dev/qclk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: dev:1c500e015ce21a5d47eeba192278c7909eb45ac1
Branches Tags
dev:master
..
compare: dev:master
Branches Tags
dev:master

9 Commits
1c500e015c ... master

Author SHA1 Message Date
Jack O'Sullivan
17e3aa6841 Update inputs 2025-05-05 15:36:27 +01:00
Jack O'Sullivan
795c8fab71 firmware: Add initial web server 2024-09-01 23:06:41 +01:00
Jack O'Sullivan
8496ec73ad firmware: Add ability to load config from USB 2024-09-01 22:36:07 +01:00
Jack O'Sullivan
631e228bd5 firmware: Working WireGuard management 2024-09-01 19:21:09 +01:00
Jack O'Sullivan
550445e0f9 firmware: Add iwd 2024-09-01 00:23:40 +01:00
Jack O'Sullivan
336c4267c8 firmware: Working Pi 3 firmware 2024-08-31 23:08:26 +01:00
Jack O'Sullivan
8c9e57f97b Initial firmware infra 2024-08-31 16:07:55 +01:00
Jack O'Sullivan
97cb513fd5 Update inputs 2024-08-31 15:03:11 +01:00
Jack O'Sullivan
ea12d87356 Move mcu into full flake-parts module 2024-08-31 15:00:30 +01:00
16 changed files with 1108 additions and 342 deletions
Expand all files Collapse all files

2
firmware/.envrc Normal file
View File

@@ -0,0 +1,2 @@
watch_file default.nix
use flake ..#firmware --override-input rootdir "file+file://"<(printf %s "$PWD")

2
firmware/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/result
/*.img*

1
firmware/.keys/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/*.key

1
firmware/.keys/management.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd+aujm9F06jaQIAvk/0ptQNDHp57J429SqIquVmhbh qclk-management

63
firmware/app.nix Normal file
View File

@@ -0,0 +1,63 @@
{ lib, pkgs, config, ... }:
let
configurer = pkgs.replaceVarsWith {
src = ./configurer.py;
isExecutable = true;
replacements = {
python = pkgs.python3.withPackages (ps: with ps; [ pyyaml ]);
utilLinux = pkgs.util-linux;
wireguardTools = pkgs.wireguard-tools;
systemd = config.systemd.package;
iwd = config.networking.wireless.iwd.package;
};
};
app = pkgs.replaceVarsWith {
src = ./app.py;
isExecutable = true;
replacements = {
python = pkgs.python3.withPackages (ps: with ps; [ pyyaml aiohttp ]);
};
};
in
{
config = {
systemd = {
services = {
qclk-configurer = {
description = "qCLK dynamic configurer";
after = [ "network.target" ];
serviceConfig = {
Type = "notify-reload";
ExecStart = "${configurer} serve";
Restart = "on-failure";
};
wantedBy = [ "multi-user.target" ];
};
qclk-app = {
description = "qCLK app";
after = [ "qclk-configurer.service" ];
serviceConfig = {
Type = "simple";
ExecStart = "${app}";
Restart = "on-failure";
};
wantedBy = [ "multi-user.target" ];
};
};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="block", ACTION=="add", ENV{ID_BUS}=="usb", ENV{ID_FS_TYPE}=="vfat", RUN+="${configurer} ext-load %E{ID_PATH_TAG} %N"
'';
};
};
}

29
firmware/app.py Executable file
View File

@@ -0,0 +1,29 @@
#! @python@/bin/python -B
import os
from aiohttp import web
import yaml
CONF_FILE = os.getenv('CONFIG', '/etc/qclk/config.yaml')
conf_k = web.AppKey('config', dict)
def log(m):
print(m, file=sys.stderr)
routes = web.RouteTableDef()
@routes.get('/')
async def index(req):
return web.Response(text='Hello, world!')
def main():
app = web.Application()
with open(CONF_FILE) as f:
app[conf_k] = yaml.safe_load(f)
app.add_routes(routes)
web.run_app(app, port=8080)
if __name__ == '__main__':
main()

