSystem (system: let
- pkgs = nixpkgs.legacyPackages."${system}".extend self.overlays.default;
- in {
- packages =
- {default = pkgs.nixdeploy;}
- // mapAttrs' (n: v: let
- os =
- if v.config.nixpkgs.hostPlatform.system == system
- then v
- else (v.extendModules {modules = [{nixpkgs.buildPlatform.system = system;}];});
- in
- nameValuePair "tarball-${n}" os.config.system.build.tarball)
- (filterAttrs (_: v: v.config.system.build ? tarball) self.nixosConfigurations);
- legacyPackages = pkgs;
- devShells = filterPackages system (import ./devShells pkgs);
- formatter = pkgs.alejandra;
- });
+ nixosModules = import ./nixos/modules {
+ inherit (nixpkgs) lib;
+ default_modules = [
+ nixosdeploy.nixosModules.default
+ nixturris.nixosModules.default
+ personal-secret.nixosModules.default
+ shellrc.nixosModules.default
+ usbkey.nixosModules.default
+ ];
+ };
+
+ nixosConfigurations = import ./nixos/configurations self;
+
+ legacyPackages =
+ forSystems (system:
+ nixpkgs.legacyPackages.${system}.extend self.overlays.default);
+
+ packages = forSystems (
+ system:
+ {inherit (nixosdeploy.packages.${system}) default;}
+ // (osFilterMap system "toplevel")
+ // (osFilterMap system "tarball")
+ // (osFilterMap system "firmware")
+ );
+
+ devShells = withPkgs (import ./devShells);
+
+ formatter = withPkgs (pkgs: pkgs.alejandra);
+ };
}
diff --git a/lib/default.nix b/lib/default.nix
index 3f14de0..76eb693 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,30 +1,25 @@
-nixpkgslib: let
- lib = nixpkgslib // nlib;
+final: _:
+with final; {
+ # Generic power of number
+ pow = base: e:
+ if e == 0
+ then 1
+ else foldl (x: _: x * base) 1 (genList id (e - 1));
+ # Power of 2
+ pow2 = pow 2;
- nlib = with builtins;
- with lib; {
- # Generic power of number
- pow = base: e:
- if e == 0
- then 1
- else foldl (x: _: x * base) 1 (genList id (e - 1));
- # Power of 2
- pow2 = pow 2;
+ # Convert integer to list of bits
+ int2bits = len: e: reverseList (genList (x: bitAnd e (pow2 (x + 1)) > 0) len);
+ # Reverse operation for int2bits
+ bits2int = l: let
+ len = length l;
+ zf = a: b:
+ if a
+ then pow2 b
+ else 0;
+ in
+ foldl add 0 (zipListsWith zf l (genList (i: len - i) len));
- # Convert integer to list of bits
- int2bits = len: e: reverseList (genList (x: bitAnd e (pow2 (x + 1)) > 0) len);
- # Reverse operation for int2bits
- bits2int = l: let
- len = length l;
- zf = a: b:
- if a
- then pow2 b
- else 0;
- in
- foldl add 0 (zipListsWith zf l (genList (i: len - i) len));
-
- # IPv4 utilities
- ipv4 = import ./ipv4.nix lib;
- };
-in
- nlib
+ # IPv4 utilities
+ ipv4 = import ./ipv4.nix final;
+}
diff --git a/nixos/configurations/adm-mpd.nix b/nixos/configurations/adm-mpd.nix
index ac3b4de..47ac008 100644
--- a/nixos/configurations/adm-mpd.nix
+++ b/nixos/configurations/adm-mpd.nix
@@ -5,26 +5,18 @@
}: let
inherit (lib) filterAttrs;
in {
- nixpkgs.hostPlatform.system = "aarch64-linux";
+ system.stateVersion = "24.05";
- fileSystems = {
- "/" = {
- device = "/dev/mmcblk0p2";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/mmcblk0p2";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/mmcblk0p1";
- };
+ cynerd.rpi = 3;
+ deploy = {
+ enable = true;
+ ssh.host = "nixos@mpd.adm";
};
networking.wireless = {
enable = true;
networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks;
- environmentFile = "/run/secrets/wifi.env";
+ secretsFile = "/run/secrets/wifi.secrets";
userControlled.enable = true;
};
@@ -33,24 +25,24 @@ in {
#alsa.enable = true;
#pulse.enable = true;
#};
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- zeroconf.publish.enable = true;
- };
+ #hardware.pulseaudio = {
+ # enable = true;
+ # systemWide = true;
+ # zeroconf.publish.enable = true;
+ #};
- services.spotifyd = {
- enable = true;
- settings.global = {
- device_name = "Adámkovi";
- device = "sysdefault";
- mixer = "Master";
- bitrate = 320;
- cache_path = "/var/cahe/spotify";
- no_audio_cache = true;
- volume_normalisation = true;
- normalisation_pregain = -10;
- initial_volume = 60;
- };
- };
+ #services.spotifyd = {
+ # enable = true;
+ # settings.global = {
+ # device_name = "Adámkovi";
+ # device = "sysdefault";
+ # mixer = "Master";
+ # bitrate = 320;
+ # cache_path = "/var/cahe/spotify";
+ # no_audio_cache = true;
+ # volume_normalisation = true;
+ # normalisation_pregain = -10;
+ # initial_volume = 60;
+ # };
+ #};
}
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 069dfb0..2b80bbc 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -1,10 +1,12 @@
{config, ...}: let
hosts = config.cynerd.hosts.adm;
in {
+ system.stateVersion = "24.05";
+
turris.board = "omnia";
deploy = {
- enable = false;
- ssh.host = "omnia.adm";
+ enable = true;
+ ssh.host = "adm.cynerd.cz";
};
cynerd = {
@@ -13,7 +15,6 @@ in {
wan = "pppoe-wan";
lanIP = hosts.omnia;
staticLeases = {
- "70:85:c2:4a:59:f2" = hosts.ridcully;
"7c:b0:c2:bb:9c:ca" = hosts.albert;
"4c:d5:77:0d:85:d9" = hosts.binky;
"b8:27:eb:49:54:5a" = hosts.mpd;
@@ -23,16 +24,16 @@ in {
};
};
wifiAP.adm = {
- enable = false;
+ enable = true;
ar9287 = {
- interface = "wlp1s0";
- bssids = ["04:f0:21:23:3d:ce" "08:f0:21:23:3d:ce" "0c:f0:21:23:3d:ce"];
- channel = 11;
+ interface = "wlp2s0";
+ bssids = config.secrets.wifiMacs.adm-omnia.ar9287;
+ channel = 7;
};
qca988x = {
- interface = "wlp3s0";
- bssids = ["04:f0:21:24:0b:4e" "08:f0:21:24:0b:4e" "0c:f0:21:24:0b:4e"];
- channel = 36;
+ interface = "wlp1s0";
+ bssids = config.secrets.wifiMacs.adm-omnia.qca988x;
+ channel = 44;
};
};
wireguard = true;
@@ -48,12 +49,18 @@ in {
fileSystems = ["/"];
};
- networking = {
- useNetworkd = true;
- useDHCP = false;
+ services.fail2ban = {
+ enable = true;
+ ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
};
+
+ networking.useDHCP = false;
systemd.network = {
networks = {
+ "end2" = {
+ matchConfig.Name = "end2"; # Ensure that it is managed by systemd-networkd
+ networkConfig.IPv6AcceptRA = false;
+ };
"pppoe-wan" = {
matchConfig.Name = "pppoe-wan";
networkConfig = {
@@ -75,7 +82,7 @@ in {
linkConfig.RequiredForOnline = "routable";
};
"lan-brlan" = {
- matchConfig.Name = "lan[1-4]";
+ matchConfig.Name = "lan4";
networkConfig.Bridge = "brlan";
bridgeVLANs = [
{
@@ -86,7 +93,7 @@ in {
];
};
"lan-guest" = {
- matchConfig.Name = "lan0";
+ matchConfig.Name = "lan[0-3]";
networkConfig.Bridge = "brlan";
bridgeVLANs = [
{
@@ -114,10 +121,14 @@ in {
password 02
'';
};
- systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"];
+ systemd.services."pppd-wan" = {
+ after = ["sys-subsystem-net-devices-end2.device"];
+ partOf = ["systemd-networkd.service"];
+ };
# TODO limit NSS clamping to just pppoe-wan
networking.firewall.extraForwardRules = ''
tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
- iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
+ iifname {"home", "wg"} oifname {"home", "wg"} accept
+ iifname "home" oifname "guest" accept comment "Allow home to access guest devices"
'';
}
diff --git a/nixos/configurations/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix
index 45b8dc4..fc5a92d 100644
--- a/nixos/configurations/adm-omnia2.nix
+++ b/nixos/configurations/adm-omnia2.nix
@@ -1,4 +1,6 @@
{config, ...}: {
+ system.stateVersion = "24.05";
+
turris.board = "omnia";
deploy = {
enable = true;
@@ -15,12 +17,12 @@
enable = true;
ar9287 = {
interface = "wlp2s0";
- bssids = ["12:f0:21:23:2b:00" "12:f0:21:23:2b:01" "12:f0:21:23:2b:02"];
+ bssids = config.secrets.wifiMacs.adm-omnia2.ar9287;
channel = 11;
};
qca988x = {
interface = "wlp1s0";
- bssids = ["12:f0:21:23:2b:03" "12:f0:21:23:2b:04" "12:f0:21:23:2b:05"];
+ bssids = config.secrets.wifiMacs.adm-omnia2.qca988x;
channel = 36;
};
};
diff --git a/nixos/configurations/albert.nix b/nixos/configurations/albert.nix
deleted file mode 100644
index a6a4ee1..0000000
--- a/nixos/configurations/albert.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{
- nixpkgs.hostPlatform.system = "x86_64-linux";
-
- cynerd = {
- desktop = {
- enable = true;
- laptop = true;
- };
- wifiClient = true;
- openvpn = {
- oldpersonal = true;
- };
- };
-
- boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod"];
-
- hardware.cpu.intel.updateMicrocode = true;
-
- fileSystems = {
- "/" = {
- device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/disk/by-uuid/E403-124B";
- fsType = "vfat";
- };
-
- "/home2" = {
- device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
- };
-}
diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix
index 7765d01..6111637 100644
--- a/nixos/configurations/binky.nix
+++ b/nixos/configurations/binky.nix
@@ -5,6 +5,7 @@
}: let
inherit (lib) mkDefault;
in {
+ system.stateVersion = "24.05";
nixpkgs.hostPlatform.system = "x86_64-linux";
deploy = {
enable = true;
@@ -88,15 +89,7 @@ in {
services.syncthing = {
enable = true;
- user = mkDefault "cynerd";
- group = mkDefault "cynerd";
- openDefaultPorts = true;
-
- overrideDevices = false;
- overrideFolders = false;
-
dataDir = "/home/cynerd";
- configDir = "/home/cynerd/.config/syncthing";
};
environment.systemPackages = [pkgs.heroic];
diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix
index 187e148..a95d9f1 100644
--- a/nixos/configurations/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -1,4 +1,5 @@
{pkgs, ...}: {
+ system.stateVersion = "24.05";
turris.board = "mox";
deploy.enable = true;
@@ -10,6 +11,20 @@
};
};
+ boot.initrd.availableKernelModules = ["dm-mod"];
+
+ hardware.enableAllFirmware = false; # No wifi so we do not need firmwares
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+ };
+
networking = {
useNetworkd = true;
useDHCP = false;
diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix
index fd348e8..defacf3 100644
--- a/nixos/configurations/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -1,11 +1,5 @@
-{
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkDefault;
-in {
+{pkgs, ...}: {
+ system.stateVersion = "24.05";
nixpkgs.hostPlatform.system = "x86_64-linux";
deploy.enable = true;
@@ -26,6 +20,7 @@ in {
"encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6";
"enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe";
"enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed";
+ #"encback" = "/dev/disk/by-uuid/1bd8c637-f71e-4fb0-96de-b660c4f1afaf";
};
fileSystems = {
"/" = {
@@ -53,6 +48,11 @@ in {
fsType = "btrfs";
options = ["compress=lzo" "subvol=@home"];
};
+ #"/back" = {
+ # device = "/dev/mapper/encback";
+ # fsType = "btrfs";
+ # options = ["compress=lzo"];
+ #};
};
services.btrfs.autoScrub = {
enable = true;
@@ -83,75 +83,11 @@ in {
pkgs.nvtopPackages.amd
];
- services.syncthing = {
- enable = true;
- user = mkDefault "cynerd";
- group = mkDefault "cynerd";
- openDefaultPorts = true;
-
- overrideDevices = false;
- overrideFolders = false;
-
- dataDir = "/home/cynerd";
- configDir = "/home/cynerd/.config/syncthing";
- };
-
- nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO
- services.home-assistant = {
- enable = true;
- openFirewall = true;
- configDir = "/var/lib/hass";
- config = {
- homeassistant = {
- name = "SPT";
- latitude = "!secret latitude";
- longitude = "!secret longitude";
- elevation = "!secret elevation";
- time_zone = "Europe/Prague";
- country = "CZ";
- };
- http.server_port = 8808;
- mqtt = {
- sensor = import ../modules/home-assistant/sensors.nix;
- light = import ../modules/home-assistant/light.nix;
- };
- default_config = {};
- automation = "!include automations.yaml";
- };
- extraComponents = ["met"];
- package = pkgs.home-assistant.override {
- extraPackages = pkgs:
- with pkgs; [
- securetar
- pyipp
- ];
- };
- };
-
- services.zigbee2mqtt = {
- enable = true;
- settings = {
- serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00";
- mqtt = {
- server = "mqtt://${config.cynerd.hosts.spt.mox}:1883";
- user = "zigbee2mqtt";
- password = "!secret.yaml mqtt_password";
- };
- advanced = {
- network_key = "!secret.yaml network_key";
