1
0
Fork 0

Compare commits

...

20 Commits

Author SHA1 Message Date
Florian Agbuya 38638fa5fe fix modprobe and nix-path-registration error 2024-02-14 16:58:40 +08:00
Florian Agbuya b252e0a913 add ssl certificates 2024-01-22 11:30:40 +08:00
Florian Agbuya e94262db53 remove kernel module bloat 2024-01-17 17:56:38 +08:00
Florian Agbuya 2639192a92 replace nameserver 2024-01-17 10:33:29 +08:00
Florian Agbuya f6055cf908 fix login errors 2024-01-17 10:16:17 +08:00
Florian Agbuya 8f664049d6 zynq: remove strace and add wget 2024-01-16 14:33:22 +08:00
Florian Agbuya c74391e94e zynq: add first boot commands 2024-01-16 12:21:37 +08:00
Florian Agbuya bd4885c597 enable host key generation on first boot 2024-01-15 17:51:52 +08:00
Florian Agbuya dad71891b6 zynq: configure networking 2024-01-13 21:59:22 +08:00
Florian Agbuya 1f62e6a35e not-os: enable networking 2024-01-08 19:44:52 +08:00
Florian Agbuya 1aee5344a5 flake: add not-os disk image builder and qemu 2024-01-05 12:43:23 +08:00
Sebastien Bourdeauducq 543a8632c6 flake: add hydraJobs 2024-01-02 17:21:01 +08:00
Florian Agbuya f14b459624 flake: apply not-os patches 2024-01-02 17:09:10 +08:00
Florian Agbuya f172746e89 add not-os nixpkgs related patches 2024-01-02 17:06:42 +08:00
Florian Agbuya 0f97509b78 add not-os zynq related patches 2024-01-02 17:05:54 +08:00
Florian Agbuya 3f92b3f13b activationSripts: add previous var value (closes #6) 2024-01-02 14:05:45 +08:00
Florian Agbuya d12dee6198 flake: update flake inputs 2024-01-02 13:41:57 +08:00
Florian Agbuya 791e9abd7a update flake inputs 2023-12-21 15:50:38 +08:00
Florian Agbuya aff470615c update not-os patch 2023-12-21 14:06:24 +08:00
Florian Agbuya 52675eefd4 flake: configure u-boot to autoboot kernel
Signed-off-by: Florian Agbuya <fa@m-labs.ph>
2023-12-20 16:32:54 +08:00
6 changed files with 647 additions and 25 deletions

