Add a build for the yubikey management raspberry pi image.

2025-10-05 21:49:03 -04:00
parent 3d9513f2c5
commit 3733e76d18
19 changed files with 981 additions and 0 deletions
--- a/nix/yubipi/roles/blank/default.nix
+++ b/nix/yubipi/roles/blank/default.nix
@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    blank.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install blank.";
+    };
+  };
+
+  config = lib.mkIf config.me.blank.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+        ];
+      }
+      (lib.mkIf config.me.graphical {
+      })
+    ]
+  );
+}
--- a/nix/yubipi/roles/image_based_appliance/default.nix
+++ b/nix/yubipi/roles/image_based_appliance/default.nix
@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    image_based_appliance.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install image_based_appliance.";
+    };
+  };
+
+  config = lib.mkIf config.me.image_based_appliance.enable (
+    lib.mkMerge [
+      {
+        # Do not install nix. A full new image must be built to update
+        # the machine.
+        nix.enable = false;
+        system.switch.enable = false;
+      }
+    ]
+  );
+}
--- a/nix/yubipi/roles/optimized_build/default.nix
+++ b/nix/yubipi/roles/optimized_build/default.nix
@@ -0,0 +1,78 @@
+{
+  config,
+  lib,
+  pkgs,
+  pkgs-unoptimized,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    optimizations.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to enable CPU optimizations (will trigger a rebuild from source).";
+    };
+
+    optimizations.arch = lib.mkOption {
+      type = lib.types.str;
+      default = null;
+      example = "znver4";
+      description = "The CPU arch for which programs should be optimized.";
+    };
+
+    optimizations.system_features = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      example = [
+        "gccarch-armv6l"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+        "nixos-test"
+      ];
+      description = "The list of CPU features that should be enabled on this machine.";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf (!config.me.optimizations.enable) (
+      lib.mkMerge [
+        {
+        }
+      ]
+    ))
+    (lib.mkIf config.me.optimizations.enable (
+      lib.mkMerge [
+        {
+          nixpkgs.config.allowUnsupportedSystem = true;
+
+          nixpkgs.hostPlatform = {
+            gcc.arch = config.me.optimizations.arch;
+            gcc.tune = config.me.optimizations.arch;
+            system = "armv6l-linux";
+          };
+
+          # Uncomment on of these to enable cross compiling:
+          # nixpkgs.buildPlatform = builtins.currentSystem;
+          # nixpkgs.buildPlatform = {
+          #   gcc.arch = "znver4";
+          #   gcc.tune = "znver4";
+          #   system = "x86_64-linux";
+          # };
+        }
+      ]
+    ))
+    (lib.mkIf (config.me.optimizations.system_features != [ ]) (
+      lib.mkMerge [
+        {
+          nix.settings.system-features = lib.mkForce config.me.optimizations.system_features;
+        }
+      ]
+    ))
+
+  ];
+}
--- a/nix/yubipi/roles/raspberry_pi_sd_image/default.nix
+++ b/nix/yubipi/roles/raspberry_pi_sd_image/default.nix
@@ -0,0 +1,62 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    raspberry_pi_sd_image.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install raspberry_pi_sd_image.";
+    };
+  };
+
+  config = lib.mkIf config.me.raspberry_pi_sd_image.enable (
+    lib.mkMerge [
+      {
+        boot.loader.grub.enable = false;
+        boot.loader.generic-extlinux-compatible.enable = true;
+
+        boot.consoleLogLevel = lib.mkDefault 7;
+        boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi1;
+
+        sdImage = {
+          populateFirmwareCommands =
+            let
+              configTxt = pkgs.writeText "config.txt" ''
+                # u-boot refuses to start (gets stuck at rainbow polygon) without this,
+                # at least on Raspberry Pi 0.
+                enable_uart=1
+
+                # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
+                # when attempting to show low-voltage or overtemperature warnings.
+                avoid_warnings=1
+
+                [pi0]
+                kernel=u-boot-rpi0.bin
+
+                [pi1]
+                kernel=u-boot-rpi1.bin
+              '';
+            in
+            ''
+              (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf *.dtb $NIX_BUILD_TOP/firmware/)
+              cp ${pkgs.ubootRaspberryPiZero}/u-boot.bin firmware/u-boot-rpi0.bin
+              cp ${pkgs.ubootRaspberryPi}/u-boot.bin firmware/u-boot-rpi1.bin
+              cp ${configTxt} firmware/config.txt
+            '';
+          populateRootCommands = ''
+            mkdir -p ./files/boot
+            ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
+          '';
+        };
+      }
+    ]
+  );
+}
--- a/nix/yubipi/roles/reset/default.nix
+++ b/nix/yubipi/roles/reset/default.nix
@@ -0,0 +1,16 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  # Reset some defaults to start from a minimal more-arch-linux-like state. Think of this like a CSS reset sheet.
+  config = {
+    # Do not use default packages (nixos includes some defaults like nano)
+    environment.defaultPackages = lib.mkForce [ ];
+  };
+}