From c12a03b8511f4742123959f0cb3c96a441ac2581 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Fri, 19 Aug 2022 23:59:13 +0200 Subject: Improve kernel support and hostapd --- README.md | 149 ++++++++++++++++++++++++++++++--- flake.lock | 6 +- nixos/default.nix | 2 + nixos/modules/hostapd.nix | 2 +- nixos/modules/turris-defaults.nix | 17 ---- nixos/modules/turris-mox-support.nix | 29 +++++++ nixos/modules/turris-omnia-support.nix | 28 +++++++ 7 files changed, 199 insertions(+), 34 deletions(-) create mode 100644 nixos/modules/turris-mox-support.nix create mode 100644 nixos/modules/turris-omnia-support.nix diff --git a/README.md b/README.md index dee5f38..fefc548 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,9 @@ away so here is a list of issues you should expect: single Wi-Fi card with single wireless network. Forget about multiple Wi-Fi networks. +**Warning**: This repository required Nix with flakes support thus update your +Nix to the latest version and allow flakes. + ## Turris Mox @@ -32,9 +35,9 @@ lifetime a lot and kill the low quality one very fast. ### Prepare the SD card You need to format the SD card first. The GPT is suggested as the partition -table. You should create two partitions. The second partition is going to be -Swap that should be at least 2GB but 4GB would be better. The first partition -can take the rest of the space and should be formated to the BTRFS. +table. You can use only one partition that should be formatted with BTRFS. The +important thing is to set label `NixTurris` so boot can locate the correct +parition by it. It is up to you which tool are you going to use. The instructions here are going to be for GNU Parted. The following shell log should give you an idea of what @@ -49,30 +52,30 @@ you should do to get the correct layout: ~# mkfs.btrfs /dev/mmcblk1p1 ``` -Next we need the initial system tarball to unpack to the SD card. For this you -need the Nix with flake support be available on your system with ability to run -aarch64 binaries. That is in general option `extra-platform` with value -`aarch64-linux` and to actually allow access to the interpreter you need -something like `extra-sandbox-paths` with value such as `/usr/bin/qemu-aarch64`. -This way you can build aarch64 package on other platforms. If you are running on -aarch64 then of course you do not have to do this. With all that setup you -should be able to build tarball by navigating to this directory. +Next we need the initial system tarball to unpack to the SD card. Add nixturris +repository to your local Nix registry and build it. The image is cross compiled +in this case (unless you are running on Aarch64 platform). You can also build it +natively and this is discussed in the chapter "Native build using Qemu" in this +document. ``` ~$ nix registry add nixturris git+https://git.cynerd.cz/nixturris -~$ nix build nixturris#tarballMox +~$ nix build nixturris#crossTarballMox ``` The last step is to unpack the tarball to the SD card. ``` +~# mkdir -p mnt ~# mount /dev/mmcblk1p1 mnt ~# tar -xf result/tarball/nixos-system-aarch64-linux.tar.xz -C mnt ~# umount mnt ~# eject /dev/mmcblk1 ``` -Now you can take this micro SD card and insert it to your Mox. +Now you can take this micro SD card and insert it to your Mox. Before you start +it you should also check the following chapter as it won't most likely boot +unless you modify the default boot environment. ### System fails to boot due to invalid initrd @@ -86,3 +89,123 @@ serial console and run: setenv ramdisk_addr_r 0x9000000 saveenv ``` + +### Know issues with Turris Mox support without known fix for now + +* Router won't reboot by software. Power cycle is required. +* Access to the serial number and other crypto functionalities seems to not work + + +## Turris Omnia + +### Botting from the USB + +Requires updated U-Boot! + +``` +run usb_boot + +setenv