View File

@ -18,11 +18,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {

147
flake.nix
View File

@ -8,27 +8,17 @@
outputs = { self, nixpkgs, not-os }:
let
pkgs = import nixpkgs { system = "x86_64-linux"; };
not-os-patches = [
{
# Additional systemd options for recent nixpkgs
url = "https://patch-diff.githubusercontent.com/raw/cleverca22/not-os/pull/25.patch";
sha256 = "sha256-QYXdiCdvGLcvLkC2BCIfJfCgW3Hf4meeK0SdU39aSYg=";
}
{
# U-boot wrapped kernel, initrd and zc706 dtb support
url = "https://patch-diff.githubusercontent.com/raw/cleverca22/not-os/pull/26.patch";
sha256 = "sha256-fupVodnuXDik3+pi0BDlWL+zQROfzlWEz+fthe3JNHE=";
}
{
# Various boot fixes
url = "https://patch-diff.githubusercontent.com/raw/cleverca22/not-os/pull/27.patch";
sha256 = "sha256-eX4FqucD+Qa/d1gQoZCsxf0WQZ/t7AWOyhVkZzEzBHU=";
}
];
not-os-cfg = not-os-configured.config.system;
patched-not-os = pkgs.applyPatches {
name = "not-os-patched";
src = not-os;
patches = map pkgs.fetchpatch not-os-patches;
patches = [
./network.patch
./pr-28.patch
./pr-29.patch
./pr-30.patch
];
};
gnu-platform = "arm-none-eabi";
@ -204,6 +194,18 @@
preConfigure = ''
export DEVICE_TREE=zynq-${board}
'';
extraConfig = ''
CONFIG_AUTOBOOT=y
CONFIG_BOOTCOMMAND="${builtins.replaceStrings [ "\n" ] [ "; " ] ''
setenv bootargs 'root=/dev/mmcblk0p2 console=ttyPS0,115200n8 systemConfig=${builtins.unsafeDiscardStringContext not-os-cfg.build.toplevel}'
fatload mmc 0 0x6400000 uImage
fatload mmc 0 0x8000000 devicetree.dtb
fatload mmc 0 0xA400000 uRamdisk.image.gz
bootm 0x6400000 0xA400000 0x8000000
''}"
CONFIG_BOOTDELAY=0
CONFIG_USE_BOOTCOMMAND=y
'';
extraMeta.platforms = [ "armv7l-linux" ];
filesToInstall = [ "u-boot.elf" ];
};
@ -229,6 +231,15 @@
echo file binary-dist $out/boot.bin >> $out/nix-support/hydra-build-products
'';
# Pinned qemu version due to networking errors in recent version 8.2.0
qemu = pkgs.qemu.overrideAttrs (oldAttrs: rec {
version = "8.1.3";
src = pkgs.fetchurl {
url = "https://download.qemu.org/qemu-${version}.tar.xz";
hash = "sha256-Q8wXaAQQVYb3T5A5jzTp+FeH3/QA07ZA2B93efviZbs=";
};
});
not-os-configured = (import patched-not-os {
inherit nixpkgs;
extraModules = [
@ -237,7 +248,100 @@
system = "x86_64-linux";
crossSystem.system = "armv7l-linux";
});
in {
not-os-qemu = { board ? "zc706" }: let
qemuScript = ''
#!/bin/bash
export PATH=${qemu}/bin:$PATH
IMGDIR=$(mktemp -d /tmp/not-os-qemu-XXXXXX)
BASE=$(realpath $(dirname $0))
qemu-img create -F raw -f qcow2 -b $BASE/sd-image.img $IMGDIR/sd-overlay.qcow2 512M
# Some command arguments are based from samples in Xilinx QEMU User Documentation
# See: https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/821854273/Running+Bare+Metal+Applications+on+QEMU
qemu-system-arm \
-M xilinx-zynq-a9 \
-serial /dev/null \
-serial stdio \
-display none \
-dtb $BASE/devicetree.dtb \
-kernel $BASE/uImage \
-initrd $BASE/uRamdisk.image.gz \
-drive file=$IMGDIR/sd-overlay.qcow2,if=sd,format=qcow2 \
-append "root=/dev/mmcblk0p2 console=ttyPS0,115200n8 systemConfig=${builtins.unsafeDiscardStringContext not-os-cfg.build.toplevel}";
rm -rf $IMGDIR
'';
in pkgs.runCommand "not-os-qemu" {
inherit qemuScript;
passAsFile = [ "qemuScript" ];
preferLocalBuild = true;
}
''
mkdir $out
cd $out
cp -s ${not-os-cfg.build.kernel}/uImage .
cp -s ${not-os-cfg.build.uRamdisk}/initrd uRamdisk.image.gz
cp -s ${not-os-cfg.build.kernel}/dtbs/zynq-zc706.dtb devicetree.dtb
cp -s ${sd-image { inherit board; }}/sd-image/sd-image.img .
ln -sv ${not-os-cfg.build.toplevel} toplevel
cp $qemuScriptPath qemu-script
chmod +x qemu-script
patchShebangs qemu-script
'';
sd-image = { board ? "zc706" }: let
rootfsImage = pkgs.callPackage (pkgs.path + "/nixos/lib/make-ext4-fs.nix") {
storePaths = [ not-os-cfg.build.toplevel ];
volumeLabel = "ROOT";
};
# Current firmware (kernel, bootimage, etc..) takes ~18MB
firmwareSize = 30;
firmwarePartitionOffset = 8;
in pkgs.stdenv.mkDerivation {
name = "sd-image";
nativeBuildInputs = with pkgs; [ dosfstools mtools libfaketime util-linux parted ];
buildCommand = ''
mkdir -p $out/nix-support $out/sd-image
export img=$out/sd-image/sd-image.img
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
gap=${toString firmwarePartitionOffset}
rootSizeBlocks=$(du -B 512 --apparent-size ${rootfsImage} | awk '{ print $1 }')
firmwareSizeBlocks=$((${toString firmwareSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + firmwareSizeBlocks * 512 + gap * 1024 * 1024))
truncate -s $imageSize $img
fat32Start="$((gap))MB"
fat32End="$((gap + ${toString firmwareSize}))MB"
parted $img mklabel msdos
parted $img mkpart primary fat32 $fat32Start $fat32End
parted $img mkpart primary ext4 $fat32End 100%
parted $img set 1 boot on
eval $(partx $img -o START,SECTORS --nr 2 --pairs)
dd conv=notrunc if=${rootfsImage} of=$img seek=$START count=$SECTORS
eval $(partx $img -o START,SECTORS --nr 1 --pairs)
truncate -s $((SECTORS * 512)) firmware_part.img
faketime "1970-01-01 00:00:00" mkfs.vfat -n BOOT firmware_part.img
mkdir firmware
cp ${bootimage { inherit board; }}/boot.bin firmware/
cp ${not-os-cfg.build.kernel}/uImage firmware/
cp ${not-os-cfg.build.uRamdisk}/initrd firmware/uRamdisk.image.gz
cp ${not-os-cfg.build.kernel}/dtbs/zynq-zc706.dtb firmware/devicetree.dtb
(cd firmware; mcopy -psvm -i ../firmware_part.img ./* ::)
dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS
'';
};
in rec {
packages.x86_64-linux = {
inherit mkbootimage;
};
@ -245,8 +349,11 @@
zc706-u-boot = u-boot { board = "zc706"; };
zc706-fsbl = fsbl { board = "zc706"; };
zc706-bootimage = bootimage { board = "zc706"; };
zc706-not-os = not-os-configured.config.system.build.zynq_image;
zc706-qemu = not-os-qemu { board = "zc706"; };
zc706-sd-image = sd-image { board = "zc706"; };
zc706-not-os = not-os-cfg.build.zynq_image;
};
hydraJobs = packages.x86_64-linux // packages.armv7l-linux;
};
nixConfig = {

