dotfiles/nixos/systems/hela/default.nix
magic_rb 2bf58cabcf
hela: switch to stable nixpkgs
The really complex nftable rules I have seem to not work or worse, segfault with nftables 1.09 which is the version in
`nixpkgs-stable`. Therefore we need to pull in 1.10 from `nixpkgs-unstable` for now.

Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-10-02 02:36:47 +02:00

359 lines
11 KiB
Nix

# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{
inputs,
lib',
config,
...
}: let
inherit
(lib')
flip
mapAttrs
singleton
mkForce
filter
hasPrefix
;
config' = config;
in {
flake.nixosConfigurations.hela = inputs.nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {
config' = config';
inputs' = inputs;
secret = lib'.loadSecrets inputs.secret;
};
modules =
singleton
(
{
pkgs,
config,
lib,
...
}: {
imports = [
inputs.impermenance.nixosModules.impermanence
inputs.disko.nixosModules.default
inputs.self.nixosModules.ifstate
inputs.self.nixosModules.notnft-ns
../../tests/hel/pppoe-server.nix
../../common/remote_access.nix
./users.nix
./networking.nix
(_: let
mkEthAddrOption = addr:
lib.mkOption {
type = lib.types.str;
default = addr;
readOnly = true;
apply = addr: {
colon = addr;
space = lib.stringAsChars (x:
if x == ":"
then " "
else x)
addr;
};
};
in {
options.bananapi.ethaddr = {
sw = mkEthAddrOption "5e:f3:21:5a:80:f6";
sfp0 = mkEthAddrOption "86:a9:22:2c:dd:6c";
sfp1 = mkEthAddrOption "16:5c:7f:42:c7:76";
wan = mkEthAddrOption "fe:39:64:d0:e4:9b";
slan = mkEthAddrOption "98:35:ed:b0:e3:f5";
lan0 = mkEthAddrOption "52:76:52:a8:40:18";
lan1 = mkEthAddrOption "de:9c:15:bb:f7:b9";
};
})
];
_module.args = {notnft = inputs.notnft.lib.${pkgs.stdenv.system};};
nixpkgs.overlays = [
inputs.self.overlays.ifstate
inputs.self.overlays.linux
inputs.self.overlays.uboot
inputs.self.overlays.rp-pppoe
];
hardware.enableRedistributableFirmware = true;
boot.initrd.includeDefaultModules = false;
boot.kernelPackages =
pkgs.linuxPackagesFor pkgs.linuxBananaPiR4;
hardware.deviceTree.name = "mediatek/mt7988a-bananapi-bpi-r4.dtb";
hardware.deviceTree.overlays = [
{
name = "mt7988a-bananapi-bpi-r4-eth.dtso";
dtsText = ''
/dts-v1/;
/plugin/;
/ {
compatible = "bananapi,bpi-r4", "mediatek,mt7988a";
fragment@1 {
target-path = "/soc/switch@15020000/ports";
__overlay__ {
port@0 {
mac-address = [${config.bananapi.ethaddr.wan.space}];
};
port@1 {
mac-address = [${config.bananapi.ethaddr.slan.space}];
label = "slan";
};
port@2 {
mac-address = [${config.bananapi.ethaddr.lan0.space}];
label = "lan0";
};
port@3 {
mac-address = [${config.bananapi.ethaddr.lan1.space}];
label = "lan1";
};
};
};
fragment@2 {
target-path = "/soc/ethernet@15100000";
__overlay__ {
mac@0 {
mac-address = [${config.bananapi.ethaddr.sw.space}];
};
mac@1 {
mac-address = [${config.bananapi.ethaddr.sfp0.space}];
};
mac@2 {
mac-address = [${config.bananapi.ethaddr.sfp1.space}];
};
};
};
};
'';
}
{
name = "mt7988a-bananapi-bpi-r4-sd.dtso";
dtsText = ''
// SPDX-License-Identifier: (GPL-2.0 OR MIT)
/*
* Copyright (C) 2023 MediaTek Inc.
* Author: Frank Wunderlich <frank-w@public-files.de>
*/
/dts-v1/;
/plugin/;
#include <dt-bindings/gpio/gpio.h>
/ {
compatible = "bananapi,bpi-r4", "mediatek,mt7988a";
fragment@1 {
target-path = "/soc/mmc@11230000";
