diff options
| -rw-r--r-- | flake.lock | 12 | ||||
| -rw-r--r-- | flake.nix | 18 | ||||
| -rw-r--r-- | nixos/configurations/adm-mpd.nix | 58 | ||||
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 8 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/Rpi.md | 25 | ||||
| -rw-r--r-- | nixos/modules/generic.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/rpi.nix | 88 | ||||
| -rw-r--r-- | pkgs/default.nix | 9 |
10 files changed, 176 insertions, 53 deletions
@@ -201,11 +201,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734352517, - "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", + "lastModified": 1736441705, + "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", + "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1734435836, - "narHash": "sha256-kMBQ5PRiFLagltK0sH+08aiNt3zGERC2297iB6vrvlU=", + "lastModified": 1736657626, + "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4989a246d7a390a859852baddb1013f825435cee", + "rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e", "type": "github" }, "original": { @@ -62,17 +62,23 @@ } // eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages."${system}".extend self.overlays.default; - in { - packages = - {default = pkgs.nixdeploy;} - // mapAttrs' (n: v: let + + osFilterMap = attr: + mapAttrs' (n: v: let os = if v.config.nixpkgs.hostPlatform.system == system then v else (v.extendModules {modules = [{nixpkgs.buildPlatform.system = system;}];}); in - nameValuePair "tarball-${n}" os.config.system.build.tarball) - (filterAttrs (_: v: v.config.system.build ? tarball) self.nixosConfigurations); + nameValuePair "${attr}-${n}" os.config.system.build."${attr}") + (filterAttrs (_: v: v.config.system.build ? "${attr}") + self.nixosConfigurations); + in { + packages = + {default = pkgs.nixdeploy;} + // (osFilterMap "toplevel") + // (osFilterMap "tarball") + // (osFilterMap "firmware"); legacyPackages = pkgs; devShells = filterPackages system (import ./devShells pkgs); formatter = pkgs.alejandra; diff --git a/nixos/configurations/adm-mpd.nix b/nixos/configurations/adm-mpd.nix index ac3b4de..b2c7903 100644 --- a/nixos/configurations/adm-mpd.nix +++ b/nixos/configurations/adm-mpd.nix @@ -5,26 +5,16 @@ }: let inherit (lib) filterAttrs; in { - nixpkgs.hostPlatform.system = "aarch64-linux"; - - fileSystems = { - "/" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/mmcblk0p1"; - }; + cynerd.rpi = 3; + deploy = { + enable = true; + ssh.host = "nixos@mpd.adm"; }; networking.wireless = { enable = true; networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks; - environmentFile = "/run/secrets/wifi.env"; + secretsFile = "/run/secrets/wifi.secrets"; userControlled.enable = true; }; @@ -33,24 +23,24 @@ in { #alsa.enable = true; #pulse.enable = true; #}; - hardware.pulseaudio = { - enable = true; - systemWide = true; - zeroconf.publish.enable = true; - }; + #hardware.pulseaudio = { + # enable = true; + # systemWide = true; + # zeroconf.publish.enable = true; + #}; - services.spotifyd = { - enable = true; - settings.global = { - device_name = "Adámkovi"; - device = "sysdefault"; - mixer = "Master"; - bitrate = 320; - cache_path = "/var/cahe/spotify"; - no_audio_cache = true; - volume_normalisation = true; - normalisation_pregain = -10; - initial_volume = 60; - }; - }; + #services.spotifyd = { + # enable = true; + # settings.global = { + # device_name = "Adámkovi"; + # device = "sysdefault"; + # mixer = "Master"; + # bitrate = 320; + # cache_path = "/var/cahe/spotify"; + # no_audio_cache = true; + # volume_normalisation = true; + # normalisation_pregain = -10; + # initial_volume = 60; + # }; + #}; } diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index b332cab..4683cf2 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -48,10 +48,12 @@ in { fileSystems = ["/"]; }; - networking = { - useNetworkd = true; - useDHCP = false; + services.fail2ban = { + enable = true; + ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; }; + + networking.useDHCP = false; systemd.network = { networks = { "end2" = { diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index e55e34f..f05d553 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -125,6 +125,6 @@ in { # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept + iifname {"home", "wg"} oifname {"home", "wg"} accept ''; } diff --git a/nixos/modules/Rpi.md b/nixos/modules/Rpi.md new file mode 100644 index 0000000..43b172f --- /dev/null +++ b/nixos/modules/Rpi.md @@ -0,0 +1,25 @@ +# Raspberry Pi SD card preparation steps + +``` +~# parted /dev/sdx +(parted) mktable msdos +(parted) mkpart primary fat16 0% 120M +(parted) mkpart primary btrfs 120M 100% +(parted) set 2 boot on +(parted) quit +~# mkfs.vfat -F16 /dev/sdx1 +~# mkfs.btrfs /dev/sdx2 + +~# mount /dev/sdx1 /mnt +~# nix build .