59
network.patch Normal file
View File

@ -0,0 +1,59 @@
diff --git a/base.nix b/base.nix
index 7eaee32..be5a47c 100644
--- a/base.nix
+++ b/base.nix
@@ -95,7 +95,7 @@ with lib;
'';
bashrc.text = "export PATH=/run/current-system/sw/bin";
profile.text = "export PATH=/run/current-system/sw/bin";
- "resolv.conf".text = "nameserver 10.0.2.3";
+ "resolv.conf".text = "nameserver 192.168.1.1";
passwd.text = ''
root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
sshd:x:498:65534:SSH privilege separation user:/var/empty:/run/current-system/sw/bin/nologin
diff --git a/configuration.nix b/configuration.nix
index 010c487..37f6aaa 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -7,8 +7,10 @@
environment.etc = {
"ssh/authorized_keys.d/root" = {
text = ''
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34wZQFEOGkA5b0Z6maE3aKy/ix1MiK1D0Qmg4E9skAA57yKtWYzjA23r5OCF4Nhlj1CuYd6P1sEI/fMnxf+KkqqgW3ZoZ0+pQu4Bd8Ymi3OkkQX9kiq2coD3AFI6JytC6uBi6FaZQT5fG59DbXhxO5YpZlym8ps1obyCBX0hyKntD18RgHNaNM+jkQOhQ5OoxKsBEobxQOEdjIowl2QeEHb99n45sFr53NFqk3UCz0Y7ZMf1hSFQPuuEC/wExzBBJ1Wl7E1LlNA4p9O3qJUSadGZS4e5nSLqMnbQWv2icQS/7J8IwY0M8r1MsL8mdnlXHUofPlG1r4mtovQ2myzOx clever@nixos
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKITUnIETct0d1Ky7iEofM8BV/U9ViuAd72abm26ibhkVKYuLlIvNBtf7+fsyaHR3cc4kmiUz26co4LV2q10HLO7nua7Ry0QhtPvPnpudandB4LbV4ieW1cqcWcPpsM1GssUZhZthbkwLf7h2exojqVj8vqPm5RaBl1eULXaPTldCiSe5ZxNuVbm3qT8Lfc2E3ifKT6A7WqZN00f1+YSnaA9uy0VgVDReDqyujAZaKGUwSa2G8eqzN3guN7VcBZek2p1v1n0EwpFdBxzT3Ncqh5wIYPNn084q5lU13TAjw+tTO7Q059e4HFLaR24w8NT60BrO1dbGYLbjWNri1G3pz root@router
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1 root
+ ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNdIiLvP2hmDUFyyE0oLOIXrjrMdWWpBV9/gPR5m4AiARx4JkufIDZzmptdYQ5FhJORJ4lluPqp7dAmahoSwg4lv9Di0iNQpHMJvNGZLHYKM1H1FWCCFIEDJ8bD4SVfrDg== root
+ ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF/YybP+fQ0J+bNqM5Vgx5vDmVqVWsgUdF1moUxghv7d73GZAFaM6IFBdrXTAa33AwnWwDPMrTgP1V6SXBkb3ciJo/lD1urJGbydbSI5Ksq9d59wvOeANvyWYrQw6+eqTQ== sb
+ ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFkmOCQ3BQh3qUjLtfdqyeBsx8rkk/QYlzB0TMrnfn6waLN6yKfPC3WVFv4zN5kNKb/OayvqDa+zfkKe85e/oIPQQKflF7GrCHdssz33DCnW90cz532E6iqG1pjeZjID2A== flo
'';
mode = "0444";
};
diff --git a/runit.nix b/runit.nix
index d7b0bf3..67cff43 100644
--- a/runit.nix
+++ b/runit.nix
@@ -7,8 +7,8 @@ let
Port 22
PidFile /run/sshd.pid
Protocol 2
- PermitRootLogin yes
- PasswordAuthentication yes
+ PermitRootLogin prohibit-password
+ PasswordAuthentication no
AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
'';
compat = pkgs.runCommand "runit-compat" {} ''
@@ -31,10 +31,10 @@ in
"runit/1".source = pkgs.writeScript "1" ''
#!${pkgs.runtimeShell}
${lib.optionalString config.not-os.simpleStaticIp ''
- ip addr add 10.0.2.15 dev eth0
+ ip addr add 103.206.98.205 dev eth0
ip link set eth0 up
- ip route add 10.0.2.0/24 dev eth0
- ip route add default via 10.0.2.2 dev eth0
+ ip route add 103.206.98.200/29 dev eth0
+ ip route add default via 103.206.98.200 dev eth0
''}
mkdir /bin/
ln -s ${pkgs.runtimeShell} /bin/sh