- homeassistant_legacy_entity_attributes = false;
- legacy_api = false;
- legacy_availability_payload = false;
- last_seen = "epoch";
- };
- frontend = true;
- availability = true;
- homeassistant = {
- legacy_triggers = false;
- };
- device_options.legacy = false;
- permit_join = false;
- devices = config.secrets.zigbee2mqttDevices;
+ ##############################################################################
+ services = {
+ syncthing = {
+ enable = true;
+ dataDir = "/home/cynerd";
};
};
}
diff --git a/nixos/configurations/gaspode.nix b/nixos/configurations/gaspode.nix
index 78d8277..5d6d090 100644
--- a/nixos/configurations/gaspode.nix
+++ b/nixos/configurations/gaspode.nix
@@ -1,4 +1,5 @@
{
+ system.stateVersion = "25.05";
nixpkgs.hostPlatform.system = "armv7l-linux";
fileSystems = {
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 5e47c6a..2f5e242 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -7,6 +7,7 @@
imports = [inputModules.vpsadminos];
config = {
+ system.stateVersion = "24.05";
nixpkgs.hostPlatform.system = "x86_64-linux";
deploy = {
@@ -19,12 +20,14 @@
hw = false;
drives = false;
};
- syncthing = {
- enable = false;
- baseDir = "/nas";
- };
wireguard = true;
- openvpn.oldpersonal = true;
+ borgjobs = {
+ postgresql.dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" ''
+ /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall
+ '';
+ nextcloud_data.paths = "/nas/nextcloud/data";
+ sync_data.paths = "/sync";
+ };
};
boot.loader.systemd-boot.enable = false;
@@ -39,7 +42,7 @@
];
};
"/nas/nextcloud-sync" = {
- device = "/nas/sync";
+ device = "/sync";
fsType = "fuse.bindfs";
options = ["map=syncthing/nextcloud:@syncthing/@nextcloud"];
};
@@ -108,9 +111,9 @@
forceSSL = true;
useACMEHost = "cynerd.cz";
locations."/" = {
- proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
- extraConfig = "proxy_set_header Host $host;";
+ proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
+ recommendedProxySettings = true;
};
};
"searx.cynerd.cz" = {
@@ -132,6 +135,7 @@
defaults.email = "cynerd+acme@email.cz";
certs."cynerd.cz".extraDomainNames = [
"cloud.cynerd.cz"
+ "office.cynerd.cz"
"git.cynerd.cz"
"grafana.cynerd.cz"
"searx.cynerd.cz"
@@ -191,7 +195,7 @@
# Nextcloud ################################################################
services.nextcloud = {
enable = true;
- package = pkgs.nextcloud28;
+ package = pkgs.nextcloud31;
https = true;
hostName = "cloud.cynerd.cz";
datadir = "/nas/nextcloud";
@@ -200,11 +204,25 @@
adminpassFile = "/run/secrets/nextcloud.admin.pass";
dbtype = "pgsql";
dbhost = "/run/postgresql";
- dbtableprefix = "oc_";
};
settings = {
#log_type = "systemd";
+ default_locale = "CZ";
default_phone_region = "CZ";
+ default_timezone = "Europe/Prague";
+ enabledPreviewProviders = [
+ "OC\\Preview\\BMP"
+ "OC\\Preview\\GIF"
+ "OC\\Preview\\JPEG"
+ "OC\\Preview\\Krita"
+ "OC\\Preview\\MarkDown"
+ "OC\\Preview\\MP3"
+ "OC\\Preview\\OpenDocument"
+ "OC\\Preview\\PNG"
+ "OC\\Preview\\TXT"
+ "OC\\Preview\\XBitmap"
+ "OC\\Preview\\HEIC"
+ ];
};
phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
phpOptions = {
@@ -230,29 +248,33 @@
previewgenerator
spreed
tasks
- twofactor_nextcloud_notification
twofactor_webauthn
;
# Additional modules can be fetched with:
- # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab"
- passwords = pkgs.fetchNextcloudApp {
- url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.9.0/passwords.tar.gz";
- sha256 = "L+jumcussL0c9xNMg/GMs1GSd1IY9wUvC8ZEg+3U+sc=";
+ # NEXTCLOUD_VERSIONS=31 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab"
+ fileslibreofficeedit = pkgs.fetchNextcloudApp {
+ url = "https://github.com/allotropia/nextcloud_files_libreoffice_edit/releases/download/v2.0.1/fileslibreofficeedit.tar.gz";
+ hash = "sha256-Xqx5snQWintYJG3Q1Crw22TkNw18DdADXkurMQqt3X8=";
license = "agpl3Plus";
};
integration_github = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.7/integration_github-v2.0.7.tar.gz";
- sha256 = "x4BrBdrvmbdwZcZL6FLAY27B5OpkXIsw92XsD076Aqg=";
+ url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.2.1/integration_github-v3.2.1.tar.gz";
+ hash = "sha256-iBWphFaXmQHNxgoi9qkfV7vCTChwtk6yg0aVr9Lhn4c=";
license = "agpl3Plus";
};
integration_gitlab = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.1.1/integration_gitlab-v3.1.1.tar.gz";
- sha256 = "nBqnBDVoNEqRGp+WKq4okis1kCr6pzEz4G6368MaxuE=";
+ url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.2.0/integration_gitlab-v3.2.0.tar.gz";
+ hash = "sha256-BDDuqQIDV3pn1mYutjA7Z3L2nib2wW6DlZgyqU46f8Q=";
license = "agpl3Plus";
};
money = pkgs.fetchNextcloudApp {
- url = "https://github.com/powerpaul17/nc_money/releases/download/v0.29.0/money.tar.gz";
- sha256 = "EXcY69z5h6rT0RdkmOhQYKSWmVBr2zaWuSRj/m5dMkI=";
+ url = "https://github.com/powerpaul17/nc_money/releases/download/v0.30.0/money.tar.gz";
+ hash = "sha256-4gHm6sF9S+1G1naRTr+eR8ZyjCpB3viXTzRCNQFUtF0=";
+ license = "agpl3Plus";
+ };
+ passwords = pkgs.fetchNextcloudApp {
+ url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.7.0/passwords.tar.gz";
+ hash = "sha256-SVItAtFRO/CbZ203ZS86inCZ+ZpGy0NUS3y2Xj1b+LI=";
license = "agpl3Plus";
};
};
@@ -269,7 +291,7 @@
}
];
ensureDatabases = ["nextcloud"];
- extraPlugins = ps: with ps; [timescaledb];
+ #extraPlugins = ps: with ps; [timescaledb];
};
# SearX ####################################################################
@@ -339,7 +361,7 @@
}
];
};
- runInUwsgi = true;
+ configureUwsgi = true;
uwsgiConfig = {
socket = "/run/searx/searx.sock";
chmod-socket = "660";
@@ -348,16 +370,12 @@
};
users.groups.searx.members = ["nginx"];
- # Old Syncthing ############################################################
+ # Syncthing ################################################################
services.syncthing = {
enable = true;
- openDefaultPorts = true;
-
- overrideDevices = false;
- overrideFolders = false;
-
- dataDir = "/nas/sync";
- configDir = "/nas/sync/.syncthing";
+ user = "syncthing";
+ group = "syncthing";
+ dataDir = "/sync";
};
};
}
diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix
index 2be1a7a..3dd9beb 100644
--- a/nixos/configurations/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -1,10 +1,5 @@
-{
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkDefault;
-in {
+{pkgs, ...}: {
+ system.stateVersion = "24.05";
nixpkgs.hostPlatform.system = "x86_64-linux";
deploy.enable = true;
@@ -26,6 +21,7 @@ in {
cynerd.autounlock = {
"encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71";
"enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
+ "encback" = "/dev/disk/by-uuid/b426cbe7-fba2-473b-90f9-9ebe3e34b76e";
};
fileSystems = {
"/" = {
@@ -48,6 +44,11 @@ in {
fsType = "btrfs";
options = ["compress=lzo" "subvol=@home"];
};
+ "/back" = {
+ device = "/dev/mapper/encback";
+ fsType = "btrfs";
+ options = ["compress=lzo"];
+ };
};
services.btrfs.autoScrub = {
enable = true;
@@ -61,10 +62,6 @@ in {
systemd.network = {
wait-online.enable = false;
};
- #networking.vlans."enp6s0.adm" = {
- #id = 2;
- #interface = "enp6s0";
- #};
environment.systemPackages = [
pkgs.nvtopPackages.amd
@@ -72,17 +69,9 @@ in {
services.syncthing = {
enable = true;
- user = mkDefault "cynerd";
- group = mkDefault "cynerd";
- openDefaultPorts = true;
-
- overrideDevices = false;
- overrideFolders = false;
-
dataDir = "/home/cynerd";
- configDir = "/home/cynerd/.config/syncthing";
};
# Force nix to use less jobs
- nix.settings.max-jobs = 8;
+ nix.settings.max-jobs = 4;
}
diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix
index 0bc7627..4dfa2c8 100644
--- a/nixos/configurations/spt-mox.nix
+++ b/nixos/configurations/spt-mox.nix
@@ -1,12 +1,17 @@
-{config, ...}: {
+{
+ config,
+ pkgs,
+ ...
+}: {
+ system.stateVersion = "24.05";
turris.board = "mox";
deploy = {
enable = true;
ssh.host = "mox.spt";
+ configurationLimit = 8;
};
cynerd = {
- home-assistant = true;
monitoring.drives = false;
switch = {
enable = true;
@@ -17,19 +22,23 @@
enable = true;
qca988x = {
interface = "wlp1s0";
- bssids = ["04:f0:21:24:24:d2" "08:f0:21:24:24:d2"];
+ bssids = config.secrets.wifiMacs.spt-mox.qca988x;
channel = 7;
};
};
};
- services.journald.extraConfig = ''
- SystemMaxUse=512M
- '';
+ boot.initrd.availableKernelModules = ["dm-mod"];
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
};
networking = {
@@ -49,4 +58,104 @@
];
};
};
+
+ ##############################################################################
+ networking.firewall.allowedTCPPorts = [
+ 1883 # Mosquitto
+ ];
+ services = {
+ mosquitto = {
+ enable = true;
+ listeners = [
+ {
+ users = {
+ cynerd = {
+ acl = ["readwrite #"];
+ passwordFile = "/run/secrets/mosquitto.cynerd.pass";
+ };
+ telegraf = {
+ acl = ["read bigclown/node/#"];
+ passwordFile = "/run/secrets/mosquitto.telegraf.pass";
+ };
+ bigclown = {
+ acl = ["readwrite bigclown/#"];
+ passwordFile = "/run/secrets/mosquitto.bigclown.pass";
+ };
+ };
+ }
+ ];
+ };
+
+ telegraf.extraConfig = {
+ outputs.influxdb_v2 = [
+ {
+ urls = ["http://cynerd.cz:8086"];
+ token = "$INFLUX_TOKEN";
+ organization = "personal";
+ bucket = "bigclown";
+ tagpass.source = ["bigclown"];
+ }
+ ];
+ inputs.mqtt_consumer = let
+ consumer = data_type: topics: {
+ tags = {source = "bigclown";};
+ servers = ["tcp://localhost:1883"];
+ inherit topics;
+ username = "telegraf";
+ password = "$MQTT_PASSWORD";
+ data_format = "value";
+ inherit data_type;
+ topic_parsing = [
+ {
+ topic = "bigclown/node/+/+/+/+";
+ measurement = "_/_/_/_/_/measurement";
+ tags = "_/_/device/field/_/_";
+ }
+ ];
+ };
+ in [
+ (consumer "float" [
+ "bigclown/node/+/battery/+/voltage"
+ "bigclown/node/+/thermometer/+/temperature"
+ "bigclown/node/+/hygrometer/+/relative-humidity"
+ "bigclown/node/+/lux-meter/+/illuminance"
+ "bigclown/node/+/barometer/+/pressure"
+ "bigclown/node/+/pir/+/event-count"
+ "bigclown/node/+/push-button/+/event-count"
+ ])
+ (consumer "boolean" [
+ "bigclown/node/+/flood-detector/+/alarm"
+ ])
+ ];
+ processors.pivot = [
+ {
+ tag_key = "field";
+ value_key = "value";
+ tagpass.source = ["bigclown"];
+ }
+ ];
+ };
+
+ bcg = {
+ enable = true;
+ device = "/dev/ttyUSB0";
+ baseTopicPrefix = "bigclown/";
+ environmentFiles = ["/run/secrets/bigclown.env"];
+ mqtt = {
+ username = "bigclown";
+ password = "\${MQTT_PASSWORD}";
+ };
+ };
+ };
+
+ systemd.services = {
+ telegraf.wants = ["mosquitto.service"];
+
+ bigclown-leds = {
+ description = "Bigclown LEDs control";
+ wantedBy = ["multi-user.target"];
+ wants = ["mosquitto.service"];
+ serviceConfig.ExecStart = "${pkgs.bigclown-leds}/bin/bigclown-leds /run/secrets/bigclown-leds.ini";
+ };
+ };
}
diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix
index af0796c..2e76449 100644
--- a/nixos/configurations/spt-mox2.nix
+++ b/nixos/configurations/spt-mox2.nix
@@ -1,8 +1,5 @@
-{
- config,
- pkgs,
- ...
-}: {
+{config, ...}: {
+ system.stateVersion = "24.05";
turris.board = "mox";
deploy = {
enable = true;
@@ -20,19 +17,23 @@
enable = true;
qca988x = {
interface = "wlp1s0";
- bssids = ["04:f0:21:45:d3:47" "08:f0:21:45:d3:47"];
+ bssids = config.secrets.wifiMacs.spt-mox2.qca988x;
channel = 1;
};
};
};
- services.journald.extraConfig = ''
- SystemMaxUse=512M
- '';
+ boot.initrd.availableKernelModules = ["dm-mod"];
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
};
networking = {
diff --git a/nixos/configurations/spt-mpd.nix b/nixos/configurations/spt-mpd.nix
index b212932..1849d9b 100644
--- a/nixos/configurations/spt-mpd.nix
+++ b/nixos/configurations/spt-mpd.nix
@@ -2,6 +2,7 @@
imports = [inputModules.nixos-hardware.raspberry-pi-2];
config = {
+ system.stateVersion = "24.05";
nixpkgs.hostPlatform.system = "armv7l-linux";
fileSystems = {
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index 79ced79..8449f0d 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -1,14 +1,11 @@
-{
- config,
- pkgs,
- ...
