mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-11 17:31:58 +01:00
2bf58cabcf
The really complex nftable rules I have seem to not work or worse, segfault with nftables 1.09 which is the version in `nixpkgs-stable`. Therefore we need to pull in 1.10 from `nixpkgs-unstable` for now. Signed-off-by: magic_rb <magic_rb@redalder.org>
359 lines
11 KiB
Nix
359 lines
11 KiB
Nix
# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
|
|
#
|
|
# SPDX-License-Identifier: LGPL-3.0-or-later
|
|
{
|
|
inputs,
|
|
lib',
|
|
config,
|
|
...
|
|
}: let
|
|
inherit
|
|
(lib')
|
|
flip
|
|
mapAttrs
|
|
singleton
|
|
mkForce
|
|
filter
|
|
hasPrefix
|
|
;
|
|
|
|
config' = config;
|
|
in {
|
|
flake.nixosConfigurations.hela = inputs.nixpkgs-stable.lib.nixosSystem {
|
|
system = "aarch64-linux";
|
|
|
|
specialArgs = {
|
|
config' = config';
|
|
inputs' = inputs;
|
|
secret = lib'.loadSecrets inputs.secret;
|
|
};
|
|
|
|
modules =
|
|
singleton
|
|
(
|
|
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}: {
|
|
imports = [
|
|
inputs.impermenance.nixosModules.impermanence
|
|
inputs.disko.nixosModules.default
|
|
inputs.self.nixosModules.ifstate
|
|
inputs.self.nixosModules.notnft-ns
|
|
../../tests/hel/pppoe-server.nix
|
|
../../common/remote_access.nix
|
|
./users.nix
|
|
./networking.nix
|
|
(_: let
|
|
mkEthAddrOption = addr:
|
|
lib.mkOption {
|
|
type = lib.types.str;
|
|
default = addr;
|
|
readOnly = true;
|
|
apply = addr: {
|
|
colon = addr;
|
|
space = lib.stringAsChars (x:
|
|
if x == ":"
|
|
then " "
|
|
else x)
|
|
addr;
|
|
};
|
|
};
|
|
in {
|
|
options.bananapi.ethaddr = {
|
|
sw = mkEthAddrOption "5e:f3:21:5a:80:f6";
|
|
sfp0 = mkEthAddrOption "86:a9:22:2c:dd:6c";
|
|
sfp1 = mkEthAddrOption "16:5c:7f:42:c7:76";
|
|
wan = mkEthAddrOption "fe:39:64:d0:e4:9b";
|
|
slan = mkEthAddrOption "98:35:ed:b0:e3:f5";
|
|
lan0 = mkEthAddrOption "52:76:52:a8:40:18";
|
|
lan1 = mkEthAddrOption "de:9c:15:bb:f7:b9";
|
|
};
|
|
})
|
|
];
|
|
|
|
_module.args = {notnft = inputs.notnft.lib.${pkgs.stdenv.system};};
|
|
|
|
nixpkgs.overlays = [
|
|
inputs.self.overlays.ifstate
|
|
inputs.self.overlays.linux
|
|
inputs.self.overlays.uboot
|
|
inputs.self.overlays.rp-pppoe
|
|
];
|
|
|
|
hardware.enableRedistributableFirmware = true;
|
|
boot.initrd.includeDefaultModules = false;
|
|
boot.kernelPackages =
|
|
pkgs.linuxPackagesFor pkgs.linuxBananaPiR4;
|
|
hardware.deviceTree.name = "mediatek/mt7988a-bananapi-bpi-r4.dtb";
|
|
hardware.deviceTree.overlays = [
|
|
{
|
|
name = "mt7988a-bananapi-bpi-r4-eth.dtso";
|
|
dtsText = ''
|
|
/dts-v1/;
|
|
/plugin/;
|
|
/ {
|
|
compatible = "bananapi,bpi-r4", "mediatek,mt7988a";
|
|
|
|
fragment@1 {
|
|
target-path = "/soc/switch@15020000/ports";
|
|
__overlay__ {
|