280
pr-28.patch Normal file
View File

@ -0,0 +1,280 @@
diff --git a/base.nix b/base.nix
index 7eaee32..c0a88c0 100644
--- a/base.nix
+++ b/base.nix
@@ -27,6 +27,11 @@ with lib;
description = "enable rngd";
default = false;
};
+ not-os.sd = mkOption {
+ type = types.bool;
+ default = false;
+ description = "enable sd image support";
+ };
not-os.simpleStaticIp = mkOption {
type = types.bool;
default = false;
@@ -93,6 +98,8 @@ with lib;
build-cores = 4
EOF
'';
+ "ssl/certs/ca-certificates.crt".source = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ "ssl/certs/ca-bundle.crt".source = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
bashrc.text = "export PATH=/run/current-system/sw/bin";
profile.text = "export PATH=/run/current-system/sw/bin";
"resolv.conf".text = "nameserver 10.0.2.3";
diff --git a/runit.nix b/runit.nix
index d7b0bf3..70353a1 100644
--- a/runit.nix
+++ b/runit.nix
@@ -65,7 +65,6 @@ in
'';
"service/nix/run".source = pkgs.writeScript "nix" ''
#!${pkgs.runtimeShell}
- nix-store --load-db < /nix/store/nix-path-registration
nix-daemon
'';
}
diff --git a/stage-1.nix b/stage-1.nix
index 331fecd..aa5148e 100644
--- a/stage-1.nix
+++ b/stage-1.nix
@@ -117,11 +117,6 @@ let
plymouth --show-splash
''}
-
- for x in ${lib.concatStringsSep " " config.boot.initrd.kernelModules}; do
- modprobe $x
- done
-
root=/dev/vda
realroot=tmpfs
for o in $(cat /proc/cmdline); do
@@ -164,7 +159,9 @@ let
mkdir -p /mnt/nix/store/
- ${if config.not-os.nix then ''
+ ${if config.not-os.sd && config.not-os.nix then ''
+ mount $root /mnt
+ '' else if config.not-os.nix then ''
# make the store writeable
mkdir -p /mnt/nix/.ro-store /mnt/nix/.overlay-store /mnt/nix/store
mount $root /mnt/nix/.ro-store -t squashfs
@@ -190,6 +187,11 @@ let
initialRamdisk = pkgs.makeInitrd {
contents = [ { object = bootStage1; symlink = "/init"; } ];
};
+ # Use for zynq_image
+ uRamdisk = pkgs.makeInitrd {
+ makeUInitrd = true;
+ contents = [ { object = bootStage1; symlink = "/init"; } ];
+ };
in
{
options = {
@@ -205,6 +207,7 @@ in
config = {
system.build.bootStage1 = bootStage1;
system.build.initialRamdisk = initialRamdisk;
+ system.build.uRamdisk = uRamdisk;
system.build.extraUtils = extraUtils;
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ "tun" "loop" "squashfs" ] ++ (lib.optional config.not-os.nix "overlay");
diff --git a/stage-2-init.sh b/stage-2-init.sh
index 6cc08e2..0c854c4 100644
--- a/stage-2-init.sh
+++ b/stage-2-init.sh
@@ -19,4 +19,7 @@ mount -t tmpfs tmpfs /dev/shm
$systemConfig/activate
+# Run any user-specified commands.
+@runtimeShell@ @postBootCommands@
+
exec runit
diff --git a/stage-2.nix b/stage-2.nix
index c61f9d6..fbdf0fd 100644
--- a/stage-2.nix
+++ b/stage-2.nix
@@ -20,6 +20,19 @@ with lib;
example = "256m";
type = types.str;
};
+ postBootCommands = mkOption {
+ default = "";
+ example = "rm -f /var/log/messages";
+ type = types.lines;
+ description = lib.mdDoc ''
+ Shell commands to be executed just before runit is started.
+ '';
+ };
+ };
+ networking.hostName = mkOption {
+ default = "";
+ type = types.strMatching
+ "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
};
};
config = {
@@ -28,6 +41,9 @@ with lib;
isExecutable = true;
path = config.system.path;
inherit (pkgs) runtimeShell;
+ postBootCommands = pkgs.writeText "local-cmds" ''
+ ${config.boot.postBootCommands}
+ '';
};
};
}
diff --git a/zynq_image.nix b/zynq_image.nix
index 3fa23ab..9ea1df3 100644
--- a/zynq_image.nix
+++ b/zynq_image.nix
@@ -1,66 +1,96 @@
-{ config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
+with lib;
let
- # dont use overlays for the qemu, it causes a lot of wasted time on recompiles
- x86pkgs = import pkgs.path { system = "x86_64-linux"; };
- customKernel = pkgs.linux.override {
+ crosspkgs = import pkgs.path {
+ system = "x86_64-linux";
+ crossSystem = {
+ system = "armv7l-linux";
+ linux-kernel = {
+ name = "zynq";
+ baseConfig = "multi_v7_defconfig";
+ target = "uImage";