-}: let
+{config, ...}: let
hosts = config.cynerd.hosts.spt;
in {
+ system.stateVersion = "24.05";
turris.board = "omnia";
deploy = {
enable = true;
- ssh.host = "omnia.spt";
+ ssh.host = "spt.cynerd.cz";
};
cynerd = {
@@ -18,6 +15,7 @@ in {
lanIP = hosts.omnia;
staticLeases = {
"a8:a1:59:10:32:c4" = hosts.errol;
+ "70:85:c2:4a:59:f2" = hosts.ridcully;
"7c:b0:c2:bb:9c:ca" = hosts.albert;
"4c:d5:77:0d:85:d9" = hosts.binky;
"b8:27:eb:57:a2:31" = hosts.mpd;
@@ -28,12 +26,12 @@ in {
enable = true;
ar9287 = {
interface = "wlp1s0";
- bssids = ["04:f0:21:24:21:93" "08:f0:21:24:21:93"];
+ bssids = config.secrets.wifiMacs.spt-omnia.ar9287;
channel = 11;
};
qca988x = {
- interface = "wlp3s0";
- bssids = ["04:f0:21:23:16:64" "08:f0:21:23:16:64"];
+ interface = "wlp2s0";
+ bssids = config.secrets.wifiMacs.spt-omnia.qca988x;
channel = 36;
};
};
@@ -41,18 +39,20 @@ in {
monitoring.speedtest = true;
};
- services.journald.extraConfig = ''
- SystemMaxUse=8G
- '';
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=8G
+ '';
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
- };
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
- services.fail2ban = {
- enable = true;
- ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
+ fail2ban = {
+ enable = true;
+ ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
+ };
};
networking.useDHCP = false;
@@ -125,10 +125,22 @@ in {
password metronet
'';
};
- systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"];
+ systemd.services."pppd-wan" = {
+ after = ["sys-subsystem-net-devices-end2.848.device"];
+ partOf = ["systemd-networkd.service"];
+ };
# TODO limit NSS clamping to just pppoe-wan
networking.firewall.extraForwardRules = ''
tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
- iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
+ iifname {"home", "wg"} oifname {"home", "wg"} accept
'';
+
+ ##############################################################################
+ cynerd.ha = {
+ enable = true;
+ domain = "spt.cynerd.cz";
+ extraOptions = [
+ "--device=/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00:/dev/ttyACM0"
+ ];
+ };
}
diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix
new file mode 100644
index 0000000..a6f327c
--- /dev/null
+++ b/nixos/configurations/zd-mox.nix
@@ -0,0 +1,128 @@
+{config, ...}: let
+ hosts = config.cynerd.hosts.zd;
+in {
+ system.stateVersion = "25.05";
+ turris.board = "mox";
+ deploy = {
+ enable = true;
+ ssh.host = "zd.cynerd.cz";
+ };
+
+ cynerd = {
+ router = {
+ enable = true;
+ wan = "pppoe-wan";
+ lanIP = hosts.mox;
+ staticLeases = {
+ "4c:d5:77:0d:85:d9" = hosts.binky;
+ };
+ };
+ wifiAP.zd = {
+ enable = false;
+ qca988x = {
+ interface = "wlp1s0";
+ bssids = config.secrets.wifiMacs.zd-mox.qca988x;
+ channel = 36;
+ };
+ };
+ wireguard = true;
+ monitoring.speedtest = true;
+ };
+
+ boot.initrd.availableKernelModules = ["dm-mod"];
+
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+
+ fail2ban = {
+ enable = true;
+ ignoreIP = ["10.8.0.0/24" "10.8.1.0/24" "10.8.2.0/24"];
+ };
+ };
+
+ networking.useDHCP = false;
+ systemd.network = {
+ netdevs = {
+ "end2.848" = {
+ netdevConfig = {
+ Kind = "vlan";
+ Name = "end2.848";
+ };
+ vlanConfig.Id = 848;
+ };
+ };
+ networks = {
+ "end2" = {
+ matchConfig.Name = "end2";
+ networkConfig.VLAN = ["end2.848"];
+ };
+ "end2.848" = {
+ matchConfig.Name = "end2.848";
+ networkConfig.BindCarrier = "end2";
+ };
+ "pppoe-wan" = {
+ matchConfig.Name = "pppoe-wan";
+ networkConfig = {
+ BindCarrier = "end2.848";
+ DHCP = "ipv6";
+ IPv6AcceptRA = "no";
+ DHCPPrefixDelegation = "yes";
+ #DNS = ["84.19.64.3" "84.19.64.4" "1.1.1.1"];
+ DNS = "1.1.1.1";
+ };
+ dhcpV6Config = {
+ PrefixDelegationHint = "::/56";
+ UseDNS = "no";
+ };
+ dhcpPrefixDelegationConfig = {
+ UplinkInterface = ":self";
+ SubnetId = 0;
+ Announce = "no";
+ };
+ linkConfig.RequiredForOnline = "routable";
+ };
+ "lan-brlan" = {
+ matchConfig.Name = "lan*";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 1;
+ PVID = 1;
+ }
+ {VLAN = 2;}
+ ];
+ };
+ };
+ };
+
+ services.pppd = {
+ enable = true;
+ peers."wan".config = ''
+ plugin pppoe.so end2.848
+ ifname pppoe-wan
+ lcp-echo-interval 1
+ lcp-echo-failure 5
+ lcp-echo-adaptive
+ defaultroute
+ defaultroute6
+ maxfail 1
+ # user and password added in secrets
+ '';
+ };
+ systemd.services."pppd-wan" = {
+ after = ["sys-subsystem-net-devices-end2.848.device"];
+ partOf = ["systemd-networkd.service"];
+ };
+ # TODO limit NSS clamping to just pppoe-wan
+ networking.firewall.extraForwardRules = ''
+ tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
+ iifname {"home", "wg"} oifname {"home", "wg"} accept
+ '';
+}
diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
new file mode 100644
index 0000000..3f5042b
--- /dev/null
+++ b/nixos/modules/backup.nix
@@ -0,0 +1,63 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ inherit (builtins) elem readFile readDir;
+ inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate;
+
+ servers = ["ridcully"]; # TODO "errol"
+ clients =
+ mapAttrs' (fname: _:
+ nameValuePair (removeSuffix ".pub" fname)
+ (readFile (config.personal-secrets + "/unencrypted/backup/${fname}")))
+ (filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n)
+ (readDir (config.personal-secrets + "/unencrypted/backup")));
+ edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub");
+in {
+ options.cynerd = {
+ borgjobs = mkOption {
+ type = with types; attrsOf anything;
+ description = "Job to be backed up for this ";
+ };
+ };
+
+ config = {
+ services.borgbackup = {
+ repos = mkIf (elem config.networking.hostName servers) (
+ mapAttrs (name: key: {
+ path = "/back/${name}";
+ authorizedKeys = [key edpersonal];
+ allowSubRepos = true;
+ })
+ clients
+ );
+
+ jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList
+ (map (server: (mapAttrs' (n: v:
+ nameValuePair "${server}-${n}"
+ (recursiveUpdate
+ (recursiveUpdate {
+ encryption.mode = "none";
+ prune = {
+ keep = {
+ daily = 7;
+ weekly = 4;
+ monthly = -1;
+ };
+ prefix = n;
+ };
+ }
+ v)
+ {
+ repo = "borg@${server}:./${n}";
+ environment = {
+ BORG_RSH = "ssh -i /run/secrets/borgbackup.key";
+ };
+ archiveBaseName = null;
+ }))
+ config.cynerd.borgjobs))
+ servers));
+ };
+ };
+}
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 4a8c7dd..618e9cd 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -69,11 +69,8 @@ in {
isync
msmtp
notmuch
- astroid
+ dodo
taskwarrior3
- vdirsyncer
- khal
- khard
gnupg
pinentry-gnome3
pinentry-curses
@@ -81,15 +78,22 @@ in {
exts.pass-otp
exts.pass-audit
]))
+ ranger
chromium
+ tangram
ferdium
signal-desktop
- libreoffice
mupdf
zathura
pdfgrep
+ libreoffice-qt6-fresh
+ hunspell
+ hunspellDicts.en_US-large
+ hunspellDicts.en_GB-large
+ hunspellDicts.cs_CZ
+
xdg-utils
xdg-launch
mesa-demos
@@ -123,7 +127,6 @@ in {
tigervnc
freerdp
- plasma5Packages.kdeconnect-kde
gnome-firmware
hdparm
@@ -143,21 +146,24 @@ in {
gimp
inkscape
blender
- kdenlive
+ tenacity
+ #kdePackages.kdenlive
# GStreamer
- gst_all_1.gst-libav
- gst_all_1.gst-plugins-bad
+ gst_all_1.gstreamer
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good
+ gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-ugly
- gst_all_1.gst-plugins-viperfx
+ gst_all_1.gst-plugins-rs
+ gst_all_1.gst-libav
+ gst_all_1.gst-vaapi
# Writing
typst
- typst-fmt
+ typstfmt
typst-live
- typst-lsp
+ tinymist
vale
# CAD
@@ -199,6 +205,8 @@ in {
enableSSHSupport = true;
enableBrowserSocket = true;
};
+
+ kdeconnect.enable = true;
};
xdg = {
@@ -244,9 +252,15 @@ in {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
- extraConfig.pipewire."10-zeroconf" = {
- "context.modules" = [{name = "libpipewire-module-zeroconf-discover";}];
- };
+ configPackages = [
+ (pkgs.writeTextDir "share/pipewire/pipewire.conf.d/10-zeroconf-discover.conf" ''
+ context.modules = [
+ { name = libpipewire-module-zeroconf-discover
+ args = { }
+ }
+ ]
+ '')
+ ];
};
upower.enable = true;
@@ -271,6 +285,12 @@ in {
davfs2.enable = true;
locate.enable = true;
+
+ gnome = {
+ at-spi2-core.enable = true;
+ gnome-keyring.enable = true;
+ gnome-online-accounts.enable = true;
+ };
};
# Beneficial for Pipewire
@@ -283,15 +303,20 @@ in {
};
fonts.packages = with pkgs; [
- (nerdfonts.override {fonts = ["Hack"];})
arkpandora_ttf
corefonts
dejavu_fonts
+ fira-code
+ fira-code-symbols
+ fira-math
+ fira-mono
+ fira-sans
font-awesome
freefont_ttf
hack-font
liberation_ttf
libertine
+ nerd-fonts.hack
noto-fonts
noto-fonts-emoji
terminus_font_ttf
diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
index 446d205..8e24707 100644
--- a/nixos/modules/develop.nix
+++ b/nixos/modules/develop.nix
@@ -43,6 +43,7 @@ in {
cachix
nurl
nil
+ nixfmt-rfc-style
alejandra
statix
deadnix
@@ -62,7 +63,7 @@ in {
# C
clang-tools
massif-visualizer
- qcachegrind
+ #qcachegrind
# Python
(python3.withPackages (pypkgs:
@@ -82,6 +83,7 @@ in {
pygraphviz
matplotlib
+ seaborn
plotly
pygal
@@ -105,8 +107,14 @@ in {
pyserial
pylibftdi
+ pyusb
+ usbtmc
+
pylxd
selenium
+
+ pyvisa
+ pyvisa-py
]))
ruff
geckodriver
@@ -123,6 +131,9 @@ in {
# Julia
julia
+ # XML
+ libxml2
+
# Qemmu
qemu
virt-manager
@@ -152,12 +163,15 @@ in {
stdmanpages
# SHV
- shvcli
+ (shvcli.withPlugins [python3Packages.shvcli-ell])
# Images
imagemagick
];
- programs.wireshark.package = pkgs.wireshark;
+ programs.wireshark = {
+ enable = true;
+ package = pkgs.wireshark;
+ };
documentation = {
nixos = {
@@ -168,12 +182,17 @@ in {
doc.enable = true;
};
- services.udev.extraRules = ''
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE:="0660", GROUP="develop", SYMLINK+="stlinkv2_%n"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="a600", ATTRS{idProduct}=="a003", MODE:="0660", GROUP="develop", SYMLINK+="aix_forte_%n"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE:="0660", GROUP="develop", SYMLINK+="jlink_%n"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2111", MODE:="0660", GROUP="develop", SYMLINK+="cmsip_dap_%n"
- '';
+ services = {
+ udev.extraRules = ''
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE:="0660", GROUP="develop", SYMLINK+="stlinkv2_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="a600", ATTRS{idProduct}=="a003", MODE:="0660", GROUP="develop", SYMLINK+="aix_forte_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE:="0660", GROUP="develop", SYMLINK+="jlink_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2111", MODE:="0660", GROUP="develop", SYMLINK+="cmsip_dap_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ab1", ATTRS{idProduct}=="0e11", MODE:="0660", GROUP="develop"
+ '';
+
+ guix.enable = true;
+ };
virtualisation = {
containers.enable = true;
@@ -182,10 +201,10 @@ in {
autoPrune.enable = true;
storageDriver = "btrfs";
};
- lxd = {
- enable = true;
- recommendedSysctlSettings = true;
- };
+ #lxd = {
+ # enable = true;
+ # recommendedSysctlSettings = true;
+ #};
lxc.enable = true;
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix
index 64af068..4f957ed 100644
--- a/nixos/modules/gaming.nix
+++ b/nixos/modules/gaming.nix
@@ -18,7 +18,14 @@ in {
config = mkIf cnf {
cynerd.desktop.enable = true;
- environment.systemPackages = [pkgs.heroic];
+ environment.systemPackages = with pkgs; [
+ heroic
+ prismlauncher
+ ];
+
+ nixpkgs.config.permittedInsecurePackages = [
+ "SDL_ttf-2.0.11" # TODO
+ ];
programs.steam = {
enable = true;
@@ -31,8 +38,28 @@ in {
with pkgs; [
ncurses
xorg.libXpm
- flac1_3
+ flac134
+ libopus
+ ];
+ };
+ heroic = pkgs.heroic.override {
+ extraPkgs = pkgs:
+ with pkgs; [
+ ncurses
+ xorg.libXpm
+ flac134 # For Nebuchadnezzar
libopus
+ SDL
+ SDL2_image
+ SDL2_mixer
+ SDL2_ttf
+ SDL_image
+ SDL_mixer
+ SDL_ttf
+ glew110
+ libdrm
+ libidn
+ tbb
];
};
};
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 02afd17..e6e96a4 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -6,10 +6,8 @@
inherit (lib) mkOverride mkDefault;
in {
config = {
- system.stateVersion = "24.05";
-
nix = {
- extraOptions = "experimental-features = nix-command flakes repl-flake";
+ extraOptions = "experimental-features = nix-command flakes";
settings = {
auto-optimise-store = true;
substituters = [
@@ -31,12 +29,15 @@ in {
};
boot = {
- loader.systemd-boot.enable = mkOverride 1100 true;
- loader.efi.canTouchEfiVariables = mkDefault true;
+ loader = {
+ systemd-boot.enable = mkOverride 1100 true;
+ efi.canTouchEfiVariables = mkDefault true;
+ grub.enable = mkOverride 1100 false;
+ };
kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest;
kernelParams = ["boot.shell_on_fail"];
};
- hardware.enableAllFirmware = true;
+ hardware.enableAllFirmware = mkDefault true;
services.fwupd.enable = mkDefault (pkgs.system == "x86_64-linux");
systemd.oomd.enable = false;
@@ -59,11 +60,6 @@ in {
})
];
- system.extraSystemBuilderCmds = ''
- substituteAll ${./nixos-system.sh} $out/bin/nixos-system
- chmod +x $out/bin/nixos-system
- '';
-
documentation = {
enable = mkDefault false;
doc.enable = mkDefault false;
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
deleted file mode 100644
index ab16e8a..0000000
--- a/nixos/modules/home-assistant.nix
+++ /dev/null
@@ -1,164 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkIf mkEnableOption;
-in {
- options = {
- cynerd.home-assistant = mkEnableOption "Enable Home Assistant and Bigclown";
- };
-
- config = mkIf config.cynerd.home-assistant {
- services.mosquitto = {
- enable = true;
- listeners = [
- {
- users = {
- cynerd = {
- acl = ["readwrite #"];
- passwordFile = "/run/secrets/mosquitto.cynerd.pass";
- };
- telegraf = {
- acl = ["read bigclown/node/#"];
- passwordFile = "/run/secrets/mosquitto.telegraf.pass";
- };
- homeassistant = {
- acl = [
- "readwrite homeassistant/#"
- "readwrite bigclown/#"
- "readwrite zigbee2mqtt/#"
- ];
- passwordFile = "/run/secrets/mosquitto.homeassistant.pass";
- };