boot_targets usb0 mmc0 nvme0 scsi0 pxe dhcp +saveenv +boot +``` + +## Updating / rebuilding NixOS and pushing update + +The suggested way to update NixOS on Turris is to build system on more powerful +device and push only resulting build to the device. The reason for this are +memory requirements for Nix itself. NixOS and its packages repository evaluation +consumes a lot of memory and thus doing that on different PC is just faster. + +Prepare directory where you are going to be managing your Turris device(s) and +paste this `flake.nix` file in it: + +``` +{ + description = "Turris system management flake"; + + inputs = { + nixturris = { + url = "git+https://git.cynerd.cz/nixturris"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, flake-utils, nixturris }: + with flake-utils.lib; + { + nixosConfigurations = let + + turrisSystem = board: hostname: { + ${hostname} = nixturris.lib.nixturrisSystem { + nixpkgs = nixpkgs; + board = board; + modules = [ + # Place for your modules + ]; + }; + }; + + in + turrisSystem "mox" "moxhost" // + turrisSystem "omnia" "omniahost"; + + }; +} +``` + +**TODO** describe here how to generate key, sign build and distribute it to the +device. + +To update system before build run `nix flake update`. To update system + + +## Updating / rebuilding NixOS on device + +To rebuild NixOS directly on device something like 2GB of memory is required. +This pretty much is covered only by Turris Omnia 2G version and even that might +not be enough. Thus if you want to rebuild NixOS on the device you need the +swap. There is in default configure zram swap but that won't be enough. It is +highly suggested to create swap file of something like 2GB or 4GB size. + +The creation and first addition of swap can be done like this (this expects that +used file-system is BTRFS): + +``` +sudo truncate -s 4G /run/swap +sudo chattr +C /run/swap +sudo btrfs property set /run/swap compression none +sudo chmod 600 /run/swap +sudo mkswap /run/swap +sudo swapnon -p 0 /run/swap +``` + +Few notes here... Swap file is created by root and set to be accessible only by +root. For BTRFS the copy-on-write functionality is disabled and compression for +it. The swap itself is then added with lowest priority to prefer zram swap and +thus reduce real swap usage. + +Do not forget to add this swap file to your NixOS configuration so it is added +on every boot. + +Then you can pretty much manage it as any other NixOS device using +`nixos-rebuild` script running directly on the device, just very slowly. + + +## Native build using Qemu + +This document references cross compilation in default but there are good reasons +for not using it. It can be broken much more often for some packages. It also +requires complete rebuild when later updating natively on the platform as cross +build is just not compatible with native build in Nix. + +To get native build work you need the Nix with ability to run aarch64 binaries. +That is in general option `extra-platform` with value `aarch64-linux` for Turris +Mox and `armv7l-linux` for Turris Omnia. To actually allow access to the +emulator you need something like `extra-sandbox-paths` with value such as +`/usr/bin/qemu-aarch64` (for Turris Mox) or `/usr/bin/qemu-arm` (for Turris +Omnia). This way you can build aarch64 or armv7l package on other platforms. +With this setup you should be able to build tarball natively and instead of +`.#crossTarball*` you can now use just `.