#firmware-HOST +~# cp -r result/* /mnt/ +~# umount mnt + +~# mount /dev/sdx2 /mnt +~# nix copy --to /mnt .#toplevel-HOST +~# nix build --print-out-paths .#toplevel-HOST +~# nix eval .#nixosConfigurations.HOST.config.boot.loader.generic-extlinux-compatible.populateCmd +"/nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -g 20 -t 5" +~# /nix/store/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-extlinux-conf-builder.sh -c -d ./mnt/boot +~# umount mnt +``` diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index 502d0c3..c5dbd98 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -31,8 +31,11 @@ in { }; boot = { - loader.systemd-boot.enable = mkOverride 1100 true; - loader.efi.canTouchEfiVariables = mkDefault true; + loader = { + systemd-boot.enable = mkOverride 1100 true; + efi.canTouchEfiVariables = mkDefault true; + grub.enable = mkOverride 1100 false; + }; kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; kernelParams = ["boot.shell_on_fail"]; }; diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index 3dd4fbc..55db94d 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -41,7 +41,6 @@ in { btop iotop mc - screen tmux # ls tools @@ -73,6 +72,7 @@ in { nmap ltrace pv + screen ] ++ optionals (!isNative) [ ncdu_1 diff --git a/nixos/modules/rpi.nix b/nixos/modules/rpi.nix new file mode 100644 index 0000000..e4e10fe --- /dev/null +++ b/nixos/modules/rpi.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkOption types mkMerge mkIf; + + configTxt = pkgs.writeText "config.txt" '' + [pi3] + kernel=u-boot-rpi3.bin + + # Boot in 64-bit mode. + arm_64bit=1 + + # Otherwise the serial output will be garbled. + core_freq=250 + # Boot in 64-bit mode. + arm_64bit=1 + + [all] + # U-Boot needs this to work, regardless of whether UART is actually used or not. + # Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still + # a requirement in the future. + enable_uart=1 + + # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel + # when attempting to show low-voltage or overtemperature warnings. + avoid_warnings=1 + ''; +in { + options.cynerd.rpi = mkOption { + type = with types; nullOr (enum [2 3]); + default = null; + description = "If machine is RaspberryPi and which version"; + }; + + config = mkMerge [ + (mkIf (config.cynerd.rpi == 2) { + nixpkgs.hostPlatform.system = "armv7l-linux"; + }) + (mkIf (config.cynerd.rpi == 3) { + nixpkgs.hostPlatform.system = "aarch64-linux"; + boot.kernelParams = ["console=ttyS1,115200n8"]; + }) + (mkIf (config.cynerd.rpi != null) { + boot.loader = { + systemd-boot.enable = false; + efi.canTouchEfiVariables = false; + generic-extlinux-compatible.enable = true; + }; + boot.consoleLogLevel = 7; + + fileSystems = { + "/" = { + device = "/dev/mmcblk0p2"; + fsType = "ext4"; + }; + #"/" = { + # device = "/dev/mmcblk0p2"; + # fsType = "btrfs"; + # options = ["compress=lzo"]; + #}; + "/boot/firmware" = { + device = "/dev/mmcblk0p1"; + fsType = "vfat"; + options = ["nofail"]; + }; + }; + + services.journald.extraConfig = '' + SystemMaxUse=512M + ''; + + system.build.firmware = pkgs.callPackage ({stdenvNoCC}: + stdenvNoCC.mkDerivation { + name = "${config.system.name}-firmware"; + buildCommand = '' + mkdir $out + cp -r ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/ + cp ${configTxt} $out/config.txt + # TODO support rpi2 + cp ${pkgs.ubootRaspberryPi3_btrfs}/u-boot.bin $out/u-boot-rpi3.bin + ''; + }) {}; + }) + ]; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index a984d9b..9ea9a99 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -37,6 +37,15 @@ final: prev: { zigbee2mqtt = prev.zigbee2mqtt.overrideAttrs { npmInstallFlags = ["--no-optional"]; # Fix cross build }; + ubootRaspberryPi3_btrfs = prev.buildUBoot { + defconfig = "rpi_3_defconfig"; + extraConfig = '' + CONFIG_FS_BTRFS=y + CONFIG_CMD_BTRFS=y + ''; + extraMeta.platforms = ["aarch64-linux"]; + filesToInstall = ["u-boot.bin"]; + }; # Older version of packages flac134 = prev.flac.overrideAttrs { |