- bigclown = {
- acl = ["readwrite bigclown/#"];
- passwordFile = "/run/secrets/mosquitto.bigclown.pass";
- };
- zigbee2mqtt = {
- acl = [
- "readwrite homeassistant/#"
- "readwrite zigbee2mqtt/#"
- ];
- passwordFile = "/run/secrets/mosquitto.zigbee2mqtt.pass";
- };
- };
- }
- ];
- };
- networking.firewall.allowedTCPPorts = [
- 1883 # Mosquitto
- ];
-
- services.bcg = {
- enable = true;
- device = "/dev/ttyUSB0";
- baseTopicPrefix = "bigclown/";
- environmentFiles = ["/run/secrets/bigclown.env"];
- mqtt = {
- username = "bigclown";
- password = "\${MQTT_PASSWORD}";
- };
- };
-
- systemd.services.bigclown-leds = {
- description = "Bigclown LEDs control";
- wantedBy = ["multi-user.target"];
- wants = ["mosquitto.service"];
- serviceConfig.ExecStart = "${pkgs.bigclown-leds}/bin/bigclown-leds /run/secrets/bigclown-leds.ini";
- };
-
- services.telegraf.extraConfig = {
- outputs.influxdb_v2 = [
- {
- urls = ["http://cynerd.cz:8086"];
- token = "$INFLUX_TOKEN";
- organization = "personal";
- bucket = "bigclown";
- tagpass.source = ["bigclown"];
- }
- ];
- inputs.mqtt_consumer = let
- consumer = data_type: topics: {
- tags = {source = "bigclown";};
- servers = ["tcp://localhost:1883"];
- inherit topics;
- username = "telegraf";
- password = "$MQTT_PASSWORD";
- data_format = "value";
- inherit data_type;
- topic_parsing = [
- {
- topic = "bigclown/node/+/+/+/+";
- measurement = "_/_/_/_/_/measurement";
- tags = "_/_/device/field/_/_";
- }
- ];
- };
- in [
- (consumer "float" [
- "bigclown/node/+/battery/+/voltage"
- "bigclown/node/+/thermometer/+/temperature"
- "bigclown/node/+/hygrometer/+/relative-humidity"
- "bigclown/node/+/lux-meter/+/illuminance"
- "bigclown/node/+/barometer/+/pressure"
- "bigclown/node/+/pir/+/event-count"
- "bigclown/node/+/push-button/+/event-count"
- ])
- (consumer "boolean" [
- "bigclown/node/+/flood-detector/+/alarm"
- ])
- ];
- processors.pivot = [
- {
- tag_key = "field";
- value_key = "value";
- tagpass.source = ["bigclown"];
- }
- ];
- };
- systemd.services.telegraf.wants = ["mosquitto.service"];
-
- #nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO
- services.home-assistant = {
- enable = false;
- openFirewall = true;
- configDir = "/var/lib/hass";
- config = {
- homeassistant = {
- name = "SPT";
- latitude = "!secret latitude";
- longitude = "!secret longitude";
- elevation = "!secret elevation";
- time_zone = "Europe/Prague";
- country = "CZ";
- };
- http.server_port = 8808;
- mqtt = {
- sensor = import ./home-assistant/sensors.nix;
- light = import ./home-assistant/light.nix;
- };
- default_config = {};
- automation = "!include automations.yaml";
- };
- extraComponents = ["met"];
- package = pkgs.home-assistant.override {
- extraPackages = pkgs:
- with pkgs; [
- securetar
- pyipp
- ];
- packageOverrides = _: super: {
- scapy = super.scapy.override {
- withPlottingSupport = false;
- };
- s3transfer = super.s3transfer.overridePythonAttrs {
- dontUsePytestCheck = true;
- dontUseSetuptoolsCheck = true;
- };
- };
- };
- };
- };
-}
diff --git a/nixos/modules/home-assistant/light.nix b/nixos/modules/home-assistant/light.nix
deleted file mode 100644
index a9d158b..0000000
--- a/nixos/modules/home-assistant/light.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-[
- {
- name = "RGB Osvětlení";
- command_topic = "homeassistant/led-strip";
- brightness_scale = 100;
- brightness_command_topic = "bigclown/node/power-controller:0/led-strip/-/brightness/set";
- #brightness_state_topic = "bigclown/node/power-controller:0/led-strip/-/brightness/set";
- rgb_command_template = ''"#{{"%02x" % red}}{{"%02x" % green}}{{"%02x" % blue}}"'';
- rgb_command_topic = "bigclown/node/power-controller:0/led-strip/-/color/set";
- #rgb_value_template = ''{{int(value[2:4],16)}},{{int(value[5:7],16)}},{{int(value[8:10],16)}}'';
- #rgb_state_topic = "bigclown/node/power-controller:0/led-strip/-/color/set";
- }
-]
diff --git a/nixos/modules/home-assistant/sensors.nix b/nixos/modules/home-assistant/sensors.nix
deleted file mode 100644
index fadd4eb..0000000
--- a/nixos/modules/home-assistant/sensors.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-[
- {
- name = "Teplota";
- state_class = "measurement";
- state_topic = "bigclown/node/climate-monitor:0/thermometer/0:0/temperature";
- unit_of_measurement = "°C";
- }
- {
- name = "Vlhkost";
- state_class = "measurement";
- state_topic = "bigclown/node/climate-monitor:0/hygrometer/0:4/relative-humidity";
- unit_of_measurement = "%";
- }
- {
- name = "Osvětlení";
- state_class = "measurement";
- state_topic = "bigclown/node/climate-monitor:0/lux-meter/0:0/illuminance";
- }
-]
diff --git a/nixos/modules/homeassistant.nix b/nixos/modules/homeassistant.nix
new file mode 100644
index 0000000..f7ebe9c
--- /dev/null
+++ b/nixos/modules/homeassistant.nix
@@ -0,0 +1,57 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ inherit (lib) mkOption mkEnableOption types mkIf;
+ cnf = config.cynerd.ha;
+in {
+ options.cynerd.ha = {
+ enable = mkEnableOption "Home assistant setup on the primary router.";
+ domain = mkOption {
+ type = with types; str;
+ description = "The domain name of the system.";
+ };
+ extraOptions = mkOption {
+ type = with types; listOf str;
+ default = [];
+ description = "Extra options passed to the container.";
+ };
+ };
+
+ config = mkIf cnf.enable {
+ virtualisation.oci-containers = {
+ backend = "podman";
+ containers.homeassistant = {
+ volumes = ["home-assistant:/config" "/run/dbus:/run/dbus:ro"];
+ environment.TZ = "Europe/Prague";
+ image = "ghcr.io/home-assistant/armv7-homeassistant:latest";
+ extraOptions =
+ ["--privileged" "--network=host"]
+ ++ cnf.extraOptions;
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "${cnf.domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:8123";
+ proxyWebsockets = true;
+ recommendedProxySettings = true;
+ };
+ };
+ };
+ };
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "cynerd+acme@email.cz";
+ certs."${cnf.domain}" = {};
+ };
+
+ networking.firewall.allowedTCPPorts = [80 443];
+ };
+}
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index f53fd8c..9affe19 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -19,7 +19,7 @@ in {
default = true;
description = "Use my personal static hosts";
};
- vpn = staticZoneOption;
+ zd = staticZoneOption;
wg = staticZoneOption;
spt = staticZoneOption;
adm = staticZoneOption;
@@ -28,9 +28,10 @@ in {
config = {
cynerd.hosts = {
- vpn = {
- "lipwig" = "10.8.0.1";
- "adm-omnia" = "10.8.0.51";
+ zd = {
+ "mox" = "10.8.0.1";
+ # Portable
+ "binky" = "10.8.0.63";
};
wg = {
"lipwig" = "10.8.1.1";
@@ -40,6 +41,7 @@ in {
# Endpoints
"spt-omnia" = "10.8.1.50";
"adm-omnia" = "10.8.1.51";
+ "zd-mox" = "10.8.1.52";
# Endpoints without routing
"dean" = "10.8.1.59";
};
@@ -51,6 +53,7 @@ in {
# Local
"mpd" = "10.8.2.51";
"errol" = "10.8.2.60";
+ "ridcully" = "10.8.2.59";
"printer" = "10.8.2.90";
# Portable
"albert" = "10.8.2.61";
@@ -61,10 +64,9 @@ in {
"omnia" = "10.8.3.1";
"omnia2" = "10.8.3.3";
# Local
- "ridcully" = "10.8.3.60";
"3dprint" = "10.8.3.80";
"mpd" = "10.8.3.51";
- "printer" = "192.168.0.20";
+ "printer" = "192.168.1.20";
# Portable
"albert" = "10.8.3.61";
"binky" = "10.8.3.63";
@@ -72,15 +74,16 @@ in {
};
networking.hosts = mkIf cnf.enable {
- # VPN
- "${cnf.vpn.lipwig}" = ["lipwig.vpn"];
- "${cnf.vpn.adm-omnia}" = ["adm.vpn"];
+ # Zd
+ "${cnf.zd.mox}" = ["mox.zd"];
+ "${cnf.zd.binky}" = ["binky.zd"];
# Wireguard
"${cnf.wg.lipwig}" = ["lipwig.wg"];
"${cnf.wg.binky}" = ["binky.wg"];
"${cnf.wg.android}" = ["android.wg"];
"${cnf.wg.spt-omnia}" = ["spt.wg"];
"${cnf.wg.adm-omnia}" = ["adm.wg"];
+ "${cnf.wg.zd-mox}" = ["zd.wg"];
"${cnf.wg.dean}" = ["dean" "dean.wg"];
# Spt
"${cnf.spt.omnia}" = ["omnia.spt"];
@@ -88,14 +91,14 @@ in {
"${cnf.spt.mox2}" = ["mox2.spt"];
"10.8.2.4" = ["mi3g.spt"];
"${cnf.spt.mpd}" = ["mpd.spt"];
- "${cnf.spt.errol}" = ["errol" "desktop.spt"];
+ "${cnf.spt.errol}" = ["errol"];
+ "${cnf.spt.ridcully}" = ["ridcully"];
"${cnf.spt.albert}" = ["albert.spt"];
"${cnf.spt.binky}" = ["binky.spt"];
# Adm
"${cnf.adm.omnia}" = ["omnia.adm"];
"10.8.3.2" = ["redmi.adm"];
"${cnf.adm.omnia2}" = ["omnia2.adm"];
- "${cnf.adm.ridcully}" = ["ridcully" "desktop.adm"];
"${cnf.adm.albert}" = ["albert.adm"];
"${cnf.adm.binky}" = ["binky.adm"];
"${cnf.adm."3dprint"}" = ["3dprint"];
diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix
index e4fa195..e8ba2a9 100644
--- a/nixos/modules/monitoring.nix
+++ b/nixos/modules/monitoring.nix
@@ -136,8 +136,8 @@ in {
})
(mkIf (config.networking.hostName == "lipwig") {
- # InfluxDB
services = {
+ # InfluxDB
influxdb2.enable = true;
telegraf.extraConfig.inputs.prometheus = {
urls = ["http://localhost:8086/metrics"];
diff --git a/nixos/modules/nixos-system.sh b/nixos/modules/nixos-system.sh
deleted file mode 100644
index 7a220bb..0000000
--- a/nixos/modules/nixos-system.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!@shell@
-# Simple script handy to be used for activation
-
-while getopts "s" opt; do
- case "$opt" in
- s)
- if [ ! -v NIXOS_SYSTEM_GNU_SCREEN ]; then
- export NIXOS_SYSTEM_GNU_SCREEN=1
- exec @out@/sw/bin/screen "$0" "$@"
- fi
- ;;
- *)
- echo "Invalid argument: $1" >&2
- exit 1
- ;;
- esac
-done
-shift $((OPTIND - 1))
-
-
-@out@/sw/bin/nix-env --profile /nix/var/nix/profiles/system --set '@out@'
-
-@out@/bin/switch-to-configuration "$@" || {
- echo "Switch failed!" >&2
- read -r _
- exit 1
-}
diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix
index 6a21721..da29dd7 100644
--- a/nixos/modules/openvpn.nix
+++ b/nixos/modules/openvpn.nix
@@ -9,11 +9,6 @@
in {
options = {
cynerd.openvpn = {
- oldpersonal = mkOption {
- type = types.bool;
- default = false;
- description = "My personal old OpenVPN";
- };
elektroline = mkOption {
type = types.bool;
default = false;
@@ -24,9 +19,6 @@ in {
config = {
services.openvpn.servers = {
- oldpersonal = mkIf cnf.oldpersonal {
- config = "config /run/secrets/old.ovpn";
- };
elektroline = mkIf cnf.elektroline {
config = "config /run/secrets/elektroline.ovpn";
up = ''
diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix
index d321901..96e9a2e 100644
--- a/nixos/modules/packages.nix
+++ b/nixos/modules/packages.nix
@@ -41,14 +41,12 @@ in {
btop
iotop
mc
- screen
- tmux
- pv
# ls tools
tree
lsof
strace
+ ripgrep
sourceHighlight # Colors for less
unrar
@@ -65,13 +63,16 @@ in {
wakeonlan
speedtest-cli
librespeed-cli
- termshark
+ #termshark
+ w3m
lm_sensors
]
++ optionals (system == "x86_64-linux") [
nmap
ltrace
+ pv
+ screen
]
++ optionals (!isNative) [
ncdu_1
diff --git a/nixos/modules/rpi.md b/nixos/modules/rpi.md
new file mode 100644
index 0000000..43b172f
--- /dev/null
+++ b/nixos/modules/rpi.md
@@ -0,0 +1,25 @@
+# Raspberry Pi SD card preparation steps
+
+```
+~# parted /dev/sdx
+(parted) mktable msdos
+(parted) mkpart primary fat16 0% 120M
+(parted) mkpart primary btrfs 120M 100%
+(parted) set 2 boot on
+(parted) quit
+~# mkfs.vfat -F16 /dev/sdx1
+~# mkfs.btrfs /dev/sdx2
+
+~# mount /dev/sdx1 /mnt
+~# nix build .#firmware-HOST
+~# cp -r result/* /mnt/
+~# umount mnt
+
+~# mount /dev/sdx2 /mnt
+~# nix copy --to /mnt .#toplevel-HOST
+~# nix build --print-out-paths .#toplevel-HOST
+~# nix eval .#nixosConfigurations.HOST.config.boot.loader.generic-extlinux-compatible.populateCmd
+"/nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -g 20 -t 5"
+~# /nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -c -d ./mnt/boot
+~# umount mnt
+```
diff --git a/nixos/modules/rpi.nix b/nixos/modules/rpi.nix
new file mode 100644
index 0000000..e4e10fe
--- /dev/null
+++ b/nixos/modules/rpi.nix
@@ -0,0 +1,88 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ inherit (lib) mkOption types mkMerge mkIf;
+
+ configTxt = pkgs.writeText "config.txt" ''
+ [pi3]
+ kernel=u-boot-rpi3.bin
+
+ # Boot in 64-bit mode.
+ arm_64bit=1
+
+ # Otherwise the serial output will be garbled.
+ core_freq=250
+ # Boot in 64-bit mode.
+ arm_64bit=1
+
+ [all]
+ # U-Boot needs this to work, regardless of whether UART is actually used or not.
+ # Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
+ # a requirement in the future.
+ enable_uart=1
+
+ # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
+ # when attempting to show low-voltage or overtemperature warnings.
+ avoid_warnings=1
+ '';
+in {
+ options.cynerd.rpi = mkOption {
+ type = with types; nullOr (enum [2 3]);
+ default = null;
+ description = "If machine is RaspberryPi and which version";
+ };
+
+ config = mkMerge [
+ (mkIf (config.cynerd.rpi == 2) {
+ nixpkgs.hostPlatform.system = "armv7l-linux";
+ })
+ (mkIf (config.cynerd.rpi == 3) {
+ nixpkgs.hostPlatform.system = "aarch64-linux";
+ boot.kernelParams = ["console=ttyS1,115200n8"];
+ })
+ (mkIf (config.cynerd.rpi != null) {
+ boot.loader = {
+ systemd-boot.enable = false;
+ efi.canTouchEfiVariables = false;
+ generic-extlinux-compatible.enable = true;
+ };
+ boot.consoleLogLevel = 7;
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mmcblk0p2";
+ fsType = "ext4";
+ };
+ #"/" = {
+ # device = "/dev/mmcblk0p2";
+ # fsType = "btrfs";
+ # options = ["compress=lzo"];
+ #};
+ "/boot/firmware" = {
+ device = "/dev/mmcblk0p1";
+ fsType = "vfat";
+ options = ["nofail"];
+ };
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ system.build.firmware = pkgs.callPackage ({stdenvNoCC}:
+ stdenvNoCC.mkDerivation {
+ name = "${config.system.name}-firmware";
+ buildCommand = ''
+ mkdir $out
+ cp -r ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/
+ cp ${configTxt} $out/config.txt
+ # TODO support rpi2
+ cp ${pkgs.ubootRaspberryPi3_btrfs}/u-boot.bin $out/u-boot-rpi3.bin
+ '';
+ }) {};
+ })
+ ];
+}
diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix
index 91736ca..1148da6 100644
--- a/nixos/modules/syncthing.nix
+++ b/nixos/modules/syncthing.nix
@@ -3,119 +3,96 @@
lib,
...