85
firmware/base.nix Normal file
View File

@@ -0,0 +1,85 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkOption;
in
{
config = {
system = {
stateVersion = "24.11";
nixos = {
distroName = "qCLKOS";
};
name = "qclk";
};
documentation.enable = false;
time.timeZone = "Europe/Dublin";
i18n.defaultLocale = "en_IE.UTF-8";
boot = {
loader = {
grub.enable = false;
};
initrd = {
systemd = {
enable = true;
emergencyAccess = true;
};
};
consoleLogLevel = 7;
};
nix = {
# We're a flake-only gal
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
extra-substituters = [ "https://nix-cache.nul.ie" ];
extra-trusted-public-keys = [ "nix-cache.nul.ie-1:BzH5yMfF4HbzY1C977XzOxoPhEc9Zbu39ftPkUbH+m4=" ];
fallback = false;
};
};
users = {
users = {
root = {
openssh.authorizedKeys.keyFiles = [
.keys/management.pub
];
};
};
};
environment = {
systemPackages = with pkgs; [
usbutils
tcpdump
(pkgs.vim.customize {
name = "vim";
vimrcConfig.packages.default = {
start = [ pkgs.vimPlugins.vim-nix ];
};
vimrcConfig.customRC = "syntax on";
})
];
};
programs = {
command-not-found.enable = false;
htop.enable = true;
};
services = {
getty.autologinUser = "root";
openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
};
};
};
}

