dotfiles/nixos/systems/hela/default.nix
magic_rb d5045f7056
Add DNS resolver to hela
Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-11-10 15:25:21 +01:00

358 lines
11 KiB
Nix

# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{
inputs,
lib',
config,
...
}: let
inherit
(lib')
flip
mapAttrs
singleton
mkForce
filter
hasPrefix
;
config' = config;
in {
flake.nixosConfigurations.hela = inputs.nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {
config' = config';
inputs' = inputs;
secret = lib'.loadSecrets inputs.secret;
};
modules =
singleton
(
{
pkgs,
config,
lib,
...
}: {
imports = [
inputs.impermenance.nixosModules.impermanence
inputs.disko.nixosModules.default
inputs.self.nixosModules.ifstate
inputs.self.nixosModules.notnft-ns
../../tests/hel/pppoe-server.nix
../../common/remote_access.nix
../../common/nixpkgs.nix
./users.nix
./networking.nix
./dns.nix
(_: let
mkMtuOption = mtu:
lib.mkOption {
type = lib.types.int;
default = mtu;
readOnly = true;
};
mkEthAddrOption = addr:
lib.mkOption {
type = lib.types.str;
default = addr;
readOnly = true;
apply = addr: {
colon = addr;
space = lib.stringAsChars (x:
if x == ":"
then " "
else x)
addr;
};
};
mtu = config.bananapi.mtu;
in {
options.bananapi = {
mtu = {
sw = mkMtuOption 1544;
wan = mkMtuOption (mtu.sw - 8);
slan = mkMtuOption (mtu.sw - 8);
wan-vlan = mkMtuOption (mtu.wan - 8);
slan-vlan = mkMtuOption (mtu.slan - 8);
ppp-wan = mkMtuOption (mtu.wan-vlan - 24);
ppp-slan = mkMtuOption (mtu.slan-vlan - 24);
};
ethaddr = {
sw = mkEthAddrOption "ea:34:07:e4:7c:6a";
sfp0 = mkEthAddrOption "86:a9:22:2c:dd:6c";
sfp1 = mkEthAddrOption "16:5c:7f:42:c7:76";
wan = mkEthAddrOption "fe:39:64:d0:e4:9b";
slan = mkEthAddrOption "98:35:ed:b0:e3:f5";
lan0 = mkEthAddrOption "52:76:52:a8:40:18";
lan1 = mkEthAddrOption "de:9c:15:bb:f7:b9";
wlan0 = mkEthAddrOption "20:2b:20:91:9c:33";
};
};
})
];
_module.args = {notnft = inputs.notnft.lib.${pkgs.stdenv.system};};
nixpkgs.overlays = [
inputs.self.overlays.ifstate
inputs.self.overlays.linux
inputs.self.overlays.uboot
inputs.self.overlays.rp-pppoe
];
hardware.firmware = let
mt7996Firmware = pkgs.fetchFromGitHub {
owner = "frank-w";
repo = "mt76";
rev = "bd483e8c86f19f2286fd0ff761c2027541dd542e";
hash = "sha256-V6GA/8g8x8s7yVB3NBxzRD6DCJO0Ws9ZzXb4/OH6lFI=";
postFetch = ''
mv $out/firmware .