}: let
- inherit (lib) filterAttrs mkOption types mkIf any mkDefault recursiveUpdate genAttrs;
- cnf = config.cynerd.syncthing;
- inherit (config.networking) hostName;
+ inherit (lib) elem filterAttrs mkIf any mkDefault recursiveUpdate genAttrs;
+
allDevices = [
- "albert"
"binky"
"errol"
"lipwig"
"ridcully"
- "spt-omnia"
- ];
- mediaDevices = [
- "lipwig"
- "binky"
- "errol"
- "ridcully"
- "spt-omnia"
];
bigStorageDevices = [
"errol"
"ridcully"
- "spt-omnia"
];
+
+ inherit (config.networking) hostName;
+ baseDir = config.services.syncthing.dataDir;
filterDevice = filterAttrs (_: v: any (d: d == hostName) v.devices);
in {
- options = {
- cynerd.syncthing = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = "My personal Syncthing configuration";
- };
-
- baseDir = mkOption {
- type = types.str;
- default = "/home/cynerd";
- description = "Base directory for all folders being synced.";
- };
- };
- };
-
- config = mkIf cnf.enable {
+ config = mkIf (config.services.syncthing.enable && elem hostName allDevices) {
services.syncthing = {
- enable = any (n: n == hostName) allDevices;
user = mkDefault "cynerd";
+ group = mkDefault "cynerd";
+
key = "/run/secrets/syncthing.key.pem";
cert = "/run/secrets/syncthing.cert.pem";
openDefaultPorts = true;
-
overrideFolders = true;
- folders = filterDevice {
- "${cnf.baseDir}/documents" = {
- label = "Documents";
- id = "documents";
- devices = allDevices;
- ignorePerms = false;
- };
- "${cnf.baseDir}/notes" = {
- label = "Notes";
- id = "notes";
- devices = allDevices;
- ignorePerms = false;
- };
- "${cnf.baseDir}/projects" = {
- label = "Projects";
- id = "projects";
- devices = allDevices;
- ignorePerms = false;
- };
- "${cnf.baseDir}/pictures" = {
- label = "Pictures";
- id = "pictures";
- devices = mediaDevices;
- ignorePerms = false;
- };
- # TODO phone-photos
- "${cnf.baseDir}/music/primary" = {
- label = "Music-primary";
- id = "music-primary";
- devices = mediaDevices;
- ignorePerms = false;
- };
- "${cnf.baseDir}/music/secondary" = {
- label = "Music-secondary";
- id = "music-secondary";
- devices = bigStorageDevices;
- ignorePerms = false;
- };
- "${cnf.baseDir}/music/flac" = {
- label = "Music-flac";
- id = "music-flac";
- devices = bigStorageDevices;
- ignorePerms = false;
- };
- "${cnf.baseDir}/video" = {
- label = "Video";
- id = "video";
- devices = bigStorageDevices;
- ignorePerms = false;
- };
- };
-
overrideDevices = true;
- devices =
- recursiveUpdate
- (genAttrs allDevices (name: {
- id = config.secrets.syncthingIDs."${name}";
- }))
- {
- lipwig.addresses = ["tcp://cynerd.cz"];
+
+ settings = {
+ folders = filterDevice {
+ "${baseDir}/documents" = {
+ label = "Documents";
+ id = "documents";
+ devices = allDevices;
+ ignorePerms = false;
+ };
+ "${baseDir}/notes" = {
+ label = "Notes";
+ id = "notes";
+ devices = allDevices;
+ ignorePerms = false;
+ };
+ "${baseDir}/projects" = {
+ label = "Projects";
+ id = "projects";
+ devices = allDevices;
+ ignorePerms = false;
+ };
+ "${baseDir}/elektroline" = {
+ label = "Elektroline";
+ id = "elektroline";
+ devices = allDevices;
+ ignorePerms = false;
+ };
+ "${baseDir}/pictures" = {
+ label = "Pictures";
+ id = "pictures";
+ devices = bigStorageDevices;
+ ignorePerms = false;
+ };
+ "${baseDir}/music" = {
+ label = "Music";
+ id = "music";
+ devices = bigStorageDevices;
+ ignorePerms = false;
+ };
+ "${baseDir}/video" = {
+ label = "Video";
+ id = "video";
+ devices = bigStorageDevices;
+ ignorePerms = false;
+ };
+ "${baseDir}/turris" = {
+ label = "Turris";
+ id = "turris";
+ devices = bigStorageDevices;
+ ignorePerms = false;
+ };
};
- # TODO phone
+
+ devices =
+ recursiveUpdate
+ (genAttrs allDevices (name: {
+ id = config.secrets.syncthingIDs."${name}";
+ }))
+ {
+ lipwig.addresses = ["tcp://cynerd.cz"];
+ };
+ };
};
};
}
diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix
index 1c143bb..f3b7fbe 100644
--- a/nixos/modules/users.nix
+++ b/nixos/modules/users.nix
@@ -4,7 +4,7 @@
...
}: let
isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform;
- isArm = config.nixpkgs.hostPlatform.isAarch;
+ isArm = pkgs.hostPlatform.isAarch;
in {
users = {
mutableUsers = false;
@@ -43,12 +43,25 @@ in {
};
};
- security.sudo.extraRules = [
- {
- groups = ["wheel"];
- commands = ["ALL"];
- }
- ];
+ security = {
+ doas = {
+ enable = true;
+ extraRules = [
+ {
+ groups = ["wheel"];
+ keepEnv = true;
+ persist = true;
+ }
+ ];
+ };
+
+ sudo.extraRules = [
+ {
+ groups = ["wheel"];
+ commands = ["ALL"];
+ }
+ ];
+ };
services.openssh = {
enable = true;
@@ -73,8 +86,6 @@ in {
defaultEditor = !isArm;
withNodeJs = true;
};
-
- wireshark.enable = true;
};
programs.fuse.userAllowOther = true;
diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix
index 1db730c..56ca65a 100644
--- a/nixos/modules/wifi-adm.nix
+++ b/nixos/modules/wifi-adm.nix
@@ -3,9 +3,73 @@
lib,
...
}: let
- inherit (lib) mkOption mkEnableOption types mkIf hostapd elemAt;
+ inherit (lib) mkOption mkEnableOption types mkIf mkMerge hostapd elemAt;
cnf = config.cynerd.wifiAP.adm;
+ wifi-networks = name: {
+ "${cnf."${name}".interface}" = {
+ bssid = elemAt cnf."${name}".bssids 0;
+ ssid = "TurrisAdamkovi";
+ authentication = {
+ mode = "wpa3-sae-transition";
+ wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass";
+ saePasswordsFile = "/run/secrets/hostapd-TurrisAdamkovi.pass";
+ };
+ };
+ "${cnf."${name}".interface}.nela" = {
+ bssid = elemAt cnf."${name}".bssids 1;
+ ssid = "Nela";
+ authentication = {
+ mode = "wpa2-sha256";
+ wpaPasswordFile = "/run/secrets/hostapd-Nela.pass";
+ };
+ };
+ "${cnf."${name}".interface}.milan" = {
+ bssid = elemAt cnf."${name}".bssids 2;
+ ssid = "MILAN-AC";
+ authentication = {
+ mode = "wpa2-sha1";
+ wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass";
+ };
+ };
+ };
+
+ net-networks = name: {
+ "lan-${cnf."${name}".interface}" = {
+ matchConfig = {
+ Name = cnf."${name}".interface;
+ WLANInterfaceType = "ap";
+ };
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 1;
+ PVID = 1;
+ }
+ ];
+ };
+ "lan-${cnf."${name}".interface}.nela" = {
+ matchConfig.Name = "${cnf."${name}".interface}-nela";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 2;
+ PVID = 2;
+ }
+ ];
+ };
+ "lan-${cnf."${name}".interface}.milan" = {
+ matchConfig.Name = "${cnf."${name}".interface}.milan";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 2;
+ PVID = 2;
+ }
+ ];
+ };
+ };
+
wOptions = card: channelDefault: {
interface = mkOption {
type = with types; nullOr str;
@@ -43,32 +107,7 @@ in {
enable = true;
inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities;
};
- networks = {
- "${cnf.ar9287.interface}" = {
- bssid = elemAt cnf.ar9287.bssids 0;
- ssid = "TurrisAdamkovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass";
- };
- };
- "${cnf.ar9287.interface}-nela" = {
- bssid = elemAt cnf.ar9287.bssids 1;
- ssid = "Nela";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Nela.pass";
- };
- };
- "${cnf.ar9287.interface}.milan" = {
- bssid = elemAt cnf.ar9287.bssids 2;
- ssid = "MILAN-AC";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass";
- };
- };
- };
+ networks = wifi-networks "ar9287";
};
"${cnf.qca988x.interface}" = mkIf (cnf.qca988x.interface != null) {
countryCode = "CZ";
@@ -82,96 +121,13 @@ in {
enable = true;
inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities;
};
- networks = {
- "${cnf.qca988x.interface}" = {
- bssid = elemAt cnf.qca988x.bssids 0;
- ssid = "TurrisAdamkovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass";
- };
- };
- "${cnf.qca988x.interface}-nela" = {
- bssid = elemAt cnf.qca988x.bssids 1;
- ssid = "Nela";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Nela.pass";
- };
- };
- "${cnf.qca988x.interface}.milan" = {
- bssid = elemAt cnf.qca988x.bssids 2;
- ssid = "MILAN-AC";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass";
- };
- };
- };
+ networks = wifi-networks "qca988x";
};
};
};
- systemd.network.networks = {
- "lan-${cnf.ar9287.interface}" = {
- matchConfig.Name = cnf.ar9287.interface;
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 1;
- PVID = 1;
- }
- ];
- };
- "lan-${cnf.ar9287.interface}-nela" = {
- matchConfig.Name = "${cnf.ar9287.interface}-nela";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 2;
- PVID = 2;
- }
- ];
- };
- "lan-${cnf.ar9287.interface}.milan" = {
- matchConfig.Name = "${cnf.ar9287.interface}.milan";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 2;
- PVID = 2;
- }
- ];
- };
- "lan-${cnf.qca988x.interface}" = {
- matchConfig.Name = cnf.qca988x.interface;
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 1;
- PVID = 1;
- }
- ];
- };
- "lan-${cnf.qca988x.interface}-nela" = {
- matchConfig.Name = "${cnf.qca988x.interface}-nela";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 2;
- PVID = 2;
- }
- ];
- };
- "lan-${cnf.qca988x.interface}.milan" = {
- matchConfig.Name = "${cnf.qca988x.interface}.milan";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 2;
- PVID = 2;
- }
- ];
- };
- };
+ systemd.network.networks = mkMerge [
+ (mkIf (cnf.ar9287.interface != null) (net-networks "ar9287"))
+ (mkIf (cnf.qca988x.interface != null) (net-networks "qca988x"))
+ ];
};
}
diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix
index 8fc803d..b82633d 100644
--- a/nixos/modules/wifi-client.nix
+++ b/nixos/modules/wifi-client.nix
@@ -21,7 +21,7 @@ in {
networking.wireless = {
enable = true;
networks = config.secrets.wifiNetworks;
- environmentFile = "/run/secrets/wifi.env";
+ secretsFile = "/run/secrets/wifi.secrets";
userControlled.enable = true;
};
};
diff --git a/nixos/modules/wifi-spt.nix b/nixos/modules/wifi-spt.nix
index d013473..bec093e 100644
--- a/nixos/modules/wifi-spt.nix
+++ b/nixos/modules/wifi-spt.nix
@@ -6,6 +6,61 @@
inherit (lib) mkOption mkEnableOption types mkIf mkForce mkMerge hostapd elemAt;
cnf = config.cynerd.wifiAP.spt;
+ wifi-networks = name: let
+ is2g = cnf."${name}".channel <= 14;
+ in {
+ "${cnf."${name}".interface}" = {
+ bssid = elemAt cnf."${name}".bssids 0;
+ ssid = "TurrisRules${
+ if is2g
+ then ""
+ else "5"
+ }";
+ authentication = {
+ mode = "wpa2-sha256";
+ wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass";
+ };
+ settings = mkIf is2g {
+ ieee80211w = 0;
+ wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256
+ };
+ };
+ "${cnf."${name}".interface}.guest" = {
+ bssid = elemAt cnf."${name}".bssids 1;
+ ssid = "Kocovi";
+ authentication = {
+ mode = "wpa2-sha256";
+ wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
+ };
+ };
+ };
+
+ net-networks = name: {
+ "lan-${cnf."${name}".interface}" = {
+ matchConfig = {
+ Name = cnf."${name}".interface;
+ WLANInterfaceType = "ap";
+ };
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 1;
+ PVID = 1;
+ }
+ ];
+ };
+ "lan-${cnf."${name}".interface}-guest" = {
+ matchConfig.Name = "${cnf."${name}".interface}.guest";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 2;
+ PVID = 2;
+ }
+ ];
+ };
+ };
+
wOptions = card: channelDefault: {
interface = mkOption {
type = with types; nullOr str;
@@ -48,28 +103,7 @@ in {
enable = true;
inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities;
};
- networks = {
- "${cnf.ar9287.interface}" = {
- bssid = elemAt cnf.ar9287.bssids 0;
- ssid = "TurrisRules";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass";
- };
- settings = {
- ieee80211w = 0;
- wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256
- };
- };
- "${cnf.ar9287.interface}.guest" = {