|
port@0 {
|
|
mac-address = [${config.bananapi.ethaddr.wan.space}];
|
|
};
|
|
port@1 {
|
|
mac-address = [${config.bananapi.ethaddr.slan.space}];
|
|
label = "slan";
|
|
};
|
|
port@2 {
|
|
mac-address = [${config.bananapi.ethaddr.lan0.space}];
|
|
label = "lan0";
|
|
};
|
|
port@3 {
|
|
mac-address = [${config.bananapi.ethaddr.lan1.space}];
|
|
label = "lan1";
|
|
};
|
|
};
|
|
};
|
|
|
|
fragment@2 {
|
|
target-path = "/soc/ethernet@15100000";
|
|
__overlay__ {
|
|
mac@0 {
|
|
mac-address = [${config.bananapi.ethaddr.sw.space}];
|
|
};
|
|
|
|
mac@1 {
|
|
mac-address = [${config.bananapi.ethaddr.sfp0.space}];
|
|
};
|
|
|
|
mac@2 {
|
|
mac-address = [${config.bananapi.ethaddr.sfp1.space}];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
'';
|
|
}
|
|
{
|
|
name = "mt7988a-bananapi-bpi-r4-sd.dtso";
|
|
dtsText = ''
|
|
// SPDX-License-Identifier: (GPL-2.0 OR MIT)
|
|
/*
|
|
* Copyright (C) 2023 MediaTek Inc.
|
|
* Author: Frank Wunderlich <frank-w@public-files.de>
|
|
*/
|
|
|
|
/dts-v1/;
|
|
/plugin/;
|
|
|
|
#include <dt-bindings/gpio/gpio.h>
|
|
|
|
/ {
|
|
compatible = "bananapi,bpi-r4", "mediatek,mt7988a";
|
|
|
|
fragment@1 {
|
|
target-path = "/soc/mmc@11230000";
|
|
__overlay__ {
|
|
pinctrl-names = "default", "state_uhs";
|
|
pinctrl-0 = <&mmc0_pins_sdcard>;
|
|
pinctrl-1 = <&mmc0_pins_sdcard>;
|
|
cd-gpios = <&pio 12 GPIO_ACTIVE_LOW>;
|
|
bus-width = <4>;
|
|
max-frequency = <52000000>;
|
|
cap-sd-highspeed;
|
|
vmmc-supply = <®_3p3v>;
|
|
vqmmc-supply = <®_3p3v>;
|
|
no-mmc;
|
|
status = "okay";
|
|
#address-cells = <1>;
|
|
#size-cells = <0>;
|
|
|
|
card@0 {
|
|
compatible = "mmc-card";
|
|
reg = <0>;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
'';
|
|
}
|
|
];
|
|
|
|
boot.loader.grub.enable = false;
|
|
boot.loader.generic-extlinux-compatible.enable = true;
|
|
|
|
boot.kernelParams = [
|
|
"console=ttyS0,115200n8"
|
|
"earlycon=uart8250,mmio32,0x11000000"
|
|
"pci=pcie_bus_perf"
|
|
"pstore_blk.blkdev=/dev/nvme0n1p2"
|
|
"pstore_blk.kmsg_size=128"
|
|
"best_effort=y"
|
|
];
|
|
boot.kernelPatches = [
|
|
{
|
|
name = "Add software padding processing in Ethernet Tx path.";
|
|
patch = pkgs.fetchpatch {
|
|
url = "https://github.com/frank-w/BPI-Router-Linux/commit/e24807c0681f795246656fed01b9d2d39558f45c.patch";
|
|
hash = "sha256-cOa2KSnjeTTWY2TXim/jeYAyPzDqsNStNXdg4dVwAlI=";
|
|
};
|
|
}
|
|
{
|
|
name = "Fix software padding processing in Ethernet Tx path.";
|
|
patch = pkgs.fetchpatch {
|
|
url = "https://github.com/frank-w/BPI-Router-Linux/commit/dc4afd4c934f0a3d3c7a0131d6d0d8078565dcb6.patch";
|
|
hash = "sha256-PDB8i/dogBKgH8x7cy4/BZTAgmI5CsGLSBXbvOyMndo=";
|
|
};
|
|
}
|
|
];
|
|
|
|
disko.rootMountPoint = "/mnt/bpi-r4";
|
|
disko.devices = {