229
firmware/configurer.py Executable file
View File

@@ -0,0 +1,229 @@
#! @python@/bin/python -B
import argparse
import base64
import json
import os
import shutil
import signal
import socket
import subprocess
import sys
import time
import tomllib
import yaml
CONF_FILE = '/etc/qclk/config.yaml'
WG_KEY_FILE = '/etc/qclk/wg.key'
IWD_PATH = '/var/lib/iwd'
IWD_CONF = '''[Settings]
Hidden={hidden}
[Security]
Passphrase={psk}
'''
MANAGEMENT_NET = '''[Match]
Name=management
[Network]
Address={ip}/32
'''
def log(m):
print(m, file=sys.stderr)
def iwd_ssid_basename(ssid: str) -> str:
if ssid.isalnum() and not any(c in ssid for c in '-_ '):
return ssid
return f"={ssid.encode('utf-8').hex()}"
class Configurer:
tmpdir = '/run/qclk'
def __init__(self, conf_file: str, wg_key_file: str):
self.conf_file = conf_file
self.load_config()
with open(wg_key_file, 'rb') as f:
output = subprocess.check_output(['@wireguardTools@/bin/wg', 'pubkey'], input=f.read())
pubkey = base64.b64decode(output)
self.id = pubkey[:4].hex()
self.load_dir = os.path.join(self.tmpdir, 'load')
self.sd_sock = None
os.makedirs(self.tmpdir, exist_ok=True)
os.makedirs(self.load_dir, exist_ok=True)
def load_config(self):
with open(self.conf_file) as f:
self.config = yaml.safe_load(f)
def write_config(self):
log(f'Updating config')
tmp = os.path.join(self.tmpdir, 'new-config.yaml')
with open(tmp, 'w') as f:
yaml.dump(self.config, f)
shutil.move(tmp, self.conf_file)
def _setup_hostname(self):
hostname = f'qclk-{self.id}'
log(f"Setting hostname to '{hostname}'")
socket.sethostname(hostname)
def _setup_wifi(self):
os.makedirs(IWD_CONF, exist_ok=True)
if 'wifi' in self.config:
conf = self.config['wifi']
tmp = os.path.join(self.tmpdir, 'wifi.psk')
with open(tmp, 'w') as f:
print(
IWD_CONF.format(
hidden=str(conf['hidden']).lower(),
psk=conf['password']),
file=f)
fname = f"{iwd_ssid_basename(conf['ssid'])}.psk"
log(f"Writing IWD config file '{fname}' for network '{conf['ssid']}'")
shutil.move(tmp, os.path.join(IWD_PATH, fname))
else:
fname = None
for f in os.listdir(IWD_PATH):
if (fname is not None and f != fname) and f.endswith('.psk'):
log(f"Cleaning up old IWD config '{f}'")
os.remove(os.path.join(IWD_PATH, f))
subprocess.call(['@iwd@/bin/iwctl', 'station', 'wifi', 'scan'])
def _setup_mgmt(self):
conf = self.config['management']
tmp = os.path.join(self.tmpdir, 'management.network')
with open(tmp, 'w') as f:
print(MANAGEMENT_NET.format(ip=conf['ip']), file=f)
log(f"Configuring management IP {conf['ip']}")
os.makedirs('/run/systemd/network', exist_ok=True)
shutil.move(tmp, '/run/systemd/network/20-management.network')
subprocess.check_call(['@systemd@/bin/networkctl', 'reload'])
def reconcile(self):
if self.sd_sock is not None:
self.sd_sock.sendall(b'STATUS=Reconciling configuration...')
self._setup_hostname()
self._setup_wifi()
self._setup_mgmt()
if self.sd_sock is not None:
self.sd_sock.sendall(b'STATUS=OK\nREADY=1')
def _ext_load(self, identifier: str, device: str):
mountpoint = os.path.join(self.tmpdir, 'mnt', identifier)
os.makedirs(mountpoint, exist_ok=True)
try:
log(f'Mounting {device} -> {mountpoint}')
subprocess.check_call(['@utilLinux@/bin/mount', '-t', 'vfat', '-o', 'ro', device, mountpoint])
try:
path = os.path.join(mountpoint, 'qclk.toml')
if not os.path.exists(path):
log(f'No config file found on {device}')
return
with open(path, 'rb') as f:
ext_conf = tomllib.load(f)
finally:
subprocess.check_call(['@utilLinux@/bin/umount', mountpoint])
finally:
os.rmdir(mountpoint)
if 'wifi' in ext_conf:
log(f'Loading WiFi settings from {device}')
self.config['wifi'] = {
'ssid': ext_conf['wifi']['ssid'],
'password': ext_conf['wifi'].get('password', ''),
'hidden': ext_conf['wifi'].get('hidden', False),
}
self._setup_wifi()
self.write_config()
def serve(self, args: argparse.Namespace):
os.makedirs(os.path.join(self.tmpdir, 'load'), exist_ok=True)
addr = os.getenv('NOTIFY_SOCKET')
if addr is not None:
self.sd_sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
if addr[0] == '@':
addr = '\0' + addr[1:]
self.sd_sock.connect(addr)
running = True
def sighandler(sig, frame):
nonlocal running
if sig in (signal.SIGINT, signal.SIGTERM):
running = False
return
if sig == signal.SIGHUP:
if self.sd_sock is not None:
t = time.clock_gettime_ns(time.CLOCK_MONOTONIC) // 1000
self.sd_sock.sendall(f'RELOADING=1\nMONOTONIC_USEC={t}'.encode('ascii'))
self.load_config()
self.reconcile()
elif sig == signal.SIGUSR1:
for identifier in os.listdir(self.load_dir):
fname = os.path.join(self.load_dir, identifier)
with open(fname) as f:
device = f.read().strip()
os.remove(fname)
try:
self._ext_load(identifier, device)
except Exception as ex:
log(f'Failed to load config from {device}: {ex}')
for s in [signal.SIGINT, signal.SIGTERM, signal.SIGHUP, signal.SIGUSR1]:
signal.signal(s, sighandler)
self.reconcile()
while running:
signal.pause()
if self.sd_sock is not None:
self.sd_sock.close()
def ext_load(self, args: argparse.Namespace):
with open(os.path.join(self.load_dir, args.identifier), 'w') as f:
print(args.device, file=f)
output = subprocess.check_output(
['@systemd@/bin/systemctl', 'show', '--property', 'MainPID', '--value', 'qclk-configurer.service'], encoding='ascii')
pid = int(output.strip())
os.kill(pid, signal.SIGUSR1)
def main():
parser = argparse.ArgumentParser(description='qclkOS configurer')
cmds = parser.add_subparsers(title='commands', help='reconcile')
rec_parser = cmds.add_parser('serve')
rec_parser.set_defaults(func=Configurer.serve)
eload_parser = cmds.add_parser('ext-load')
eload_parser.set_defaults(func=Configurer.ext_load)
eload_parser.add_argument('identifier', help='Unique device name')
eload_parser.add_argument('device', help='Block device path')
args = parser.parse_args()
c = Configurer(CONF_FILE, WG_KEY_FILE)
if not hasattr(args, 'func'):
c.serve(args)
else:
args.func(c, args)
if __name__ == '__main__':
main()

