steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

steveej-x13s-rmvbl: init with minimal setup

Browse source 
this configures a standalone USB device that doesn't need configuration
of the firmware's EFI variables.
This commit is contained in:
steveej 2024-01-21 21:08:01 +01:00
parent f35bd726fa
commit 03c6157ab5
16 changed files with 501 additions and 374 deletions
Download patch file Download diff file Expand all files Collapse all files

24
nix/devShells.nix
View file

@ -1,27 +1,27 @@
{
inputs',
packages',
pkgs,
{ inputs'
, packages'
, pkgs
,
}:
pkgs.stdenv.mkDerivation {
name = "infra-env";
buildInputs =
[
(with pkgs.callPackage (pkgs.path + "/nixos") {configuration = {};};
with config.system.build; [
nixos-generate-config
nixos-install
nixos-enter
manual.manpages
])
(with pkgs.callPackage (pkgs.path + "/nixos") { configuration = { }; };
with config.system.build; [
nixos-generate-config
nixos-install
nixos-enter
manual.manpages
])
]
++ (with pkgs; [
inputs'.colmena.packages.colmena
nixos-install-tools
dconf2nix
inputs'.nixos-anywhere.packages.nixos-anywhere
inputs'.disko.packages.default
nurl
just
git-crypt
vcsh

100
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,14 +1,13 @@
{
modulesPath,
repoFlake,
packages',
pkgs,
lib,
config,
nodeFlake,
nodeName,
system,
...
{ modulesPath
, repoFlake
, packages'
, pkgs
, lib
, config
, nodeFlake
, nodeName
, system
, ...
}: {
disabledModules = [
];
@ -52,7 +51,7 @@
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = ["/share/zsh"];
environment.pathsToLink = [ "/share/zsh" ];
}
];
@ -83,52 +82,54 @@
firewall.enable = false;
};
disko.devices = let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
disko.devices =
let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
};
in {
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
in
{
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
};
};
};
};
};
};
};
};
system.stateVersion = "23.11";
@ -162,8 +163,5 @@
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"i686-linux"
# "i386-linux"
# "i586-linux"
];
}

34
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,21 +1,5 @@
{ lib, ... }:
let
stage1Modules = [
"aesni_intel"
"kvm_amd"
"nvme"
"nvme_core"
"thunderbolt"
"e1000e"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"xhci_pci"
"uas"
];
in
{
# TASK: new device
@ -103,6 +87,20 @@ in
};
hardware.enableRedistributableFirmware = true;
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.initrd.kernelModules = [
"aesni_intel"
"kvm_amd"
"nvme"
"nvme_core"
"thunderbolt"
"e1000e"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"xhci_pci"
"uas"
];
}

11
nix/os/devices/steveej-t14/system.nix
View file

@ -47,6 +47,17 @@ in
system = "x86_64-linux";
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ];
}
{
hostName = repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost;
# TODO: make this a reference
sshUser = "nix-remote-builder";
protocol = "ssh-ng";
system = "aarch64-linux";
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ];
}
];

0
nix/os/devices/steveej-x13s/.gitignore → nix/os/devices/steveej-x13s-rmvbl/.gitignore vendored
View file

66
nix/os/devices/steveej-x13s-rmvbl/configuration.nix Normal file
View file

@ -0,0 +1,66 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
}
];
networking = {
hostName = nodeName;
firewall.enable = true;
useNetworkd = true;
networkmanager.enable = false;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.util-linux
pkgs.coreutils
pkgs.vim
];
}

0
nix/os/devices/steveej-x13s/default.nix → nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

66
nix/os/devices/steveej-x13s-rmvbl/disko.nix Normal file
View file

@ -0,0 +1,66 @@
{
disko.devices = {
disk = {
voyager-gtx = {
type = "disk";
device = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002054";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
# keyFile = "/tmp/secret.key";
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

108
nix/os/devices/steveej-x13s/flake.lock → nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -1,18 +1,51 @@
{
"nodes": {
"acamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705858695,
"narHash": "sha256-iTIwMsw/cjacCkSzzCwb+nEkpOK/PoPenPHOysWCBSk=",
"ref": "refs/heads/main",
"rev": "8b61e53b83caf55bd374f4ce2b20f1e8012ce2ec",
"revCount": 13,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1701822673,
"narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=",
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "main",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
@ -24,11 +57,11 @@
]
},
"locked": {
"lastModified": 1705348229,
"narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=",
"lastModified": 1705540973,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"type": "github"
},
"original": {
@ -36,27 +69,6 @@
"type": "indirect"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"srvos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
@ -75,11 +87,11 @@
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705487080,
"narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=",
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
@ -107,50 +119,30 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"lastModified": 1705641746,
"narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"rev": "d2003f2223cbb8cd95134e4a0541beea215c1073",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"acamcstephens_stop-export": "acamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705346686,
"narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=",
"owner": "numtide",
"repo": "srvos",
"rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
"nixpkgs": "nixpkgs"
}
}
},