|
|
nodev = {
|
|
"/tmp" = {
|
|
fsType = "tmpfs";
|
|
mountOptions = [
|
|
"size=256M"
|
|
"mode=755"
|
|
"noexec"
|
|
];
|
|
};
|
|
|
|
"/" = {
|
|
fsType = "tmpfs";
|
|
mountOptions = [
|
|
"size=128M"
|
|
"mode=755"
|
|
"noexec"
|
|
];
|
|
};
|
|
};
|
|
|
|
disk = {
|
|
ssd = {
|
|
device = "nvme-nvme.126f-5033313050424242323331323231303037393133-50617472696f74204d2e322050333130203234304742-00000001";
|
|
type = "disk";
|
|
content = {
|
|
type = "gpt";
|
|
|
|
partitions = {
|
|
boot = {
|
|
priority = 1;
|
|
size = "4G";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "vfat";
|
|
mountpoint = "/boot";
|
|
};
|
|
};
|
|
|
|
pstore = {
|
|
priority = 2;
|
|
size = "32M";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "pstore";
|
|
};
|
|
};
|
|
|
|
root = {
|
|
priority = 3;
|
|
size = "100%";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "ext4";
|
|
mountpoint = "/persist";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
main = {
|
|
device = "/dev/disk/by-id/usb-Generic-_SD_MMC_20120501030900000-0:0";
|
|
type = "disk";
|
|
content = {
|
|
type = "gpt";
|
|
partitions = {
|
|
bl2 = {
|
|
priority = 1;
|
|
start = "34";
|
|
end = "8191";
|
|
alignment = 1;
|
|
};
|
|
fip = {
|
|
priority = 2;
|
|
start = "8192";
|
|
end = "+4M";
|
|
alignment = 1;
|
|
};
|
|
};
|
|
};
|
|
|
|
# mkdir -p /mnt/bpi-r4/persist/nix
|
|
# mount -o bind -m /mnt/bpi-r4/persist/nix /mnt/bpi-r4/nix
|
|
#
|
|
# if ! [ $(uname -m) = "aarch64" ] && [ -e /run/binfmt/aarch64-linux ] ; then
|
|
# nix copy $(readlink /run/binfmt/aarch64-linux) --to /mnt/bpi-r4
|
|
# mount -t tmpfs none /mnt/bpi-r4/run -m
|
|
# mount -t none -o bind /run/binfmt /mnt/bpi-r4/run/binfmt -m
|
|
# fi
|
|
|
|
postCreateHook = ''
|
|
uboot=${pkgs.ubootBananaPiR4}
|
|
|
|
sgdisk -A 1:set:2 -A 3:set:2 $device
|
|
sgdisk --change-name 1:bl2 --change-name 2:fip $device
|
|
|
|
dd if=$uboot/bl2.img of=$device-part1 status=progress
|
|
dd if=$uboot/fip.bin of=$device-part2 status=progress
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
fileSystems = {
|
|
"/persist".neededForBoot = true;
|
|
"/nix" = {
|
|
device = "/persist/nix";
|
|
options = ["bind"];
|
|
neededForBoot = true;
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
tcpdump
|
|
ethtool
|
|
dnsutils
|
|
pciutils
|
|
gptfdisk
|
|
traceroute
|
|
];
|
|
|
|
environment.persistence."/persist" = {
|
|
hideMounts = true;
|
|
directories = [
|
|
"/var/log"
|
|
"/var/lib/nixos"
|
|
"/var/lib/systemd/coredump"
|
|
"/var/secrets"
|
|
];
|
|
|
|
files = [
|
|
"/etc/machine-id"
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
|
];
|
|
};
|
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
system.stateVersion = "24.05";
|
|
}
|
|
);
|
|
};
|
|
}
|