+ installTarget = "uImage";
+ autoModules = false;
+ DTB = true;
+ makeFlags = [ "LOADADDR=0x8000" ];
+ };
+ };
+ };
+ customKernel = (crosspkgs.linux.override {
extraConfig = ''
OVERLAY_FS y
+ MEDIA_SUPPORT n
+ FB n
+ DRM n
+ SOUND n
+ SQUASHFS n
+ BACKLIGHT_CLASS_DEVICE n
'';
- };
- customKernelPackages = pkgs.linuxPackagesFor customKernel;
+ }).overrideAttrs (oa: {
+ postInstall = ''
+ cp arch/arm/boot/uImage $out
+ ${oa.postInstall}
+ '';
+ });
+ customKernelPackages = crosspkgs.linuxPackagesFor customKernel;
in {
imports = [ ./arm32-cross-fixes.nix ];
boot.kernelPackages = customKernelPackages;
nixpkgs.system = "armv7l-linux";
- system.build.zynq_image = let
- cmdline = "root=/dev/mmcblk0 console=ttyPS0,115200n8 systemConfig=${builtins.unsafeDiscardStringContext config.system.build.toplevel}";
- qemuScript = ''
- #!/bin/bash -v
- export PATH=${x86pkgs.qemu}/bin:$PATH
- set -x
- base=$(dirname $0)
-
- cp $base/root.squashfs /tmp/
- chmod +w /tmp/root.squashfs
- truncate -s 64m /tmp/root.squashfs
-
- qemu-system-arm \
- -M xilinx-zynq-a9 \
- -serial /dev/null \
- -serial stdio \
- -display none \
- -dtb $base/zynq-zc702.dtb \
- -kernel $base/zImage \
- -initrd $base/initrd \
- -drive file=/tmp/root.squashfs,if=sd,format=raw \
- -append "${cmdline}"
- '';
- in pkgs.runCommand "zynq_image" {
- inherit qemuScript;
- passAsFile = [ "qemuScript" ];
+ networking.hostName = "zynq";
+ not-os.sd = true;
+ not-os.simpleStaticIp = true;
+ system.build.zynq_image = pkgs.runCommand "zynq_image" {
preferLocalBuild = true;
} ''
mkdir $out
cd $out
- cp -s ${config.system.build.squashfs} root.squashfs
- cp -s ${config.system.build.kernel}/*zImage .
- cp -s ${config.system.build.initialRamdisk}/initrd initrd
- cp -s ${config.system.build.kernel}/dtbs/zynq-zc702.dtb .
+ cp -s ${config.system.build.kernel}/uImage .
+ cp -s ${config.system.build.uRamdisk}/initrd uRamdisk.image.gz
+ cp -s ${config.system.build.kernel}/dtbs/zynq-zc706.dtb devicetree.dtb
ln -sv ${config.system.build.toplevel} toplevel
- cp $qemuScriptPath qemu-script
- chmod +x qemu-script
- patchShebangs qemu-script
- ls -ltrh
'';
- system.build.rpi_image_tar = pkgs.runCommand "dist.tar" {} ''
- mkdir -p $out/nix-support
- tar -cvf $out/dist.tar ${config.system.build.rpi_image}
- echo "file binary-dist $out/dist.tar" >> $out/nix-support/hydra-build-products
- '';
- environment.systemPackages = [ pkgs.strace ];
- environment.etc."service/getty/run".source = pkgs.writeShellScript "getty" ''
- agetty ttyPS0 115200
+ environment = {
+ systemPackages = with pkgs; [ inetutils wget ];
+ etc = {
+ "service/getty/run".source = pkgs.writeShellScript "getty" ''
+ hostname ${config.networking.hostName}
+ exec setsid agetty ttyPS0 115200
+ '';
+ "pam.d/other".text = ''
+ auth sufficient pam_permit.so
+ account required pam_permit.so
+ password required pam_permit.so
+ session optional pam_env.so
+ '';
+ "security/pam_env.conf".text = "";
+ };
+ };
+ boot.postBootCommands = lib.mkIf config.not-os.sd ''
+ # On the first boot do some maintenance tasks
+ if [ -f /nix-path-registration ]; then
+ set -euo pipefail
+ set -x
+ # Figure out device names for the boot device and root filesystem.
+ rootPart=$(${pkgs.utillinux}/bin/findmnt -n -o SOURCE /)
+ bootDevice=$(lsblk -npo PKNAME $rootPart)
+ partNum=$(lsblk -npo MAJ:MIN $rootPart | ${pkgs.gawk}/bin/awk -F: '{print $2}')
+
+ # Resize the root partition and the filesystem to fit the disk
+ echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
+ ${pkgs.parted}/bin/partprobe
+ ${pkgs.e2fsprogs}/bin/resize2fs $rootPart
+
+ # Register the contents of the initial Nix store
+ nix-store --load-db < /nix-path-registration
+
+ # nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
+ touch /etc/NIXOS
+ nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+
+ # Prevents this from running on later boots.
+ rm -f /nix-path-registration
+ fi
'';
- environment.etc."pam.d/other".text = "";
}