157
firmware/default.nix Normal file
View File

@@ -0,0 +1,157 @@
{ self, inputs, ... }:
let
nixpkgsLib = inputs.nixpkgs.lib.extend (final: prev:
let
date = final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101");
revCode = flake: flake.shortRev or "dirty";
in
{
trivial = prev.trivial // {
release = "25.05:u-${prev.trivial.release}";
codeName = "Beta";
revisionWithDefault = default: self.rev or default;
versionSuffix = ".${date}.${revCode self}:u-${revCode inputs.nixpkgs}";
};
}
);
mkSystem = target: nixpkgsLib.nixosSystem {
modules = [
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
}
./base.nix
./disk.nix
./network.nix
./app.nix
target
];
};
in
{
flake.nixosConfigurations = {
qclk-rpi3 = mkSystem target/rpi3.nix;
};
perSystem = { lib, libMy, pkgs, ... }:
let
inherit (lib) concatMapStringsSep;
devPython = pkgs.python3.withPackages (ps: with ps; [ pyyaml aiohttp ]);
in
{
devenv.shells.firmware = libMy.withRootdir {
packages = with pkgs; [
nixos-rebuild
nixVersions.latest
wireguard-tools
devPython
];
scripts =
let
shellUtils = ''
die() {
echo "$1" >&2
exit 1
}
'';
exportPath = ps:
let pkgsPath = concatMapStringsSep ":" (p: "${p}/bin") ps; in ''export PATH="$PATH:${pkgsPath}"'';
buildImgRootHelper = pkgs.writeShellScript "fixup-perms" ''
pushd "$1"
# systemd-network GID
chgrp 152 etc/qclk/wg.key
chmod 640 etc/qclk/wg.key
popd
mkfs.ext4 -L qclkos-persist -d "$1" "$2"
'';
in
{
build.exec = ''
nix build "..#nixosConfigurations.qclk-$1.config.system.build.toplevel"
'';
build-image.exec = ''
set -e
${exportPath (with pkgs; [ util-linux fakeroot e2fsprogs zstd python3 ])}
${shellUtils}
usage() {
die "usage: $0 <target> <IP>"
}
populate_persist() {
mkdir -p etc/qclk
old_umask="$(umask)"
umask 077
wg genkey > etc/qclk/wg.key
wg_pubkey="$(wg pubkey < etc/qclk/wg.key)"
id="$(python3 -c "import base64; print(base64.b64decode('$wg_pubkey')[:4].hex())")"
pin="$(python3 -c "import random; print('''.join(str(random.randint(0, 9)) for _ in range(6)))")"
cat << EOF > etc/qclk/config.yaml
management:
ip: $ip
pin: '$pin'
EOF
umask "$old_umask"
}
[ $# -eq 2 ] || usage
target=$1
ip=$2
nix build "..#nixosConfigurations.qclk-$target.config.my.disk.image"
persistRoot=$(mktemp --tmpdir -d qclkos-persist-XXXXX)
pushd "$persistRoot"
populate_persist
popd
out=qclkos-$target-$id.img
cp --sparse=always result/qclkos-$target.img $out
chmod u+w $out
eval $(partx $out -o START,SECTORS --nr 2 --pairs)
persistImg=$(mktemp --tmpdir qclkos-persist-XXXXX.img)
truncate -s $((SECTORS * 512)) $persistImg
fakeroot ${buildImgRootHelper} $persistRoot $persistImg
dd conv=notrunc if=$persistImg of=$out seek=$START count=$SECTORS
rm -r "$persistRoot" "$persistImg"
[ -z "$NO_COMPRESS" ] && zstd -7 -T0 --rm -f $out
echo "====== DONE! ======"
echo "WireGuard pubkey: $wg_pubkey"
echo "Control PIN: $pin"
'';
push-config.exec = ''
${shellUtils}
usage() {
die "usage: $0 <host> <target> <verb>"
}
[ $# -eq 3 ] || usage
host=$1; shift
target=$1; shift
verb=$1; shift
export NIX_SSHOPTS="-i .keys/management.key"
nixos-rebuild $verb --flake ..#qclk-$target --target-host root@"$host" --use-substitutes "$@"
'';
clean.exec = ''
rm -f qclkos-*.img*
'';
};
};
};
}