__overlay__ {
pinctrl-names = "default", "state_uhs";
pinctrl-0 = <&mmc0_pins_sdcard>;
pinctrl-1 = <&mmc0_pins_sdcard>;
cd-gpios = <&pio 12 GPIO_ACTIVE_LOW>;
bus-width = <4>;
max-frequency = <52000000>;
cap-sd-highspeed;
vmmc-supply = <&reg_3p3v>;
vqmmc-supply = <&reg_3p3v>;
no-mmc;
status = "okay";
#address-cells = <1>;
#size-cells = <0>;
card@0 {
compatible = "mmc-card";
reg = <0>;
};
};
};
};
'';
}
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelParams = [
"console=ttyS0,115200n8"
"earlycon=uart8250,mmio32,0x11000000"
"pci=pcie_bus_perf"
"pstore_blk.blkdev=/dev/nvme0n1p2"
"pstore_blk.kmsg_size=128"
"best_effort=y"
];
boot.kernelPatches = [
{
name = "Add software padding processing in Ethernet Tx path.";
patch = pkgs.fetchpatch {
url = "https://github.com/frank-w/BPI-Router-Linux/commit/e24807c0681f795246656fed01b9d2d39558f45c.patch";
hash = "sha256-cOa2KSnjeTTWY2TXim/jeYAyPzDqsNStNXdg4dVwAlI=";
};
}
{
name = "Fix software padding processing in Ethernet Tx path.";
patch = pkgs.fetchpatch {
url = "https://github.com/frank-w/BPI-Router-Linux/commit/dc4afd4c934f0a3d3c7a0131d6d0d8078565dcb6.patch";
hash = "sha256-PDB8i/dogBKgH8x7cy4/BZTAgmI5CsGLSBXbvOyMndo=";
};
}
];
disko.rootMountPoint = "/mnt/bpi-r4";
disko.devices = {
nodev = {
"/tmp" = {
fsType = "tmpfs";
mountOptions = [
"size=256M"
"mode=755"
"noexec"
];
};
"/" = {
fsType = "tmpfs";
mountOptions = [
"size=128M"
"mode=755"
"noexec"
];
};
};
disk = {
ssd = {
device = "nvme-nvme.126f-5033313050424242323331323231303037393133-50617472696f74204d2e322050333130203234304742-00000001";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
priority = 1;
size = "4G";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
pstore = {
priority = 2;
size = "32M";
content = {
type = "filesystem";
format = "pstore";
};
};
root = {
priority = 3;
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/persist";
};
};
};
};
};
main = {
device = "/dev/disk/by-id/usb-Generic-_SD_MMC_20120501030900000-0:0";
type = "disk";
content = {
type = "gpt";
partitions = {
bl2 = {
priority = 1;
start = "34";
end = "8191";
alignment = 1;
};
fip = {
priority = 2;
start = "8192";
end = "+4M";
alignment = 1;
};
};
};
# mkdir -p /mnt/bpi-r4/persist/nix
# mount -o bind -m /mnt/bpi-r4/persist/nix /mnt/bpi-r4/nix
#
# if ! [ $(uname -m) = "aarch64" ] && [ -e /run/binfmt/aarch64-linux ] ; then
# nix copy $(readlink /run/binfmt/aarch64-linux) --to /mnt/bpi-r4
# mount -t tmpfs none /mnt/bpi-r4/run -m
# mount -t none -o bind /run/binfmt /mnt/bpi-r4/run/binfmt -m
# fi
postCreateHook = ''
uboot=${pkgs.ubootBananaPiR4}
sgdisk -A 1:set:2 -A 3:set:2 $device
sgdisk --change-name 1:bl2 --change-name 2:fip $device
dd if=$uboot/bl2.img of=$device-part1 status=progress
dd if=$uboot/fip.bin of=$device-part2 status=progress
'';
};
};
};
fileSystems = {
"/persist".neededForBoot = true;
"/nix" = {
device = "/persist/nix";
options = ["bind"];
neededForBoot = true;
};
};
environment.systemPackages = with pkgs; [
tcpdump
ethtool
dnsutils
pciutils
gptfdisk
traceroute
];
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/secrets"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
time.timeZone = "Europe/Amsterdam";
system.stateVersion = "24.05";
}
);
};
}