shopt -s dotglob
rm -r $out/*
mkdir -p $out/lib/firmware/mediatek
mv ./firmware/* $out/lib/firmware/mediatek
rm -r firmware
${pkgs.unzip}/bin/unzip ${./mt7996fw.zip}
mv *.bin $out/lib/firmware/mediatek/mt7996
'';
};
in [(lib.traceValFn (x: x.outPath) mt7996Firmware)];
hardware.enableRedistributableFirmware = true;
boot.initrd.includeDefaultModules = false;
boot.kernelPackages =
pkgs.linuxPackagesFor pkgs.linuxBananaPiR4;
hardware.deviceTree.name = "mediatek/mt7988a-bananapi-bpi-r4.dtb";
hardware.deviceTree.overlays = [
{
name = "mt7988a-bananapi-bpi-r4-eth.dtso";
dtsText = ''
/dts-v1/;
/plugin/;
/ {
compatible = "bananapi,bpi-r4", "mediatek,mt7988a";
fragment@1 {
target-path = "/soc/switch@15020000/ports";
__overlay__ {
port@0 {
mac-address = [${config.bananapi.ethaddr.wan.space}];
};
port@1 {
mac-address = [${config.bananapi.ethaddr.slan.space}];
label = "slan";
};
port@2 {
mac-address = [${config.bananapi.ethaddr.lan0.space}];
label = "lan0";
};
port@3 {
mac-address = [${config.bananapi.ethaddr.lan1.space}];
label = "lan1";
};
port@6 {
mac-address = [${config.bananapi.ethaddr.sw.space}];
label = "sw";
};
};
};
fragment@2 {
target-path = "/soc/ethernet@15100000";
__overlay__ {
mac@0 {
mac-address = [${config.bananapi.ethaddr.sw.space}];
label = "sw";
};
mac@1 {
mac-address = [${config.bananapi.ethaddr.sfp0.space}];
label = "sfp0";
};
mac@2 {
mac-address = [${config.bananapi.ethaddr.sfp1.space}];
label = "sfp1";
};
};
};
};
'';
}
{
name = "mt7988a-bananapi-bpi-r4-sd.dtso";
dtsFile =
config.boot.kernelPackages.kernel.src + "/arch/arm64/boot/dts/mediatek/mt7988a-bananapi-bpi-r4-sd.dtso";
}
{
name = "mt7988a-bananapi-bpi-r4-wifi-mt7996a.dtso";
dtsFile =
config.boot.kernelPackages.kernel.src + "/arch/arm64/boot/dts/mediatek/mt7988a-bananapi-bpi-r4-wifi-mt7996a.dtso";
}
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelParams = [
"console=ttyS0,115200n8"
"earlycon=uart8250,mmio32,0x11000000"
"pci=pcie_bus_perf"
"pstore_blk.blkdev=/dev/nvme0n1p2"
"pstore_blk.kmsg_size=128"
"best_effort=y"
];
disko.rootMountPoint = "/mnt/bpi-r4";
disko.devices = {
nodev = {
"/tmp" = {
fsType = "tmpfs";
mountOptions = [
"size=256M"
"mode=755"
"noexec"
];
};
"/" = {
fsType = "tmpfs";
mountOptions = [
"size=128M"
"mode=755"
"noexec"
];
};
};
disk = {
ssd = {
device = "nvme-nvme.126f-5033313050424242323331323231303037393133-50617472696f74204d2e322050333130203234304742-00000001";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
priority = 1;
size = "4G";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
pstore = {
priority = 2;
size = "32M";
content = {
type = "filesystem";
format = "pstore";
};
};
root = {
priority = 3;
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/persist";
};
};
};
};
};
main = {
device = "/dev/disk/by-id/usb-Generic-_SD_MMC_20120501030900000-0:0";
type = "disk";
content = {
type = "gpt";
partitions = {
bl2 = {
priority = 1;
start = "34";
end = "8191";
alignment = 1;
};
fip = {
priority = 2;
start = "8192";
end = "+4M";
alignment = 1;
};
};
};
# mkdir -p /mnt/bpi-r4/persist/nix
# mount -o bind -m /mnt/bpi-r4/persist/nix /mnt/bpi-r4/nix
#
# if ! [ $(uname -m) = "aarch64" ] && [ -e /run/binfmt/aarch64-linux ] ; then
# nix copy $(readlink /run/binfmt/aarch64-linux) --to /mnt/bpi-r4
# mount -t tmpfs none /mnt/bpi-r4/run -m
# mount -t none -o bind /run/binfmt /mnt/bpi-r4/run/binfmt -m
# fi
postCreateHook = ''
uboot=${pkgs.ubootBananaPiR4}
sgdisk -A 1:set:2 -A 3:set:2 $device
sgdisk --change-name 1:bl2 --change-name 2:fip $device
dd if=$uboot/bl2.img of=$device-part1 status=progress
dd if=$uboot/fip.bin of=$device-part2 status=progress
'';
};
};
};
fileSystems = {
"/persist".neededForBoot = true;
"/nix" = {
device = "/persist/nix";
options = ["bind"];
neededForBoot = true;
};
};
environment.systemPackages = with pkgs; [
tcpdump
ethtool
dnsutils
pciutils
gptfdisk
traceroute
iw
];
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/secrets"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
time.timeZone = "Europe/Amsterdam";
system.stateVersion = "24.05";
}
);
};
}