208
firmware/disk.nix Normal file
View File

@@ -0,0 +1,208 @@
# Based on `nixos/modules/installer/sd-card/sd-image.nix`
{ lib, modulesPath, pkgs, config, ... }:
let
inherit (lib) concatMap mkOption;
cfg = config.my.disk;
nixImage = (pkgs.callPackage "${modulesPath}/../lib/make-ext4-fs.nix" {
volumeLabel = "qclkos-nix";
uuid = "38bd3706-c049-430d-9e33-5cd0e437279b";
storePaths = config.system.build.toplevel;
compressImage = false;
}).overrideAttrs (o: {
buildCommand = ''
# We need to move the store up a level since we're not using this as a rootfs but as /nix
# HACK: `populateImageCommands` is executed in a subshell _before_ the store paths are copied in...
shopt -s expand_aliases
nixUpThenFaketime() {
mv rootImage/{nix/store,}
rmdir rootImage/nix
faketime "$@"
}
alias faketime=nixUpThenFaketime
${o.buildCommand}
'';
});
in
{
options.my.disk = with lib.types; {
bootSize = mkOption {
description = "/boot size (MiB).";
type = ints.unsigned;
default = 1024;
};
persistSize = mkOption {
description = "/persist size (MiB).";
type = ints.unsigned;
default = 8192;
};
populateBootCommands = mkOption {
description = ''
Shell commands to populate the ./boot directory.
All files in that directory are copied to the
/boot partition on the image.
'';
};
imageBaseName = mkOption {
description = "Prefix of the name of the generated image file.";
default = "qclkos";
};
image = mkOption {
description = "Output disk image.";
type = unspecified;
};
rootSize = mkOption {
description = "tmpfs root size.";
type = str;
default = "2G";
};
};
config = {
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/QCLKOS_BOOT";
fsType = "vfat";
};
"/persist" = {
device = "/dev/disk/by-label/qclkos-persist";
fsType = "ext4";
neededForBoot = true;
};
"/nix" = {
device = "/dev/disk/by-label/qclkos-nix";
fsType = "ext4";
};
"/" = {
device = "yeet";
fsType = "tmpfs";
options = [ "size=${cfg.rootSize}" "mode=755" ];
};
};
boot = {
postBootCommands = ''
# On the first boot do some maintenance tasks
if [ -f /nix/nix-path-registration ]; then
set -euo pipefail
set -x
# Figure out device names for the boot device and nix filesystem.
nixPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /nix)
bootDevice=$(lsblk -npo PKNAME $nixPart)
partNum=$(lsblk -npo MAJ:MIN $nixPart | ${pkgs.gawk}/bin/awk -F: '{print $2}')
# Resize the nix partition and the filesystem to fit the disk
echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
${pkgs.parted}/bin/partprobe
${pkgs.e2fsprogs}/bin/resize2fs $nixPart
# Register the contents of the initial Nix store
${config.nix.package.out}/bin/nix-store --load-db < /nix/nix-path-registration
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Prevents this from running on later boots.
rm -f /nix/nix-path-registration
fi
'';
};
users.mutableUsers = false;
environment = {
# This is based on parts of `nixfiles/nixos/modules/tmproot.nix`
persistence."/persist" = {
directories = [
"/var/lib/nixos"
"/var/lib/systemd"
"/etc/qclk"
];
files = [
"/etc/machine-id"
] ++ (concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys);
};
};
services = {
journald.storage = "volatile";
};
my.disk.image = pkgs.callPackage ({
stdenv, dosfstools, e2fsprogs, mtools, libfaketime, util-linux
}: stdenv.mkDerivation {
name = "${cfg.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}";
nativeBuildInputs = [
dosfstools e2fsprogs libfaketime mtools util-linux
];
buildCommand = ''
mkdir -p $out
export img=$out/${cfg.imageBaseName}.img
nix_fs=${nixImage}
# Gap in front of the first partition, in MiB
gap=8
# Create the image file sized to fit /boot and /nix, plus slack for the gap.
nixSizeBlocks=$(du -B 512 --apparent-size $nix_fs | awk '{ print $1 }')
bootSizeBlocks=$((${toString cfg.bootSize} * 1024 * 1024 / 512))
persistSizeBlocks=$((${toString cfg.persistSize} * 1024 * 1024 / 512))
imageSize=$((nixSizeBlocks * 512 + persistSizeBlocks * 512 + bootSizeBlocks * 512 + gap * 1024 * 1024))
truncate -s $imageSize $img
# type=b is 'W95 FAT32', type=83 is 'Linux'.
# The "bootable" partition is where u-boot will look file for the bootloader
# information (dtbs, extlinux.conf file).
sfdisk --no-reread --no-tell-kernel $img <<EOF
label: dos
label-id: 0xabb10d5a
start=''${gap}M, size=$bootSizeBlocks, type=b, bootable
start=$((gap + ${toString cfg.bootSize}))M, size=$persistSizeBlocks, type=83
start=$((gap + ${toString cfg.bootSize} + ${toString cfg.persistSize}))M, type=83
EOF
# Copy the nixfs into the image
eval $(partx $img -o START,SECTORS --nr 3 --pairs)
dd conv=notrunc if=$nix_fs of=$img seek=$START count=$SECTORS
# Create a FAT32 /boot partition of suitable size into boot_part.img
eval $(partx $img -o START,SECTORS --nr 1 --pairs)
truncate -s $((SECTORS * 512)) boot_part.img
mkfs.vfat --invariant -n QCLKOS_BOOT boot_part.img
# Populate the files intended for /boot
mkdir boot
${cfg.populateBootCommands}
find boot -exec touch --date=2000-01-01 {} +
# Copy the populated /boot into the image
cd boot
# Force a fixed order in mcopy for better determinism, and avoid file globbing
for d in $(find . -type d -mindepth 1 | sort); do
faketime "2000-01-01 00:00:00" mmd -i ../boot_part.img "::/$d"
done
for f in $(find . -type f | sort); do
mcopy -pvm -i ../boot_part.img "$f" "::/$f"
done
cd ..
# Verify the FAT partition before copying it.
fsck.vfat -vn boot_part.img
dd conv=notrunc if=boot_part.img of=$img seek=$START count=$SECTORS
'';
}) { };
};
}