#tarbal*`. + +## Custom tarball or system build diff --git a/flake.lock b/flake.lock index 3f52b1f..491c503 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1660227034, - "narHash": "sha256-bXMlG/YU0IjAod6M625XT1YbUG+/3L9ypk9llYpKeuM=", + "lastModified": 1660817299, + "narHash": "sha256-0QZE5FYLOyTEpKobPk32gxAQBtYs/nAfGx3PK+x6bXI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "964d60ff2e6bc76c0618962da52859603784fa78", + "rev": "b42e50fe36242b1b205a7d501b7911d698218086", "type": "github" }, "original": { diff --git a/nixos/default.nix b/nixos/default.nix index d8930eb..50a4ff6 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -5,7 +5,9 @@ self: let turris-board = import ./modules/turris-board.nix; turris-crossbuild = import ./modules/turris-crossbuild.nix; turris-defaults = import ./modules/turris-defaults.nix; + turris-mox-support = import ./modules/turris-mox-support.nix; turris-moxled = import ./modules/turris-moxled.nix; + turris-omnia-support = import ./modules/turris-omnia-support.nix; turris-tarball = import ./modules/turris-tarball.nix; armv7l-overlay = import ./modules/armv7l-overlay.nix; diff --git a/nixos/modules/hostapd.nix b/nixos/modules/hostapd.nix index de3035b..0dd5d23 100644 --- a/nixos/modules/hostapd.nix +++ b/nixos/modules/hostapd.nix @@ -448,6 +448,7 @@ let interface=${iface} driver=${icfg.driver} + use_driver_iface_addr=1 hw_mode=${icfg.hwMode} channel=${toString icfg.channel} country_code=${icfg.countryCode} @@ -477,7 +478,6 @@ let ${concatMapStringsSep "\n" (bss: '' bss=${bss} - use_driver_iface_addr=1 ${configBss icfg.bss."${bss}"}'') (attrNames icfg.bss)} ${icfg.extraConfig} diff --git a/nixos/modules/turris-defaults.nix b/nixos/modules/turris-defaults.nix index f79b8c4..bba3d18 100644 --- a/nixos/modules/turris-defaults.nix +++ b/nixos/modules/turris-defaults.nix @@ -33,23 +33,10 @@ in { # Use early print to the serial console boot.kernelParams = [ "boot.shell_on_fail" - ] ++ optionals (config.turris.board == "mox") [ - "earlycon=ar3700_uart,0xd0012000" "console=ttyMV0,115200" - "pcie_aspm=off" # Fix for crashes due to SError Interrupt on ath10k load - ] ++ optionals (config.turris.board == "omnia") [ - "earlyprintk" "console=ttyS0,115200" ]; # Use the latest kernel boot.kernelPackages = mkDefault pkgs.linuxPackages_latest; - boot.kernelPatches = mkIf (config.turris.board == "omnia") [{ - name = "omnia"; - patch = null; - extraConfig = '' - LEDS_CLASS_MULTICOLOR y - LEDS_TURRIS_OMNIA y - ''; - }]; # The supported deployment is on BTRFS boot.supportedFilesystems = [ "btrfs" ]; @@ -78,10 +65,6 @@ in { # The additional administration packages environment.systemPackages = with pkgs; [ htop - ] ++ optionals (config.turris.board == "mox") [ - #mox-otp - ] ++ optionals (config.turris.board == "omnia") [ - libatsha204 ]; # No need for installer tools in standard system diff --git a/nixos/modules/turris-mox-support.nix b/nixos/modules/turris-mox-support.nix new file mode 100644 index 0000000..9596b15 --- /dev/null +++ b/nixos/modules/turris-mox-support.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = mkIf (config.turris.board == "mox") { + # Use early print to the serial console + boot.kernelParams = [ + "earlycon=ar3700_uart,0xd0012000" "console=ttyMV0,115200" + "pcie_aspm=off" # Fix for crashes due to SError Interrupt on ath10k load + ]; + # Custom kernel config + boot.kernelPatches = [{ + name = "rwtm"; + patch = null; + extraConfig = '' + TURRIS_MOX_RWTM y + ARMADA_37XX_RWTM_MBOX y + ''; + }]; + + # The additional administration packages + environment.systemPackages = with pkgs; [ + #mox-otp + ]; + + }; +} diff --git a/nixos/modules/turris-omnia-support.nix b/nixos/modules/turris-omnia-support.nix new file mode 100644 index 0000000..b68affc --- /dev/null +++ b/nixos/modules/turris-omnia-support.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + config = mkIf (config.turris.board == "omnia") { + # Use early print to the serial console + boot.kernelParams = [ + "earlyprintk" "console=ttyS0,115200" + ]; + # Custom kernel config + boot.kernelPatches = [{ + name = "omnia"; + patch = null; + extraConfig = '' + LEDS_CLASS_MULTICOLOR y + LEDS_TURRIS_OMNIA y + ''; + }]; + + # The additional administration packages + environment.systemPackages = with pkgs; [ + libatsha204 + ]; + + }; +} -- cgit v1.2.3