41
pr-29.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/base.nix b/base.nix
index 7eaee32..c1881cb 100644
--- a/base.nix
+++ b/base.nix
@@ -155,6 +155,23 @@ with lib;
# dummy to make setup-etc happy
'';
system.activationScripts.etc = stringAfter [ "users" "groups" ] config.system.build.etcActivationCommands;
+ # Re-apply deprecated var value due to systemd preference in recent nixpkgs
+ # See https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd
+ system.activationScripts.var = lib.mkForce ''
+ # Various log/runtime directories.
+
+ mkdir -p /var/tmp
+ chmod 1777 /var/tmp
+
+ # Empty, immutable home directory of many system accounts.
+ mkdir -p /var/empty
+ # Make sure it's really empty
+ ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
+ find /var/empty -mindepth 1 -delete
+ chmod 0555 /var/empty
+ chown root:root /var/empty
+ ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
+ '';
# nix-build -A system.build.toplevel && du -h $(nix-store -qR result) --max=0 -BM|sort -n
system.build.toplevel = pkgs.runCommand "not-os" {
diff --git a/systemd-compat.nix b/systemd-compat.nix
index 11464c6..cb223b8 100644
--- a/systemd-compat.nix
+++ b/systemd-compat.nix
@@ -9,6 +9,8 @@ with lib;
};
systemd.user = mkOption {
};
+ systemd.tmpfiles = mkOption {
+ };
};
config = {
};