- bssid = elemAt cnf.ar9287.bssids 1;
- ssid = "Kocovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
- };
- };
- };
+ networks = wifi-networks "ar9287";
};
})
(mkIf (cnf.qca988x.interface != null) {
@@ -90,87 +124,14 @@ in {
enable = !is2g;
inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities;
};
- networks = {
- "${cnf.qca988x.interface}" = {
- bssid = elemAt cnf.qca988x.bssids 0;
- ssid = "TurrisRules${
- if is2g
- then ""
- else "5"
- }";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass";
- };
- settings = mkIf is2g {
- ieee80211w = 0;
- wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256
- };
- };
- "${cnf.qca988x.interface}.guest" = {
- bssid = elemAt cnf.qca988x.bssids 1;
- ssid = "Kocovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
- };
- };
- };
+ networks = wifi-networks "qca988x";
};
})
];
};
systemd.network.networks = mkMerge [
- (mkIf (cnf.ar9287.interface != null) {
- "lan-${cnf.ar9287.interface}" = {
- matchConfig = {
- Name = cnf.ar9287.interface;
- WLANInterfaceType = "ap";
- };
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 1;
- PVID = 1;
- }
- ];
- };
- "lan-${cnf.ar9287.interface}-guest" = {
- matchConfig.Name = "${cnf.ar9287.interface}.guest";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 2;
- PVID = 2;
- }
- ];
- };
- })
- (mkIf (cnf.qca988x.interface != null) {
- "lan-${cnf.qca988x.interface}" = {
- matchConfig = {
- Name = cnf.qca988x.interface;
- WLANInterfaceType = "ap";
- };
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 1;
- PVID = 1;
- }
- ];
- };
- "lan-${cnf.qca988x.interface}-guest" = {
- matchConfig.Name = "${cnf.qca988x.interface}.guest";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- EgressUntagged = 2;
- PVID = 2;
- }
- ];
- };
- })
+ (mkIf (cnf.ar9287.interface != null) (net-networks "ar9287"))
+ (mkIf (cnf.qca988x.interface != null) (net-networks "qca988x"))
];
};
}
diff --git a/nixos/modules/wifi-zd.nix b/nixos/modules/wifi-zd.nix
new file mode 100644
index 0000000..107fdf4
--- /dev/null
+++ b/nixos/modules/wifi-zd.nix
@@ -0,0 +1,137 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ inherit (lib) mkOption mkEnableOption types mkIf mkForce mkMerge hostapd elemAt;
+ cnf = config.cynerd.wifiAP.zd;
+
+ wifi-networks = name: let
+ is2g = cnf."${name}".channel <= 14;
+ in {
+ "${cnf."${name}".interface}" = {
+ bssid = elemAt cnf."${name}".bssids 0;
+ ssid = "UNas${
+ if is2g
+ then ""
+ else "5"
+ }";
+ authentication = {
+ mode = "wpa2-sha256";
+ wpaPasswordFile = "/run/secrets/hostapd-UNas.pass";
+ };
+ settings = mkIf is2g {
+ ieee80211w = 0;
+ wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256
+ };
+ };
+ "${cnf."${name}".interface}.guest" = {
+ bssid = elemAt cnf."${name}".bssids 1;
+ ssid = "Koci";
+ authentication = {
+ mode = "wpa2-sha256";
+ wpaPasswordFile = "/run/secrets/hostapd-Koci.pass";
+ };
+ };
+ };
+
+ net-networks = name: {
+ "lan-${cnf."${name}".interface}" = {
+ matchConfig = {
+ Name = cnf."${name}".interface;
+ WLANInterfaceType = "ap";
+ };
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 1;
+ PVID = 1;
+ }
+ ];
+ };
+ "lan-${cnf."${name}".interface}-guest" = {
+ matchConfig.Name = "${cnf."${name}".interface}.guest";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 2;
+ PVID = 2;
+ }
+ ];
+ };
+ };
+
+ wOptions = card: channelDefault: {
+ interface = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ description = "Specify interface for ${card}";
+ };
+ bssids = mkOption {
+ type = with types; listOf str;
+ default = [];
+ description = "BSSIDs for networks.";
+ };
+ channel = mkOption {
+ type = types.ints.positive;
+ default = channelDefault;
+ description = "Channel to be used for ${card}";
+ };
+ };
+in {
+ options = {
+ cynerd.wifiAP.zd = {
+ enable = mkEnableOption "Enable Wi-Fi Access Point support";
+ ar9287 = wOptions "Qualcom Atheros AR9287" 7;
+ qca988x = wOptions "Qualcom Atheros QCA988x" 36;
+ };
+ };
+
+ config = mkIf cnf.enable {
+ # TODO regdom doesn't work for some reason
+ boot.extraModprobeConfig = ''
+ options cfg80211 ieee80211_regdom="CZ"
+ '';
+ services.hostapd = {
+ enable = true;
+ radios = mkMerge [
+ (mkIf (cnf.ar9287.interface != null) {
+ "${cnf.ar9287.interface}" = {
+ inherit (cnf.ar9287) channel;
+ countryCode = "CZ";
+ wifi4 = {
+ enable = true;
+ inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities;
+ };
+ networks = wifi-networks "ar9287";
+ };
+ })
+ (mkIf (cnf.qca988x.interface != null) {
+ "${cnf.qca988x.interface}" = let
+ is2g = cnf.qca988x.channel <= 14;
+ in {
+ inherit (cnf.qca988x) channel;
+ countryCode = "CZ";
+ band =
+ if is2g
+ then "2g"
+ else "5g";
+ wifi4 = {
+ enable = true;
+ inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities;
+ };
+ wifi5 = {
+ enable = !is2g;
+ inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities;
+ };
+ networks = wifi-networks "qca988x";
+ };
+ })
+ ];
+ };
+ systemd.network.networks = mkMerge [
+ (mkIf (cnf.ar9287.interface != null) (net-networks "ar9287"))
+ (mkIf (cnf.qca988x.interface != null) (net-networks "qca988x"))
+ ];
+ };
+}
diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguard.nix
index 1b1db90..b49eaae 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguard.nix
@@ -44,18 +44,15 @@ in {
PublicKey = config.secrets.wireguardPubs.spt-omnia;
}
// (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}))
- #{
- # wireguardPeerConfig =
- # {
- # Endpoint = "adm.cynerd.cz:51820";
- # AllowedIPs = [
- # "${config.cynerd.hosts.wg.adm-omnia}/32"
- # "10.8.3.0/24"
- # ];
- # PublicKey = config.secrets.wireguardPubs.adm-omnia;
- # }
- # // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;});
- #}
+ ({
+ Endpoint = "adm.cynerd.cz:51820";
+ AllowedIPs = [
+ "${config.cynerd.hosts.wg.adm-omnia}/32"
+ "10.8.3.0/24"
+ ];
+ PublicKey = config.secrets.wireguardPubs.adm-omnia;
+ }
+ // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}))
]
++ (optionals is_endpoint (mapAttrsToList (n: v: {
AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32";
@@ -69,20 +66,14 @@ in {
IPv4Forwarding = "yes";
};
routes =
- (optional (hostName != "lipwig") {
- # OpenVPN network
- Gateway = config.cynerd.hosts.wg.lipwig;
- Destination = "10.8.0.0/24";
- Metric = 2048;
- })
- ++ (optional (hostName != "spt-omnia") {
+ (optional (hostName != "spt-omnia") {
# SPT network
Gateway = config.cynerd.hosts.wg.spt-omnia;
Destination = "10.8.2.0/24";
Metric = 2048;
})
- ++ (optional (hostName != "adm-omnia" && hostName != "lipwig") {
- # Adamkovi network
+ ++ (optional (hostName != "adm-omnia") {
+ # ADM network
Gateway = config.cynerd.hosts.wg.adm-omnia;
Destination = "10.8.3.0/24";
Metric = 2048;
diff --git a/pkgs/default.nix b/pkgs/default.nix
index eca6db6..10bb325 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,13 +1,4 @@
-final: prev: let
- # The NodeJS packages has to be build in 32bit environment if host platform is
- # also 32bit because it uses 32bit stubs and links against 32bit OpenSSL. The
- # only architecture that generally supports execution of 32bit is x86_64 and
- # thus that is the only one handled here.
- callPackageNodejs =
- if prev.stdenv.buildPlatform.isx86_64 && prev.stdenv.is32bit
- then prev.buildPackages.pkgsi686Linux.callPackage
- else prev.callPackage;
-in {
+final: prev: {
luks-hw-password = final.callPackage ./luks-hw-password {};
dev = final.callPackage ./dev {
devShells = import ../devShells final;
@@ -22,31 +13,90 @@ in {
stardict-en-cz = final.callPackage ./stardict/en-cz.nix {};
stardict-de-cz = final.callPackage ./stardict/de-cz.nix {};
stardict-cz = final.callPackage ./stardict/cz.nix {};
- sdcv-unwrapped = final.callPackage ./sdcv {};
+ sdcv-unwrapped = prev.sdcv;
sdcv = final.callPackage ./stardict/wrapper.nix {stardict = final.sdcv-unwrapped;};
lorem-text = final.callPackage ./lorem-text {};
bigclown-leds = final.callPackage ./bigclown-leds {};
+ dodo = final.callPackage ./dodo {};
+
+ # OpenWrt One
+ armTrustedFirmwareMT7981 = final.callPackage ./mtk-arm-trusted-firmware rec {
+ extraMakeFlags = [
+ "BOOT_DEVICE=spim-nand"
+ "DRAM_USE_DDR4=1"
+ "UBI=1"
+ "OVERRIDE_UBI_START_ADDR=0x100000"
+ "bl2"
+ "bl31"
+ ];
+ platform = "mt7981";
+ extraMeta.platforms = ["aarch64-linux"];
+ filesToInstall = ["build/${platform}/release/bl2.bin" "build/${platform}/release/bl31.bin"];
+ };
+ ubootOpenWrtOne =
+ (final.buildUBoot {
+ defconfig = "mt7981_openwrt-one-spi-nand_defconfig";
+ extraMeta.platforms = ["aarch64-linux"];
+ BL31 = "${final.armTrustedFirmwareMT7981}/bl31.elf";
+ filesToInstall = ["u-boot.bin"];
+ extraPatches = [./u-boot-add-openwrt-one.patch];
+ extraConfig = ''
+ CONFIG_FS_BTRFS=y
+ CONFIG_CMD_BTRFS=y
+ CONFIG_BOARD_LATE_INIT=n
+ '';
+ }).overrideAttrs (oldAttrs: {
+ nativeBuildInputs = [final.buildPackages.unixtools.xxd] ++ oldAttrs.nativeBuildInputs;
+ });
+
# nixpkgs patches
- zigbee2mqtt = prev.zigbee2mqtt.overrideAttrs {
- npmInstallFlags = ["--no-optional"]; # Fix cross build
+ ubootRaspberryPi3_btrfs = prev.buildUBoot {
+ defconfig = "rpi_3_defconfig";
+ extraConfig = ''
+ CONFIG_FS_BTRFS=y
+ CONFIG_CMD_BTRFS=y
+ '';
+ extraMeta.platforms = ["aarch64-linux"];
+ filesToInstall = ["u-boot.bin"];
};
- nodejs_18 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v18.nix") {};
- nodejs-slim_18 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v18.nix") {enableNpm = false;};
- nodejs_20 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v20.nix") {};
- nodejs-slim_20 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v20.nix") {enableNpm = false;};
- nodejs_22 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v22.nix") {};
- nodejs-slim_22 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v22.nix") {enableNpm = false;};
+ wolfssl = prev.wolfssl.overrideAttrs (oldAttrs: rec {
+ version = "5.8.2";
+ src = oldAttrs.src.override {
+ tag = "v${version}-stable";
+ hash = "sha256-rWBfpI6tdpKvQA/XdazBvU5hzyai5PtKRBpM4iplZDU=";
+ };
+ });
+ bind = prev.bind.overrideAttrs (oldAttrs: {
+ nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [final.buildPackages.protobufc];
+ strictDeps = true;
+ });
+
+ gvproxy =
+ if prev.hostPlatform.is32bit
+ then
+ # Downgrade to get 32bit support working
+ prev.gvproxy.overrideAttrs {
+ version = "0.8.6";
+ src = prev.buildPackages.fetchFromGitHub {
+ owner = "containers";
+ repo = "gvisor-tap-vsock";
+ rev = "v0.8.6";
+ hash = "sha256-a/Gd1QUxZ+47sQtndbehx86UjC1DezhqwS5d5VTIjRc=";
+ };
+ }
+ else prev.gvproxy;
# Older version of packages
- flac1_3 = prev.flac.overrideAttrs {
+ flac134 = prev.flac.overrideAttrs {
version = "1.3.4";
src = final.fetchurl {
url = "http://downloads.xiph.org/releases/flac/flac-1.3.4.tar.xz";
hash = "sha256-j/BgfnWjIt181uxI9PIlRxQEricw0OqUUSexNVFV5zc=";
};
outputs = ["out"];
+ doCheck = false;
};
}
diff --git a/pkgs/dodo/default.nix b/pkgs/dodo/default.nix
new file mode 100644
index 0000000..242f4a4
--- /dev/null
+++ b/pkgs/dodo/default.nix
@@ -0,0 +1,37 @@
+{
+ python3Packages,
+ fetchFromGitHub,
+ qt6,
+ copyDesktopItems,
+}:
+python3Packages.buildPythonApplication {
+ pname = "dodo";
+ version = "250806";
+ pyproject = true;
+
+ src = fetchFromGitHub {
+ owner = "akissinger";
+ repo = "dodo";
+ rev = "bcb0db840f6eb0223f99e9ddefe147d84f50dc98";
+ hash = "sha256-ScMzSz6HzSUHE5jOrXvcMaokQILaXJV58k87SXujaXg=";
+ };
+
+ build-system = with python3Packages; [
+ setuptools
+ ];
+
+ dependencies = with python3Packages; [
+ qt6.qtwayland