58
firmware/network.nix Normal file
View File

@@ -0,0 +1,58 @@
{ lib, config, pkgs, ... }: {
environment = {
systemPackages = with pkgs; [
wireguard-tools
];
};
networking = {
hostName = config.system.name;
useDHCP = false;
useNetworkd = true;
firewall = {
interfaces.management.allowedTCPPorts = [ 8080 ];
};
wireless.iwd = {
enable = true;
settings = {
# systemd-networkd gets confused if we hop between networks and doesn't redo DHCP
General.EnableNetworkConfiguration = true;
DriverQuirks.DefaultInterface = "*";
};
};
};
systemd = {
network = {
wait-online.enable = false;
netdevs = {
"10-management" = {
netdevConfig = {
Name = "management";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/etc/qclk/wg.key";
RouteTable = "main";
};
wireguardPeers = [
{
Endpoint = "94.142.240.44:51821";
PublicKey = "itMQ2DlPEMdJFlIZRQkwa+Mv7cLc9d4zgfzlljEtLn4=";
AllowedIPs = [ "10.100.4.1/32" ];
PersistentKeepalive = 15;
}
];
};
};
networks = {
"10-ethernet" = {
matchConfig.Name = "ethernet";
DHCP = "yes";
};
};
};
};
}

85
firmware/target/rpi3.nix Normal file
View File

@@ -0,0 +1,85 @@
{ pkgs, config, ... }: {
nixpkgs.system = "aarch64-linux";
boot = {
kernelParams = [
"console=ttyS1,115200n8"
"console=tty0"
];
loader.generic-extlinux-compatible = {
enable = true;
configurationLimit = 3;
};
};
hardware = {
deviceTree.filter = "*rpi-3*.dtb";
enableRedistributableFirmware = true;
};
systemd.network.links = {
"10-ethernet" = {
matchConfig.Path = "platform-3f980000.usb-usb-0:1.1.1:1.0";
linkConfig.Name = "ethernet";
};
"10-wifi" = {
matchConfig.Path = "platform-3f300000.mmc";
linkConfig.Name = "wifi";
};
};
my = {
disk = {
bootSize = 512;
persistSize = 1024;
rootSize = "128M";
imageBaseName = "qclkos-rpi3";
# Based on `nixos/modules/installer/sd-card/sd-image-aarch64.nix`
populateBootCommands =
let
configTxt = pkgs.writeText "config.txt" ''
[pi3]
kernel=u-boot-rpi3.bin
[pi02]
kernel=u-boot-rpi3.bin
# Otherwise the resolution will be weird in most cases, compared to
# what the pi3 firmware does by default.
disable_overscan=1
# Supported in newer board revisions
arm_boost=1
[all]
# Boot in 64-bit mode.
arm_64bit=1
# U-Boot needs this to work, regardless of whether UART is actually used or not.
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
# a requirement in the future.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'';
in ''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/boot/)
# Add the config
cp ${configTxt} boot/config.txt
# Add pi3 specific files
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin boot/u-boot-rpi3.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-2-b.dtb boot/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b.dtb boot/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b-plus.dtb boot/
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./boot
'';
};
};
}