135
pr-30.patch Normal file
View File

@ -0,0 +1,135 @@
diff --git a/base.nix b/base.nix
index 7eaee32..622cbf1 100644
--- a/base.nix
+++ b/base.nix
@@ -120,10 +120,6 @@ with lib;
root:x:0:
nixbld:x:30000:nixbld1,nixbld10,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9
'';
- "ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub;
- "ssh/ssh_host_rsa_key" = { mode = "0600"; source = ./ssh/ssh_host_rsa_key; };
- "ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub;
- "ssh/ssh_host_ed25519_key" = { mode = "0600"; source = ./ssh/ssh_host_ed25519_key; };
};
boot.kernelParams = [ "systemConfig=${config.system.build.toplevel}" ];
boot.kernelPackages = lib.mkDefault (if pkgs.system == "armv7l-linux" then pkgs.linuxPackages_rpi1 else pkgs.linuxPackages);
diff --git a/gen_keys b/gen_keys
deleted file mode 100755
index ee586a2..0000000
--- a/gen_keys
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-mkdir ssh
-ssh-keygen -t rsa -b 4096 -f ssh/ssh_host_rsa_key -N ""
-ssh-keygen -t ed25519 -f ssh/ssh_host_ed25519_key -N ""
diff --git a/runit.nix b/runit.nix
index d7b0bf3..6d602b6 100644
--- a/runit.nix
+++ b/runit.nix
@@ -2,7 +2,6 @@
let
sshd_config = pkgs.writeText "sshd_config" ''
- HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Port 22
PidFile /run/sshd.pid
@@ -30,6 +29,13 @@ in
{
"runit/1".source = pkgs.writeScript "1" ''
#!${pkgs.runtimeShell}
+
+ ED25519_KEY="/etc/ssh/ssh_host_ed25519_key"
+
+ if [ ! -f $ED25519_KEY ]; then
+ ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $ED25519_KEY -N ""
+ fi
+
${lib.optionalString config.not-os.simpleStaticIp ''
ip addr add 10.0.2.15 dev eth0
ip link set eth0 up
diff --git a/ssh/ssh_host_ed25519_key b/ssh/ssh_host_ed25519_key
deleted file mode 100644
index 62f3b04..0000000
--- a/ssh/ssh_host_ed25519_key
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7wAAAJhmBZVCZgWV
-QgAAAAtzc2gtZWQyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7w
-AAAEBALOVU4aPZln0n7z7AR5jOoVnT7OhWAJiROqTw9ecEILK7lvb7j1bjsb0phCP7vHPV
-i5jfDcjPWRv94iA1Y8XvAAAAEGNsZXZlckBhbWQtbml4b3MBAgMEBQ==
------END OPENSSH PRIVATE KEY-----
diff --git a/ssh/ssh_host_ed25519_key.pub b/ssh/ssh_host_ed25519_key.pub
deleted file mode 100644
index c636ae4..0000000
--- a/ssh/ssh_host_ed25519_key.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILK7lvb7j1bjsb0phCP7vHPVi5jfDcjPWRv94iA1Y8Xv clever@amd-nixos
diff --git a/ssh/ssh_host_rsa_key b/ssh/ssh_host_rsa_key
deleted file mode 100644
index d9c3b46..0000000
--- a/ssh/ssh_host_rsa_key
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAxTB2amEQdRnxKKoTpm81Eydd0gSgiotd0Ujeg+eEkArLwlWv
-6gjoeNEzcNH8tZ0g3sjk1SVheZNxdHWCXqJnL/EIpoGn8VNW7pgRP1ZgW48wPjJ7
-dN8eve/28d2QCDYEkZNDTjHzDEHP/TxngjA6lli0KX6SfJbKUmqR/kdn8A5NpsjM
-BmjQ/UkMTAH/KG3HhSHRoljHFsyfKw917a3uO9ahLiEnFih36/V9anjljboEZAux
-XKNFUJFWkn+QPGLnPQtrP85ZUtSEFiwjOCcjCctps+miRJwZsNHE2erqelJbJb7v
-Cq+paoffxc27U7dhvLoz2f9XalW4Sj8mL45kyysrN4WBSDxi1znPjxD6PuNsabCe
-TBisHj2M09Zv7hZIoR53Jv6cjwZoML5MN6VA2yc/OAoYvDAJET/ZRPkl8tzzvMXo
-Y+bfyUitYA3FJjBInFm+mmVkHTqi/V7SwFKWGXRhAO2JU0cUXUrDyI7OKnNS4Vue
-h5O7UHGhtBvoFLDpkr9GJwNJNZXtNdK77eQXPDkv0k2qQcLZQLGRR4hBTIL9GAgE
-3nlCGs6bNw+OgaiWMqcLwoe8IBeq0WDrjRDEuyoIOREAQYZ0twYrhvT5rLXhz9IJ
-nUyn7P7uX4/i2tDWy3iPHJHNtFSD2lLA+xuXA6xoW1REfL3lCpIHZtpopP8CAwEA
-AQKCAgEAjbNYtPNRd0UQJq+pdUWe90enxP8sOsMRxQ4/ULxzZ2tKpzkaM+z42bFD