+ bleach
+ pyqt6
+ pyqt6-webengine
+ python-gnupg
+ copyDesktopItems
+ ];
+
+ nativeBuildInputs = [qt6.wrapQtAppsHook];
+ dontWrapQtApps = true;
+ preFixup = ''
+ wrapQtApp "$out/bin/dodo" --prefix PATH : $out/bin/dodo
+ '';
+}
diff --git a/pkgs/mtk-arm-trusted-firmware/default.nix b/pkgs/mtk-arm-trusted-firmware/default.nix
new file mode 100644
index 0000000..3c0ba33
--- /dev/null
+++ b/pkgs/mtk-arm-trusted-firmware/default.nix
@@ -0,0 +1,64 @@
+{
+ lib,
+ stdenv,
+ fetchFromGitHub,
+ buildPackages,
+ openssl,
+ dtc,
+ filesToInstall,
+ platform ? null,
+ extraMakeFlags ? [],
+ extraMeta ? {},
+}:
+stdenv.mkDerivation {
+ pname = "arm-trusted-firmware${lib.optionalString (platform != null) "-${platform}"}";
+ version = "2025.07.11";
+
+ src = fetchFromGitHub {
+ owner = "mtk-openwrt";
+ repo = "arm-trusted-firmware";
+ rev = "78a0dfd927bb00ce973a1f8eb4079df0f755887a";
+ hash = "sha256-m9ApkBVf0I11rNg68vxofGRJ+BcnlM6C+Zrn8TfMvbY=";
+ };
+
+ depsBuildBuild = [buildPackages.stdenv.cc];
+ nativeBuildInputs = [dtc];
+ buildInputs = [openssl];
+
+ makeFlags =
+ [
+ "HOSTCC=$(CC_FOR_BUILD)"
+ "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
+ # Make the new toolchain guessing (from 2.11+) happy
+ "CC=${stdenv.cc.targetPrefix}cc"
+ "LD=${stdenv.cc.targetPrefix}cc"
+ "AS=${stdenv.cc.targetPrefix}cc"
+ "OC=${stdenv.cc.targetPrefix}objcopy"
+ "OD=${stdenv.cc.targetPrefix}objdump"
+ # Passing OpenSSL path according to docs/design/trusted-board-boot-build.rst
+ "OPENSSL_DIR=${openssl}"
+ ]
+ ++ (lib.optional (platform != null) "PLAT=${platform}")
+ ++ extraMakeFlags;
+
+ installPhase = ''
+ runHook preInstall
+
+ mkdir -p $out
+ cp ${lib.concatStringsSep " " filesToInstall} $out
+
+ runHook postInstall
+ '';
+
+ hardeningDisable = ["all"];
+ dontStrip = true;
+
+ meta = with lib;
+ {
+ homepage = "https://github.com/mtk-openwrt/arm-trusted-firmware";
+ description = "MediaTek ARM Trusted Firmware";
+ license = [licenses.bsd3];
+ maintainers = with maintainers; [cynerd];
+ }
+ // extraMeta;
+}
diff --git a/pkgs/sdcv/default.nix b/pkgs/sdcv/default.nix
deleted file mode 100644
index 8817270..0000000
--- a/pkgs/sdcv/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- lib,
- stdenv,
- fetchFromGitHub,
- cmake,
- pkg-config,
- gettext,
- zlib,
- glib,
- pcre,
- readline,
-}:
-stdenv.mkDerivation (attrs: {
- pname = "sdcv";
- version = "0.5.5";
-
- src = fetchFromGitHub {
- owner = "Dushistov";
- repo = attrs.pname;
- rev = "v${attrs.version}";
- hash = "sha256-EyvljVXhOsdxIYOGTzD+T16nvW7/RNx3DuQ2OdhjXJ4=";
- };
-
- nativeBuildInputs = [cmake pkg-config gettext];
- buildInputs = [zlib glib pcre readline];
- makeFlags = "sdcv lang";
-
- meta = with lib; {
- description = "Console version of Stardict program";
- homepage = "https://dushistov.github.io/sdcv/";
- license = licenses.gpl2;
- };
-})
diff --git a/pkgs/u-boot-add-openwrt-one.patch b/pkgs/u-boot-add-openwrt-one.patch
new file mode 100644
index 0000000..722f1ee
--- /dev/null
+++ b/pkgs/u-boot-add-openwrt-one.patch
@@ -0,0 +1,579 @@
+--- /dev/null
++++ b/arch/arm/dts/openwrt-one.dts
+@@ -0,0 +1,203 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * Copyright (c) 2024 John Crispin <john@phrozen.org>
++ */
++
++/dts-v1/;
++#include "mt7981.dtsi"
++#include <dt-bindings/gpio/gpio.h>
++#include <dt-bindings/input/input.h>
++
++/ {
++ #address-cells = <1>;
++ #size-cells = <1>;
++ model = "OpenWrt One";
++ compatible = "openwrt,one", "mediatek,mt7981";
++ chosen {
++ stdout-path = &uart0;
++ tick-timer = &timer0;
++ };
++
++ memory@40000000 {
++ device_type = "memory";
++ reg = <0x40000000 0x10000000>;
++ };
++
++ keys {
++ compatible = "gpio-keys";
++
++ user {
++ label = "front";
++ gpios = <&pio 0 GPIO_ACTIVE_LOW>;
++ linux,code = <BTN_0>;
++ };
++
++ reset {
++ label = "back";
++ gpios = <&pio 1 GPIO_ACTIVE_LOW>;
++ linux,code = <BTN_1>;
++ };
++ };
++
++ leds {
++ compatible = "gpio-leds";
++
++ red {
++ label = "red";
++ gpios = <&pio 9 GPIO_ACTIVE_HIGH>;
++ };
++
++ white {
++ label = "white";
++ gpios = <&pio 13 GPIO_ACTIVE_HIGH>;
++ };
++
++ green {
++ label = "green";
++ gpios = <&pio 15 GPIO_ACTIVE_HIGH>;
++ };
++ };
++};
++
++&uart0 {
++ status = "okay";
++};
++
++&eth {
++ status = "okay";
++ mediatek,gmac-id = <1>;
++ phy-mode = "gmii";
++ phy-handle = <&phy0>;
++
++ phy0: eth-phy@0 {
++ compatible = "ethernet-phy-ieee802.3-c22";
++ reg = <0>;
++ };
++};
++
++&pio {
++ spi_flash_pins: spi0-pins-func-1 {
++ mux {
++ function = "flash";
++ groups = "spi0", "spi0_wp_hold";
++ };
++
++ conf-pu {
++ pins = "SPI0_CS", "SPI0_HOLD", "SPI0_WP";
++ drive-strength = <MTK_DRIVE_8mA>;
++ bias-pull-up = <MTK_PUPD_SET_R1R0_11>;
++ };
++
++ conf-pd {
++ pins = "SPI0_CLK", "SPI0_MOSI", "SPI0_MISO";
++ drive-strength = <MTK_DRIVE_8mA>;
++ bias-pull-down = <MTK_PUPD_SET_R1R0_11>;
++ };
++ };
++
++ spi2_flash_pins: spi2-spi2-pins {
++ mux {
++ function = "spi";
++ groups = "spi2", "spi2_wp_hold";
++ };
++
++ conf-pu {
++ pins = "SPI2_CS", "SPI2_HOLD", "SPI2_WP";
++ drive-strength = <MTK_DRIVE_8mA>;
++ bias-pull-down = <MTK_PUPD_SET_R1R0_00>;
++ };
++
++ conf-pd {
++ pins = "SPI2_CLK", "SPI2_MOSI", "SPI2_MISO";
++ drive-strength = <MTK_DRIVE_8mA>;
++ bias-pull-down = <MTK_PUPD_SET_R1R0_00>;
++ };
++ };
++};
++
++&spi0 {
++ #address-cells = <1>;
++ #size-cells = <0>;
++ pinctrl-names = "default";
++ pinctrl-0 = <&spi_flash_pins>;
++ status = "okay";
++ must_tx;
++ enhance_timing;
++ dma_ext;
++ ipm_design;
++ support_quad;
++ tick_dly = <2>;
++ sample_sel = <0>;
++
++ spi_nand@0 {
++ compatible = "spi-nand";
++ reg = <0>;
++ spi-max-frequency = <52000000>;
++
++ partitions {
++ compatible = "fixed-partitions";
++ #address-cells = <1>;
++ #size-cells = <1>;
++
++ partition@0 {
++ label = "bl2";
++ reg = <0x0 0x100000>;
++ };
++
++ partition@200000 {
++ label = "ubi";
++ reg = <0x100000 0xff00000>;
++ };
++ };
++ };
++};
++
++&spi2 {
++ #address-cells = <1>;
++ #size-cells = <0>;
++ pinctrl-names = "default";
++ pinctrl-0 = <&spi2_flash_pins>;
++ status = "okay";
++ must_tx;
++ enhance_timing;
++ dma_ext;
++ ipm_design;
++ tick_dly = <2>;
++ sample_sel = <0>;
++
++ spi_nor@0 {
++ compatible = "jedec,spi-nor";
++ reg = <0>;
++ spi-max-frequency = <5000000>;
++
++ partitions {
++ compatible = "fixed-partitions";
++ #address-cells = <1>;
++ #size-cells = <1>;
++
++ partition@00000 {
++ label = "bl2-nor";
++ reg = <0x00000 0x0040000>;
++ };
++
++ partition@40000 {
++ label = "factory";
++ reg = <0x40000 0x00C0000>;
++ };
++
++ partition@100000 {
++ label = "fip-nor";
++ reg = <0x100000 0x0080000>;
++ };
++
++ partition@180000 {
++ label = "recovery";
++ reg = <0x180000 0xc80000>;
++ };
++ };
++ };
++};
++
++&watchdog {
++ status = "disabled";
++};
+--- /dev/null
++++ b/configs/mt7981_openwrt-one-nor_defconfig
+@@ -0,0 +1,125 @@
++CONFIG_ARM=y
++CONFIG_SYS_HAS_NONCACHED_MEMORY=y
++CONFIG_POSITION_INDEPENDENT=y
++CONFIG_ARCH_MEDIATEK=y
++CONFIG_TEXT_BASE=0x41e00000
++CONFIG_SYS_MALLOC_F_LEN=0x4000
++CONFIG_NR_DRAM_BANKS=1
++CONFIG_ENV_SIZE=0x8000
++CONFIG_DEFAULT_DEVICE_TREE="openwrt-one"
++CONFIG_OF_LIBFDT_OVERLAY=y
++CONFIG_TARGET_MT7981=y
++CONFIG_RESET_BUTTON_LABEL="back"
++CONFIG_SYS_LOAD_ADDR=0x46000000
++CONFIG_DEBUG_UART_BASE=0x11002000
++CONFIG_DEBUG_UART_CLOCK=40000000
++CONFIG_DEBUG_UART=y
++CONFIG_FIT=y
++CONFIG_SPI_BOOT=y
++CONFIG_AUTOBOOT_MENU_SHOW=y
++CONFIG_USE_PREBOOT=y
++CONFIG_DEFAULT_FDT_FILE="openwrt-one"
++CONFIG_SYS_CBSIZE=512
++CONFIG_SYS_PBSIZE=1049
++CONFIG_LOGLEVEL=7
++CONFIG_LOG=y
++CONFIG_BOARD_LATE_INIT=y
++CONFIG_HUSH_PARSER=y
++CONFIG_SYS_PROMPT="OpenWrt One> "
++CONFIG_SYS_MAXARGS=16
++CONFIG_CMD_CPU=y
++CONFIG_CMD_LICENSE=y
++# CONFIG_BOOTM_NETBSD is not set
++# CONFIG_BOOTM_PLAN9 is not set
++# CONFIG_BOOTM_RTEMS is not set
++# CONFIG_BOOTM_VXWORKS is not set
++# CONFIG_CMD_BOOTEFI_BOOTMGR is not set
++CONFIG_CMD_BOOTMENU=y
++CONFIG_CMD_ASKENV=y
++CONFIG_CMD_ERASEENV=y
++CONFIG_CMD_ENV_FLAGS=y
++CONFIG_CMD_STRINGS=y
++# CONFIG_CMD_UNLZ4 is not set
++# CONFIG_CMD_UNZIP is not set
++CONFIG_CMD_DM=y
++CONFIG_CMD_GPIO=y
++CONFIG_CMD_PWM=y
++CONFIG_CMD_MTD=y
++CONFIG_CMD_PCI=y
++CONFIG_CMD_SF_TEST=y
++CONFIG_CMD_USB=y
++CONFIG_CMD_TFTPSRV=y
++CONFIG_CMD_RARP=y
++CONFIG_CMD_CDP=y
++CONFIG_CMD_SNTP=y
++CONFIG_CMD_LINK_LOCAL=y
++CONFIG_CMD_DHCP=y
++CONFIG_CMD_DNS=y
++CONFIG_CMD_PING=y
++CONFIG_CMD_PXE=y
++CONFIG_CMD_CACHE=y
++CONFIG_CMD_PSTORE=y
++CONFIG_CMD_PSTORE_MEM_ADDR=0x42ff0000
++CONFIG_CMD_UUID=y
++CONFIG_CMD_HASH=y
++CONFIG_CMD_SMC=y
++CONFIG_CMD_FAT=y
++CONFIG_CMD_FS_GENERIC=y
++CONFIG_CMD_FS_UUID=y
++CONFIG_CMD_UBI=y
++CONFIG_CMD_UBI_RENAME=y
++CONFIG_ENV_OVERWRITE=y
++CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
++CONFIG_SYS_RELOC_GD_ENV_ADDR=y
++CONFIG_USE_DEFAULT_ENV_FILE=y
++CONFIG_DEFAULT_ENV_FILE="defenvs/openwrt-one-nor_env"
++CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y
++CONFIG_VERSION_VARIABLE=y
++CONFIG_NET_RANDOM_ETHADDR=y
++CONFIG_BUTTON=y
++CONFIG_BUTTON_GPIO=y
++CONFIG_CLK=y
++CONFIG_GPIO_HOG=y
++CONFIG_LED=y
++CONFIG_LED_BLINK=y
++CONFIG_LED_GPIO=y
++# CONFIG_MMC is not set
++CONFIG_MTD=y
++CONFIG_DM_MTD=y
++CONFIG_MTD_SPI_NAND=y
++CONFIG_DM_SPI_FLASH=y
++CONFIG_SPI_FLASH_SFDP_SUPPORT=y
++CONFIG_SPI_FLASH_EON=y
++CONFIG_SPI_FLASH_GIGADEVICE=y
++CONFIG_SPI_FLASH_ISSI=y
++CONFIG_SPI_FLASH_MACRONIX=y
++CONFIG_SPI_FLASH_SPANSION=y
++CONFIG_SPI_FLASH_STMICRO=y
++CONFIG_SPI_FLASH_WINBOND=y
++CONFIG_SPI_FLASH_XMC=y
++CONFIG_SPI_FLASH_XTX=y
++CONFIG_SPI_FLASH_MTD=y
++CONFIG_UBI_SILENCE_MSG=y
++CONFIG_PHY_FIXED=y
++CONFIG_MEDIATEK_ETH=y
++CONFIG_PHY=y
++CONFIG_PHY_MTK_TPHY=y
++CONFIG_PINCTRL=y
++CONFIG_PINCONF=y
++CONFIG_PINCTRL_MT7981=y
++CONFIG_POWER_DOMAIN=y
++CONFIG_MTK_POWER_DOMAIN=y
++CONFIG_DM_PWM=y
++CONFIG_PWM_MTK=y
++CONFIG_DM_SERIAL=y
++CONFIG_SERIAL_RX_BUFFER=y
++CONFIG_MTK_SERIAL=y
++CONFIG_SPI=y
++CONFIG_DM_SPI=y
++CONFIG_MTK_SPIM=y
++CONFIG_USB=y
++CONFIG_USB_XHCI_HCD=y
++CONFIG_USB_XHCI_MTK=y
++CONFIG_USB_STORAGE=y
++CONFIG_UBIFS_SILENCE_MSG=y
++CONFIG_HEXDUMP=y
+--- /dev/null
++++ b/configs/mt7981_openwrt-one-spi-nand_defconfig
+@@ -0,0 +1,126 @@
++CONFIG_ARM=y
++CONFIG_SYS_HAS_NONCACHED_MEMORY=y
++CONFIG_POSITION_INDEPENDENT=y
++CONFIG_ARCH_MEDIATEK=y
++CONFIG_TEXT_BASE=0x41e00000
++CONFIG_SYS_MALLOC_F_LEN=0x4000
++CONFIG_NR_DRAM_BANKS=1
++CONFIG_DEFAULT_DEVICE_TREE="openwrt-one"
++CONFIG_OF_LIBFDT_OVERLAY=y
++CONFIG_TARGET_MT7981=y
++CONFIG_RESET_BUTTON_LABEL="back"
++CONFIG_SYS_LOAD_ADDR=0x46000000
++CONFIG_DEBUG_UART_BASE=0x11002000
++CONFIG_DEBUG_UART_CLOCK=40000000
++CONFIG_DEBUG_UART=y
++CONFIG_FIT=y
++CONFIG_SPI_BOOT=y
++CONFIG_AUTOBOOT_MENU_SHOW=y
++CONFIG_USE_PREBOOT=y
++CONFIG_DEFAULT_FDT_FILE="openwrt-one"
++CONFIG_SYS_CBSIZE=512
++CONFIG_SYS_PBSIZE=1049
++CONFIG_LOGLEVEL=7
++CONFIG_LOG=y
++CONFIG_BOARD_LATE_INIT=y
++CONFIG_HUSH_PARSER=y
++CONFIG_SYS_PROMPT="OpenWrt One> "
++CONFIG_SYS_MAXARGS=16
++CONFIG_CMD_CPU=y
++CONFIG_CMD_LICENSE=y
++# CONFIG_BOOTM_NETBSD is not set
++# CONFIG_BOOTM_PLAN9 is not set
++# CONFIG_BOOTM_RTEMS is not set
++# CONFIG_BOOTM_VXWORKS is not set
++# CONFIG_CMD_BOOTEFI_BOOTMGR is not set
++CONFIG_CMD_BOOTMENU=y
++CONFIG_CMD_ASKENV=y
++CONFIG_CMD_ERASEENV=y
++CONFIG_CMD_ENV_FLAGS=y
++CONFIG_CMD_STRINGS=y
++# CONFIG_CMD_UNLZ4 is not set
++# CONFIG_CMD_UNZIP is not set
++CONFIG_CMD_DM=y
++CONFIG_CMD_GPIO=y
++CONFIG_CMD_PWM=y
++CONFIG_CMD_MTD=y
++CONFIG_CMD_PCI=y
++CONFIG_CMD_SF_TEST=y
++CONFIG_CMD_USB=y
++CONFIG_CMD_TFTPSRV=y