438
flake.lock generated
View File

@@ -2,30 +2,28 @@
"nodes": {
"cachix": {
"inputs": {
"devenv": "devenv_2",
"devenv": [
"devenv"
],
"flake-compat": [
"devenv",
"flake-compat"
"devenv"
],
"nixpkgs": [
"devenv",
"nixpkgs"
"git-hooks": [
"devenv"
],
"pre-commit-hooks": [
"devenv",
"pre-commit-hooks"
]
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1712055811,
"narHash": "sha256-7FcfMm5A/f02yyzuavJe06zLa9hcMHsagE28ADcmQvk=",
"lastModified": 1742042642,
"narHash": "sha256-D0gP8srrX0qj+wNYNPdtVJsQuFzIng3q43thnHXQ/es=",
"owner": "cachix",
"repo": "cachix",
"rev": "02e38da89851ec7fec3356a5c04bc8349cae0e30",
"rev": "a624d3eaf4b1d225f918de8543ed739f2f574203",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "latest",
"repo": "cachix",
"type": "github"
}
@@ -33,54 +31,23 @@
"devenv": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat_2",
"nix": "nix_2",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nix": "nix",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1722605649,
"narHash": "sha256-T5dzUFRb2ocZ+LB2qBZufewdUFQs0pB4fnLKIWBLd9Y=",
"owner": "cachix",
"repo": "devenv",
"rev": "a07842582c030fdf2ccf07d3b1402b2a46908856",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"devenv_2": {
"inputs": {
"flake-compat": [
"devenv",
"cachix",
"flake-compat"
],
"nix": "nix",
"nixpkgs": "nixpkgs",
"poetry2nix": "poetry2nix",
"pre-commit-hooks": [
"devenv",
"cachix",
"pre-commit-hooks"
]
},
"locked": {
"lastModified": 1708704632,
"narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=",
"lastModified": 1746423062,
"narHash": "sha256-BgiRweL6nMjeO2BQgnOyIquuviybI4S8Nc8r9hYjcBc=",
"owner": "cachix",
"repo": "devenv",
"rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196",
"rev": "aba5cf8412827fdb637fceb2c305d10fcea907c6",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "python-rewrite",
"repo": "devenv",
"type": "github"
}
@@ -88,27 +55,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@@ -118,15 +69,37 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"devenv",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
@@ -135,39 +108,28 @@
"type": "github"
}
},
"flake-utils": {
"git-hooks": {
"inputs": {
"systems": "systems"
"flake-compat": [
"devenv"
],
"gitignore": "gitignore",
"nixpkgs": [
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
@@ -175,7 +137,7 @@
"inputs": {
"nixpkgs": [
"devenv",
"pre-commit-hooks",
"git-hooks",
"nixpkgs"
]
},
@@ -193,166 +155,124 @@
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"devenv",
"cachix",
"devenv",
"nixpkgs"
],
"nixpkgs-regression": "nixpkgs-regression"
},
"impermanence": {
"locked": {
"lastModified": 1712911606,
"narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=",
"owner": "domenkozar",
"repo": "nix",
"rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12",
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.21",
"repo": "nix",
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nix-github-actions": {
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"nix": {
"inputs": {
"nixpkgs": [
"devenv",
"cachix",
"devenv",
"poetry2nix",
"nixpkgs"
"flake-compat": [
"devenv"
],
"flake-parts": "flake-parts",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-23-11": [
"devenv"
],
"nixpkgs-regression": [
"devenv"
],
"pre-commit-hooks": [
"devenv"
]
},
"locked": {
"lastModified": 1688870561,
"narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix_2": {
"inputs": {
"flake-compat": [
"devenv",
"flake-compat"
],
"nixpkgs": [
"devenv",
"nixpkgs"
],
"nixpkgs-regression": "nixpkgs-regression_2"
},
"locked": {
"lastModified": 1712911606,
"narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=",
"lastModified": 1745930071,
"narHash": "sha256-bYyjarS3qSNqxfgc89IoVz8cAFDkF9yPE63EJr+h50s=",
"owner": "domenkozar",
"repo": "nix",
"rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12",
"rev": "b455edf3505f1bf0172b39a735caef94687d0d9c",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.21",
"ref": "devenv-2.24",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1692808169,
"narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=",
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9201b5ff357e781bf014d0330d18555695df7ba8",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-regression_2": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1722640603,
"narHash": "sha256-TcXjLVNd3VeH1qKPH335Tc4RbFDbZQX+d7rqnDUoRaY=",
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "81610abc161d4021b29199aa464d6a1a521e0cc9",
"rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1746332716,
"narHash": "sha256-VBmKSkmw9PYBCEGhBKzORjx+nwNZkPZyHcUHE21A/ws=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6b1c028bce9c89e9824cde040d6986d428296055",
"type": "github"
},
"original": {
@@ -360,64 +280,12 @@
"type": "indirect"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"devenv",
"cachix",
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1692876271,
"narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
"devenv",
"flake-compat"
],
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": [
"devenv",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1713775815,
"narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"devenv": "devenv",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2",
"flake-parts": "flake-parts_2",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs_3",
"rootdir": "rootdir"
}
},
@@ -432,36 +300,6 @@
"type": "file",
"url": "file:///dev/null"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