-7QQJPJ1QfKgSwRSeqlYJBq5W5BiCXFIybCzp+aJw6v3+DuzMS59nBJsUWpTnq4gg
-hgg4s53VxKL1j+CXDqzQgOMCYuyzfUz7EoJxU/SsKXOJvBemGjy9EmhjLQvvesQe
-gRRCPtQ8t2/pDGgNkVWz36a5kPYXJ4sBwntychrcqoR7/qIoG6Ob+iTo7HArpEz8
-0EO465wLHbPx+yUWzU4IKULIgFaneCdjqzTuNa2TTJxBgHOu0f4Sn9pIPv6imPpR
-FPzVa8BxDMUl87bpI3G8ACbHEw+ZX52wxC5/149ofu9jxBiGxODsmCGullIsGnEH
-F0PhA2kJzzb/MPcfZRGTvp0kbP9i3DM1yTa2vLSWT2hCi94zpRRiWMgN4azwvQeA
-o/KLlQ78hRu8wdJ5lwn5/iDpDr13TN5cHc7uhf/bVdwOcS9uSMAZvdIqazThQhgy
-G3AF5oIg/8MYz/pGwZg4aUmLTXB8O/Xgqtj5yUduMxR/vChZiKWHNt6EWT1VMHKs
-ktVBiLUZvp8kfWqSNVcLjt7tI2+Dwy2hNIPpRXZOu7cSf0A0YsZlcB/MLWBKKtMk
-mnYL1+rFTuR9TB6YkmDWwRqTHTEtyaXPADRX9j8Y0kF0Qd0JATECggEBAPp1+P5m
-wWMn2xOuBb+Znv036O+NOnQ+OPP04lFXwSHUsR6BMPJDaA2B3n+15vGCxzMLNQsl
-qn44WiUm2hv8BwO9DkFm/VpB9yj+30gnP6RXThPUsO6msN1XTa+F6GnnoJ8vRfnO
-9+iRU97Owwi8IGoHeVlsXRKhbi6cIJ0Y711b6uN97mBnOB+ig0F7L2lHrRRVYO3R
-SPpvZunsksZEoxdNGM4qTbhVjFve1gXWHNzzqDGzCqwnPWynVE8jEjM3jEp5GRKo
-jIEEN4k1SBI5Ovou07qogLgtsZnudxlJCDSgLITlJbCMwluZ+sjpxu6GIZrbNtYt
-yaCS+wwMvZYuWbcCggEBAMmM4kv2Na9Y272/oRIh5J14op4qMBWOqjXTdAX0WhrD
-ay/+s77t6Gq/oMgmulqQLLgZcGkrz7Z8DWfdNoSxZvQQcftr3CHrgRiZvyFzvhRN
-bnk3vTAT1Ay1nRFOmHsciOGVI8EijRVIunFJu2r4aIfQ6RUpBV16RwMk9CYjYcA1
-DAYc+IEDfH9SFmWAkO2/X9Gv7616fvAQsIjT+lSTkM6SPpvvwW7g/X3sM138ATJm
-8EcBbT7NvTmGbVSDYhzSyPc/DfZXnNhSMXPZrbwRJQNhUzL26TsOJUCzzD9yhwAC
-JTOON3VBqE3IRlKVlts5bghDcCxxFVK87U2pR6BvrvkCggEAWmTboc2qPEQ1MEwd
-bQJfvFpCarrY/v06Buo6CEuYu8IMzsqnxLgJRN67U/Jt0Hp3tHd2BHjqqLVj64az
-L2hti67fB0HJbJrkPlqGcX8g3ApadpPL68YjjS8mLZQxxo8/jFQ+eCN3m+tfjsmm
-4G8tb7cU1+5hRQkYQCA/MRO/yD0VcFeSAh8exWQc5TQ1b1TcJbuOySZApYoxZXnp
-mz9IcW905WulM0NE7h9ltSOKtUAHUzCgSHO9Gorlxc4NkoiYzIQaRX6pfyLrfEzL
-nzAilgryhaqtEkwDjl/fgjO2j2/DwY8GZErZFsBjH8In9wxX8pDtoK1T2O1TSA0N
-G7fMzwKCAQA1omgWDs76eor/U59pU9uijBe6Pz/MfMqOyFZ3vy67MIW1n/H1PRo8
-TgJbQPMWZod/9kUTt7TuutRWb2eyqALdsAKlBW7vF9yiz0ctf791Z6WeXFbcFGq5
-dxr1IBUzrcQ/Q5DgNHGW2GPFAfn93Vzzx4Q/PUtQNNnw3EScYY4BuBwbBFqc+nCG
-8TFEkZH/so2tH0SIxbBB8i8IOmDDYQGH9yLyHDs9ZmIOwGxq9kTbRMlsG9UWgWl5
-hWxSsSPKx8zy/rSYeXgjmLvQOH0jLuzKmXuqdEpcjMcdELupprCGMAv2TEI10eMX
-z9Pm5ife7sl5KXkQWodyHRSJNiL5br8BAoIBADu7tRChFC5oplnjQ2LYNbS58pv3
-+44RLBe6pZjiHTo9lSRmS+ymRrVoGyJWHEsS1eWjYZseuLjgQ0GuegF7fpeqqIST
-gXRaJ3OkjBWXtSNt48zsaWUMUO6qI8V7viMmxnzWskELaoHJTmOQSUXS9/L0/MFz
-1vhe6VN+xxlb0+x2if326RGJBIrDwInnTcMoIT0kPo1t9HWvs1pO29Qkg3Zellmg
-iEarmJVdr9WO26j72e1IYBauorVQHG9rqdv6YOdtvqKSqqh/Axm3G2HAXKJd7s9T
-FZYTE/OZsUWzEbRv73ZbzDFhva3BbHAHV71y4Uyllk85/PQ5qXISkf84gM4=
------END RSA PRIVATE KEY-----
diff --git a/ssh/ssh_host_rsa_key.pub b/ssh/ssh_host_rsa_key.pub
deleted file mode 100644
index 63dbd02..0000000
--- a/ssh/ssh_host_rsa_key.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFMHZqYRB1GfEoqhOmbzUTJ13SBKCKi13RSN6D54SQCsvCVa/qCOh40TNw0fy1nSDeyOTVJWF5k3F0dYJeomcv8QimgafxU1bumBE/VmBbjzA+Mnt03x697/bx3ZAINgSRk0NOMfMMQc/9PGeCMDqWWLQpfpJ8lspSapH+R2fwDk2myMwGaND9SQxMAf8obceFIdGiWMcWzJ8rD3Xtre471qEuIScWKHfr9X1qeOWNugRkC7Fco0VQkVaSf5A8Yuc9C2s/zllS1IQWLCM4JyMJy2mz6aJEnBmw0cTZ6up6Ulslvu8Kr6lqh9/FzbtTt2G8ujPZ/1dqVbhKPyYvjmTLKys3hYFIPGLXOc+PEPo+42xpsJ5MGKwePYzT1m/uFkihHncm/pyPBmgwvkw3pUDbJz84Chi8MAkRP9lE+SXy3PO8xehj5t/JSK1gDcUmMEicWb6aZWQdOqL9XtLAUpYZdGEA7YlTRxRdSsPIjs4qc1LhW56Hk7tQcaG0G+gUsOmSv0YnA0k1le010rvt5Bc8OS/STapBwtlAsZFHiEFMgv0YCATeeUIazps3D46BqJYypwvCh7wgF6rRYOuNEMS7Kgg5EQBBhnS3BiuG9PmsteHP0gmdTKfs/u5fj+La0NbLeI8ckc20VIPaUsD7G5cDrGhbVER8veUKkgdm2mik/w== clever@amd-nixos