190
nix/os/devices/steveej-x13s/flake.nix → nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -1,13 +1,11 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
@ -17,9 +15,20 @@
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/main";
url = "github:BrainWart/x13s-nixos/flake";
flake = false;
};
acamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/e87dde51d68950537f92af955ad0633437cc419a";
};
};
outputs =
@ -31,15 +40,7 @@
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
pkgs = nixpkgs.legacyPackages.${targetPlatform};
pkgsCross = import self.inputs.nixpkgs {
system = buildPlatform;
crossSystem = {
config = "pentium2-unknown-linux-gnu";
};
};
nodeName = "steveej-x13s-rmvbl";
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
@ -64,21 +65,6 @@
{
nix.registry.nixpkgs.flake = nixpkgs;
}
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { };
qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { };
rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { };
pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper
})
];
}
]
++ extraModules;
}
@ -155,56 +141,76 @@
defconfig = "johan_defconfig";
};
uncompressed-fw = pkgs.callPackage
({ lib, runCommand, buildEnv, firmwareFilesList }:
runCommand "qcom-modem-uncompressed-firmware-share"
{
firmwareFiles = buildEnv {
name = "qcom-modem-uncompressed-firmware";
paths = firmwareFilesList;
pathsToLink = [
"/lib/firmware/rmtfs"
"/lib/firmware/qcom"
];
};
} ''
PS4=" $ "
(
set -x
mkdir -p $out/share/
ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware
)
'')
{
firmwareFilesList = lib.flatten options.hardware.firmware.definitions;
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb";
dtbName = "x13s63rc4.dtb";
x13_firmware = { stdenvNoCC, fetchFromGitHub }:
stdenvNoCC.mkDerivation {
pname = "x13s-extra-firmware";
version = "1.0.0";
src = fetchFromGitHub {
owner = "ironrobin";
repo = "x13s-alarm";
rev = "efa51c3b519f75b3983aef67855b1561d9828771";
sha256 = "sha256-weETbWXz9aL2pDQDKk7fkb1ecQH0qrhUYDs2E5EiJcI=";
};
dontFixup = true;
dontBuild = true;
installPhase = ''
mkdir -p $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX
cp x13s-firmware/qcvss8280.mbn $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX/
'';
};
in
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
x13s_alsa-ucm-conf = prev.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
}
)
];
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = true;
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
"cma=128M"
"nvme.noacpi=1"
"iommu.strict=0"
"dtb=${dtbName}"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
initrd = {
includeDefaultModules = false;
availableKernelModules = [
@ -231,39 +237,65 @@
"phy-qcom-snps-femto-v2"
"phy-qcom-usb-hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
# "xhci_pci"
"uas"
];
};
};
# power management, etc.
environment.systemPackages = with pkgs; [
qrtr
qmic
rmtfs
pd-mapper
uncompressed-fw
];
environment.pathsToLink = [ "share/uncompressed-firmware" ];
# ensure the x13s' dtb file is in the boot partition
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
pkgs.linux-firmware
(pkgs.callPackage x13_firmware { })
(pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { })
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pkgs.pd-mapper}";
Restart = "always";
};
};
# bind mount over existing alsa-ucm-conf
# this is just config, but is in the critical path for lots of packages
# systemd.services.x13s-alsa-conf = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart = "${pkgs.util-linux.mount}/bin/mount -o bind ${pkgs.x13s_alsa-ucm-conf}/share/alsa ${pkgs.alsa-ucm-conf}/share/alsa";
# ExecStop = "${pkgs.util-linux.mount}/bin/umount ${pkgs.alsa-ucm-conf}/share/alsa";
# };
# };
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
# ExecStartPre = [
# ""
# "${pkgs.util-linux}/bin/rfkill block bluetooth"
# "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
# "${pkgs.util-linux}/bin/rfkill unblock bluetooth"
# ];
RestartSec = 5;
Restart = "on-failure";
};
};
};
};
};

82
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -1,82 +0,0 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
# ../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
# users.commonUsers = {
# enable = true;
# enableNonRoot = false;
# rootPasswordFile = config.sops.secrets.passwords-root.path;
# };
users.users.root.password = "install";
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# sops.secrets.passwords-root.neededForUsers = true;
}
];
networking = {
hostName = nodeName;
useNetworkd = false;
networkmanager.enable = false;
firewall.enable = false;
};
system.stateVersion = "23.11";
# We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults.
#
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
# They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this.
# boot.initrd.includeDefaultModules = false;
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
# boot.initrd.availableKernelModules = ["nvme"];
nixpkgs.config.allowUnfree = true;
# hardware.enableRedistributableFirmware = true;
environment.systemPackages = [
pkgs.busybox
];
fileSystems."/".label = "x13s_root";
}