16
flake.nix
View File

@@ -4,6 +4,8 @@
devenv.url = "github:cachix/devenv";
devenv.inputs.nixpkgs.follows = "nixpkgs";
impermanence.url = "github:nix-community/impermanence";
rootdir = {
url = "file+file:///dev/null";
flake = false;
@@ -14,6 +16,9 @@
flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
devenv.flakeModule
./mcu
./firmware
];
systems = [ "x86_64-linux" ];
@@ -26,14 +31,13 @@
rootFileContent = builtins.readFile rootdir.outPath;
in
pkgs.lib.mkIf (rootFileContent != "") rootFileContent;
withRootdir = f: mkMerge [
(import f)
{ devenv.root = rootdirOpt; }
];
in
{
devenv.shells = {
mcu = withRootdir mcu/devenv.nix;
_module.args.libMy = {
withRootdir = c: mkMerge [
c
{ devenv.root = rootdirOpt; }
];
};
};
};

40
mcu/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
perSystem = { libMy, pkgs, ... }: {
devenv.shells.mcu = libMy.withRootdir {
packages = with pkgs; [
gnumake
cmake
pkgsCross.arm-embedded.buildPackages.gdb # ARM one is broken
gcc-arm-embedded
python3
picotool
openocd-rp2040
];
env = {
PICO_SDK_PATH = "${pkgs.pico-sdk}/lib/pico-sdk";
};
scripts = {
build.exec = ''
cmake -S . -B build -D CMAKE_BUILD_TYPE=Debug -D PICO_STDIO_SEMIHOSTING=1
cmake --build build --parallel
'';
build-rel.exec = ''
cmake -S . -B build-release -D CMAKE_BUILD_TYPE=Release
cmake --build build-release --parallel
'';
clean.exec = ''
rm -rf build/ build-release/
'';
ocd.exec = ''
openocd -f ${./tigard-swd.cfg} -f target/rp2040.cfg
'';
gdb.exec = ''
arm-none-eabi-gdb -x .gdbinit build/qclk.elf
'';
};
};
};
}

36
mcu/devenv.nix
View File

@@ -1,36 +0,0 @@
{ pkgs, ... }: {
packages = with pkgs; [
gnumake
cmake
pkgsCross.arm-embedded.buildPackages.gdb # ARM one is broken
gcc-arm-embedded
python3
picotool
openocd-rp2040
];
env = {
PICO_SDK_PATH = "${pkgs.pico-sdk}/lib/pico-sdk";
};
scripts = {
build.exec = ''
cmake -S . -B build -D CMAKE_BUILD_TYPE=Debug -D PICO_STDIO_SEMIHOSTING=1
cmake --build build --parallel
'';
build-rel.exec = ''
cmake -S . -B build-release -D CMAKE_BUILD_TYPE=Release
cmake --build build-release --parallel
'';
clean.exec = ''
rm -rf build/ build-release/
'';
ocd.exec = ''
openocd -f ${./tigard-swd.cfg} -f target/rp2040.cfg
'';
gdb.exec = ''
arm-none-eabi-gdb -x .gdbinit build/qclk.elf
'';
};
}