++CONFIG_CMD_RARP=y
++CONFIG_CMD_CDP=y
++CONFIG_CMD_SNTP=y
++CONFIG_CMD_LINK_LOCAL=y
++CONFIG_CMD_DHCP=y
++CONFIG_CMD_DNS=y
++CONFIG_CMD_PING=y
++CONFIG_CMD_PXE=y
++CONFIG_CMD_CACHE=y
++CONFIG_CMD_PSTORE=y
++CONFIG_CMD_PSTORE_MEM_ADDR=0x42ff0000
++CONFIG_CMD_UUID=y
++CONFIG_CMD_HASH=y
++CONFIG_CMD_SMC=y
++CONFIG_CMD_FAT=y
++CONFIG_CMD_FS_GENERIC=y
++CONFIG_CMD_FS_UUID=y
++CONFIG_CMD_UBI=y
++CONFIG_CMD_UBI_RENAME=y
++CONFIG_ENV_OVERWRITE=y
++CONFIG_ENV_IS_IN_UBI=y
++CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
++CONFIG_ENV_UBI_PART="ubi"
++CONFIG_ENV_UBI_VOLUME="ubootenv"
++CONFIG_ENV_UBI_VOLUME_REDUND="ubootenv2"
++CONFIG_SYS_RELOC_GD_ENV_ADDR=y
++CONFIG_USE_DEFAULT_ENV_FILE=y
++CONFIG_DEFAULT_ENV_FILE="defenvs/openwrt-one-spi-nand_env"
++CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y
++CONFIG_VERSION_VARIABLE=y
++CONFIG_NET_RANDOM_ETHADDR=y
++CONFIG_BUTTON=y
++CONFIG_BUTTON_GPIO=y
++CONFIG_CLK=y
++CONFIG_GPIO_HOG=y
++CONFIG_LED=y
++CONFIG_LED_BLINK=y
++CONFIG_LED_GPIO=y
++# CONFIG_MMC is not set
++CONFIG_MTD=y
++CONFIG_DM_MTD=y
++CONFIG_MTD_SPI_NAND=y
++CONFIG_DM_SPI_FLASH=y
++CONFIG_SPI_FLASH_SFDP_SUPPORT=y
++CONFIG_SPI_FLASH_EON=y
++CONFIG_SPI_FLASH_GIGADEVICE=y
++CONFIG_SPI_FLASH_ISSI=y
++CONFIG_SPI_FLASH_MACRONIX=y
++CONFIG_SPI_FLASH_SPANSION=y
++CONFIG_SPI_FLASH_STMICRO=y
++CONFIG_SPI_FLASH_WINBOND=y
++CONFIG_SPI_FLASH_XMC=y
++CONFIG_SPI_FLASH_XTX=y
++CONFIG_SPI_FLASH_MTD=y
++CONFIG_PHY_FIXED=y
++CONFIG_MEDIATEK_ETH=y
++CONFIG_PHY=y
++CONFIG_PHY_MTK_TPHY=y
++CONFIG_PINCTRL=y
++CONFIG_PINCONF=y
++CONFIG_PINCTRL_MT7981=y
++CONFIG_POWER_DOMAIN=y
++CONFIG_MTK_POWER_DOMAIN=y
++CONFIG_DM_PWM=y
++CONFIG_PWM_MTK=y
++CONFIG_DM_SERIAL=y
++CONFIG_SERIAL_RX_BUFFER=y
++CONFIG_MTK_SERIAL=y
++CONFIG_SPI=y
++CONFIG_DM_SPI=y
++CONFIG_MTK_SPIM=y
++CONFIG_USB=y
++CONFIG_USB_XHCI_HCD=y
++CONFIG_USB_XHCI_MTK=y
++CONFIG_USB_STORAGE=y
++CONFIG_HEXDUMP=y
+--- /dev/null
++++ b/defenvs/openwrt-one-nor_env
+@@ -0,0 +1,48 @@
++ethaddr_factory=mtd read factory 0x46000000 0x0 0x20000 && env readmem -b ethaddr 0x4600002a 0x6 ; setenv ethaddr_factory
++bl2_mtd_write=mtd erase bl2-nor && mtd write bl2-nor $loadaddr 0x0 0x40000
++bl2_tftp_write=tftpboot $loadaddr $bootfile_bl2_nor && run bl2_mtd_write
++bootcmd=run check_button ; run led_start ; mtd read recovery ${loadaddr} ; bootm ; run led_loop_error
++bootconf=config-1
++bootdelay=0
++bootfile=openwrt-mediatek-filogic-openwrt_one-initramfs.itb
++bootfile_bl2_nor=openwrt-mediatek-filogic-openwrt_one-nor-preloader.bin
++bootfile_fip_nor=openwrt-mediatek-filogic-openwrt_one-nor-bl31-uboot.fip
++bootmenu_0=Initialize environment.=run _firstboot
++bootmenu_0d=Run default boot command.=run bootcmd
++bootmenu_1=Boot system via TFTP.=run tftp_boot ; run bootmenu_confirm_return
++bootmenu_2=Unlock NOR. (Make sure the NOR/WP jumper is populated)=sf probe 1:0 && sf protect unlock 0x0 0x1000000 ; run bootmenu_confirm_return
++bootmenu_3=Load BL31+U-Boot FIP via TFTP then write to NOR.=run fip_tftp_write ; run bootmenu_confirm_return
++bootmenu_4=Load BL2 preloader via TFTP then write to NOR.=run bl2_tftp_write ; run bootmenu_confirm_return
++bootmenu_5=Load recovery system via TFTP then write to NOR.=run tftp_write ; run bootmenu_confirm_return
++bootmenu_6=Lock NOR. (Remove jumper afterwards)=sf probe 1:0 && sf protect lock 0x0 0x1000000 ; run bootmenu_confirm_return
++bootmenu_7=Reboot.=reset
++bootmenu_confirm_return=askenv - Press ENTER to return to menu ; bootmenu 60
++bootmenu_default=0
++bootmenu_delay=0
++bootmenu_title= ( ( ( OpenWrt ) ) ) [SPI-NOR]
++check_button=if button front ; then run usb_recovery ; run led_loop_error ; fi
++fip_mtd_write=mtd erase fip-nor && mtd write fip-nor $loadaddr
++fip_tftp_write=tftpboot $loadaddr $bootfile_fip_nor && run fip_mtd_write
++ipaddr=192.168.11.11
++led_done=led green off ; led white on
++led_loop_done=led white off ; led green on ; echo done ; while true ; do sleep 1 ; done
++led_loop_error=led white off ; led green off ; while true ; do led red on ; sleep 1 ; led red off ; sleep 1 ; done
++led_boot=led green on ; led white on ; led red on
++led_start=led green off ; led red off; led white on
++loadaddr=0x46000000
++preboot=run led_boot
++recoverfile_bl2=openwrt-mediatek-filogic-openwrt_one-snand-preloader.bin
++recoverfile_ubi=openwrt-mediatek-filogic-openwrt_one-factory.ubi
++recovery_write_bl2=mtd erase bl2 && for offset in 0x0 0x40000 0x80000; do mtd write bl2 $loadaddr $offset 0x40000 ; done
++recovery_write_ubi=mtd erase ubi && mtd write ubi $loadaddr 0 ${filesize}
++serverip=192.168.11.23
++tftp_boot=run led_start ; tftpboot $loadaddr $bootfile && bootm $loadaddr#$bootconf
++tftp_write=run led_start ; tftpboot $loadaddr $bootfile && mtd erase recovery 0x0 ${filesize} && mtd write recovery $loadaddr 0x0 ${filesize}
++usb_pgood_delay=4000
++usb_recovery=run led_start ; usb start && run usb_recovery_bl2 && run usb_recovery_ubi && run led_loop_done
++usb_recovery_bl2=fatload usb 0:1 ${loadaddr} ${recoverfile_bl2} && run recovery_write_bl2
++usb_recovery_ubi=fatload usb 0:1 ${loadaddr} ${recoverfile_ubi} && run recovery_write_ubi
++_firstboot=setenv _firstboot ; run ethaddr_factory ; run _switch_to_menu ; run _init_env ; bootmenu
++_init_env=setenv _init_env ; echo Initialize Env ; run ubi_create_env ; saveenv
++_switch_to_menu=setenv _switch_to_menu ; setenv bootdelay 3 ; setenv bootmenu_delay 3 ; setenv bootmenu_0 $bootmenu_0d ; setenv bootmenu_0d ; run _bootmenu_update_title
++_bootmenu_update_title=setenv _bootmenu_update_title ; setenv bootmenu_title "$bootmenu_title $ver"
+--- /dev/null
++++ b/defenvs/openwrt-one-spi-nand_env
+@@ -0,0 +1,62 @@
++ethaddr_factory=mtd read factory 0x46000000 0x0 0x20000 && env readmem -b ethaddr 0x4600002a 0x6 ; setenv ethaddr_factory
++ipaddr=192.168.11.11
++serverip=192.168.11.23
++loadaddr=0x46000000
++console=earlycon=uart8250,mmio32,0x11002000 console=ttyS0
++bootcmd=run check_buttons ; run led_start ; run boot_calibration ; run boot_production ; run boot_recovery
++bootconf=config-1
++bootdelay=0
++bootfile=openwrt-mediatek-filogic-openwrt_one-initramfs.itb
++bootfile_bl2=openwrt-mediatek-filogic-openwrt_one-snand-preloader.bin
++bootfile_fip=openwrt-mediatek-filogic-openwrt_one-snand-bl31-uboot.fip
++bootfile_upg=openwrt-mediatek-filogic-openwrt_one-squashfs-sysupgrade.itb
++bootmenu_confirm_return=askenv - Press ENTER to return to menu ; run led_boot ; bootmenu 60
++bootmenu_default=0
++bootmenu_delay=0
++bootmenu_title= ( ( ( OpenWrt ) ) ) [SPI-NAND]
++bootmenu_0=Initialize environment.=run _firstboot
++bootmenu_0d=Run default boot command.=run boot_default
++bootmenu_1=Boot system via TFTP.=run boot_tftp ; run bootmenu_confirm_return
++bootmenu_2=Boot production system from NAND.=run boot_production ; run bootmenu_confirm_return
++bootmenu_3=Boot recovery system from NAND.=run boot_recovery ; run bootmenu_confirm_return
++bootmenu_4=Load production system via TFTP then write to NAND.=noboot=1 ; replacevol=1 ; run boot_tftp_production ; noboot= ; replacevol= ; run bootmenu_confirm_return
++bootmenu_5=Load recovery system via TFTP then write to NAND.=noboot=1 ; replacevol=1 ; run boot_tftp_recovery ; noboot= ; replacevol= ; run bootmenu_confirm_return
++bootmenu_6=Load BL31+U-Boot FIP via TFTP then write to NAND.=run boot_tftp_write_fip ; run bootmenu_confirm_return
++bootmenu_7=Load BL2 preloader via TFTP then write to NAND.=run boot_tftp_write_bl2 ; run bootmenu_confirm_return
++bootmenu_8=Reboot.=reset
++bootmenu_9=Reset all settings to factory defaults.=run reset_factory ; reset
++boot_default=run bootcmd ; run boot_recovery ; replacevol=1 ; run boot_tftp_forever
++boot_calibration=ubi read $loadaddr calibration && bootm $loadaddr#$bootconf
++boot_production=led white on ; run ubi_read_production && bootm $loadaddr#$bootconf ; led white off
++boot_recovery=led green on ; run ubi_read_recovery && bootm $loadaddr#$bootconf ; led green off
++boot_tftp=run led_start ; tftpboot $loadaddr $bootfile && bootm $loadaddr#$bootconf
++boot_tftp_forever=led green off ; led white off ; led red on ; while true ; do run boot_tftp_recovery ; led red off ; sleep 1 ; done
++boot_tftp_production=tftpboot $loadaddr $bootfile_upg && test $replacevol = 1 && iminfo $loadaddr && run ubi_write_production ; if test $noboot = 1 ; then else bootm $loadaddr#$bootconf ; fi
++boot_tftp_recovery=tftpboot $loadaddr $bootfile && test $replacevol = 1 && iminfo $loadaddr && run ubi_write_recovery ; if test $noboot = 1 ; then else bootm $loadaddr#$bootconf ; fi
++boot_tftp=tftpboot $loadaddr $bootfile && bootm $loadaddr#$bootconf
++boot_tftp_write_fip=tftpboot $loadaddr $bootfile_fip && run ubi_write_fip && run reset_factory
++boot_tftp_write_bl2=tftpboot $loadaddr $bootfile_bl2 && run snand_write_bl2
++check_buttons=if button front ; then run boot_recovery ; run boot_tftp ; run led_loop_error ; else if button back ; then ; run usb_recover ; run led_loop_error ; fi ; fi
++led_boot=led green on ; led white on ; led red on
++led_done=led green on ; led white off ; led red off
++led_loop_done=led white off ; led green on ; echo done ; while true ; do sleep 1 ; done
++led_loop_error=led white off ; led green off ; while true ; do led red on ; sleep 1 ; led red off ; sleep 1 ; done
++led_start=led white on ; led green off ; led red off
++preboot=run led_boot
++reset_factory=mw $loadaddr 0xff 0x1f000 ; ubi write $loadaddr ubootenv 0x1f000 ; ubi write $loadaddr ubootenv2 0x1f000 ; ubi remove rootfs_data
++snand_write_bl2=mtd erase bl2 && for offset in 0x0 0x40000 0x80000 0xc0000 ; do mtd write bl2 $loadaddr $offset 0x40000 ; done
++ubi_create_env=ubi check ubootenv || ubi create ubootenv 0x1f000 dynamic ; ubi check ubootenv2 || ubi create ubootenv2 0x1f000 dynamic
++ubi_prepare_rootfs=if ubi check rootfs_data ; then else if env exists rootfs_data_max ; then ubi create rootfs_data $rootfs_data_max dynamic || ubi create rootfs_data - dynamic ; else ubi create rootfs_data - dynamic ; fi ; fi
++ubi_read_production=ubi read $loadaddr fit && iminfo $loadaddr && run ubi_prepare_rootfs
++ubi_read_recovery=ubi check recovery && ubi read $loadaddr recovery
++ubi_remove_rootfs=ubi check rootfs_data && ubi remove rootfs_data
++usb_pgood_delay=4000
++usb_recover=run led_start ; usb start && run usb_recover_production && run led_loop_done
++usb_recover_production=fatload usb 0:1 ${loadaddr} ${bootfile_upg} && iminfo $loadaddr && run ubi_write_production
++ubi_write_fip=run ubi_remove_rootfs ; ubi check fip && ubi remove fip ; ubi create fip $filesize static && ubi write $loadaddr fip $filesize
++ubi_write_production=ubi check fit && ubi remove fit ; run ubi_remove_rootfs ; ubi create fit $filesize dynamic && ubi write $loadaddr fit $filesize
++ubi_write_recovery=ubi check recovery && ubi remove recovery ; run ubi_remove_rootfs ; ubi create recovery $filesize dynamic && ubi write $loadaddr recovery $filesize
++_init_env=setenv _init_env ; run ubi_create_env ; saveenv ; saveenv
++_firstboot=setenv _firstboot ; run ethaddr_factory ; run _switch_to_menu ; run _init_env ; bootmenu
++_switch_to_menu=setenv _switch_to_menu ; setenv bootdelay 3 ; setenv bootmenu_delay 3 ; setenv bootmenu_0 $bootmenu_0d ; setenv bootmenu_0d ; run _bootmenu_update_title
++_bootmenu_update_title=setenv _bootmenu_update_title ; setenv bootmenu_title "$bootmenu_title $ver"
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-19 10:49:32 +0000