steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

steveej-x13s-rmvbl: init with minimal setup

Browse source 
this configures a standalone USB device that doesn't need configuration
of the firmware's EFI variables.
This commit is contained in:
steveej 2024-01-21 21:08:01 +01:00
parent f35bd726fa
commit 03c6157ab5
16 changed files with 501 additions and 374 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nix/os/devices/steveej-x13s-rmvbl/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

66
nix/os/devices/steveej-x13s-rmvbl/configuration.nix Normal file
View file

@ -0,0 +1,66 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
}
];
networking = {
hostName = nodeName;
firewall.enable = true;
useNetworkd = true;
networkmanager.enable = false;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.util-linux
pkgs.coreutils
pkgs.vim
];
}

35
nix/os/devices/steveej-x13s-rmvbl/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
system ? "aarch64-linux",
nodeName,
repoFlake,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
./configuration.nix
];
networking.hostName = nodeName;
};
}

66
nix/os/devices/steveej-x13s-rmvbl/disko.nix Normal file
View file

@ -0,0 +1,66 @@
{
disko.devices = {
disk = {
voyager-gtx = {
type = "disk";
device = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002054";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
# keyFile = "/tmp/secret.key";
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

151
nix/os/devices/steveej-x13s-rmvbl/flake.lock generated Normal file
View file

@ -0,0 +1,151 @@
{
"nodes": {
"acamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705858695,
"narHash": "sha256-iTIwMsw/cjacCkSzzCwb+nEkpOK/PoPenPHOysWCBSk=",
"ref": "refs/heads/main",
"rev": "8b61e53b83caf55bd374f4ce2b20f1e8012ce2ec",
"revCount": 13,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705540973,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"owner": "nix-community",
"repo": "disko",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"type": "github"
},
"original": {
"id": "disko",
"type": "indirect"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1705008488,
"narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "56e55df7b07b5e5c6d050732d851cec62b41df95",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "mobile-nixos",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705641746,
"narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d2003f2223cbb8cd95134e4a0541beea215c1073",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"acamcstephens_stop-export": "acamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

302
nix/os/devices/steveej-x13s-rmvbl/flake.nix Normal file
View file

@ -0,0 +1,302 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
# see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/flake";
flake = false;
};
acamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/e87dde51d68950537f92af955ad0633437cc419a";
};
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s-rmvbl";
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
self.nixosModules.hardware-x13s
./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }:
let
# TODO: introduce options for these
kernelPdMapper = true;
in
{
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
} // lib.optionalAttrs kernelPdMapper {
QCOM_PD_MAPPER = lib.mkForce yes;
QRTR = lib.mkForce yes;
};
}
];
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb";
dtbName = "x13s63rc4.dtb";
x13_firmware = { stdenvNoCC, fetchFromGitHub }:
stdenvNoCC.mkDerivation {
pname = "x13s-extra-firmware";
version = "1.0.0";
src = fetchFromGitHub {
owner = "ironrobin";
repo = "x13s-alarm";
rev = "efa51c3b519f75b3983aef67855b1561d9828771";
sha256 = "sha256-weETbWXz9aL2pDQDKk7fkb1ecQH0qrhUYDs2E5EiJcI=";
};
dontFixup = true;
dontBuild = true;
installPhase = ''
mkdir -p $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX
cp x13s-firmware/qcvss8280.mbn $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX/
'';
};
in
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
x13s_alsa-ucm-conf = prev.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
}
)
];
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
initrd = {
includeDefaultModules = false;
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel-edp"
"msm"
"phy_qcom_edp"
"i2c-core"
"i2c-hid"
"i2c-hid-of"
"i2c-qcom-geni"
"pcie-qcom"
"phy-qcom-qmp-combo"
"phy-qcom-qmp-pcie"
"phy-qcom-qmp-usb"
"phy-qcom-snps-femto-v2"
"phy-qcom-usb-hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
# "xhci_pci"
"uas"
];
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
pkgs.linux-firmware
(pkgs.callPackage x13_firmware { })
(pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { })
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pkgs.pd-mapper}";
Restart = "always";
};
};
# bind mount over existing alsa-ucm-conf
# this is just config, but is in the critical path for lots of packages
# systemd.services.x13s-alsa-conf = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart = "${pkgs.util-linux.mount}/bin/mount -o bind ${pkgs.x13s_alsa-ucm-conf}/share/alsa ${pkgs.alsa-ucm-conf}/share/alsa";
# ExecStop = "${pkgs.util-linux.mount}/bin/umount ${pkgs.alsa-ucm-conf}/share/alsa";
# };
# };
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
# ExecStartPre = [
# ""
# "${pkgs.util-linux}/bin/rfkill block bluetooth"
# "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
# "${pkgs.util-linux}/bin/rfkill unblock bluetooth"
# ];
RestartSec = 5;
Restart = "on-failure";
};
};
};
};
};
}