commit 24b41c4fafbd14272c3b69a6ff30896a6cf26394 Author: Chloe Bethel Date: Mon Feb 10 11:47:09 2025 +0000 initial snapshot diff --git a/config.nix b/config.nix new file mode 100644 index 0000000..412d5bb --- /dev/null +++ b/config.nix @@ -0,0 +1,25 @@ +{...} : { +networking.hostName = "nixos"; + services.openssh.enable = true; + + users.users.stary = { + isNormalUser = true; + createHome = true; + extraGroups = [ "wheel" ]; + }; + + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "uk"; + }; + + system.stateVersion = "24.11"; + + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; +} \ No newline at end of file diff --git a/disable-systemd-security.nix b/disable-systemd-security.nix new file mode 100644 index 0000000..b031dde --- /dev/null +++ b/disable-systemd-security.nix @@ -0,0 +1,101 @@ +{...}: { + # who needs security lmao + systemd.services.systemd-journald = { + serviceConfig = { + DeviceAllow = ""; + IPAddressDeny = ""; + LockPersonality = "no"; + MemoryDenyWriteExecute = "no"; + NoNewPrivileges = "no"; + ProtectClock = "no"; + RestrictAddressFamilies = ""; + RestrictNamespaces = ""; + RestrictRealtime = "no"; + RestrictSUIDSGID = "no"; + }; + }; + systemd.services.systemd-udevd = { + serviceConfig = { + DeviceAllow = ""; + IPAddressDeny = ""; + LockPersonality = "no"; + MemoryDenyWriteExecute = "no"; + NoNewPrivileges = "no"; + ProtectClock = "no"; + RestrictAddressFamilies = ""; + RestrictNamespaces = ""; + RestrictRealtime = "no"; + RestrictSUIDSGID = "no"; + }; + }; + systemd.services.systemd-oomd = { + serviceConfig = { + DeviceAllow = ""; + IPAddressDeny = ""; + LockPersonality = "no"; + MemoryDenyWriteExecute = "no"; + NoNewPrivileges = "no"; + ProtectClock = "no"; + RestrictAddressFamilies = ""; + RestrictNamespaces = ""; + RestrictRealtime = "no"; + RestrictSUIDSGID = "no"; + }; + }; + systemd.services.systemd-timesyncd = { + serviceConfig = { + DeviceAllow = ""; + IPAddressDeny = ""; + LockPersonality = "no"; + MemoryDenyWriteExecute = "no"; + NoNewPrivileges = "no"; + ProtectClock = "no"; + RestrictAddressFamilies = ""; + RestrictNamespaces = ""; + RestrictRealtime = "no"; + RestrictSUIDSGID = "no"; + }; + }; + systemd.services.systemd-logind = { + serviceConfig = { + DeviceAllow = ""; + IPAddressDeny = ""; + LockPersonality = "no"; + MemoryDenyWriteExecute = "no"; + NoNewPrivileges = "no"; + ProtectClock = "no"; + RestrictAddressFamilies = ""; + RestrictNamespaces = ""; + RestrictRealtime = "no"; + RestrictSUIDSGID = "no"; + }; + }; + systemd.services.dhcpcd = { + serviceConfig = { + DeviceAllow = lib.mkForce ""; + IPAddressDeny = lib.mkForce ""; + LockPersonality = lib.mkForce false; + MemoryDenyWriteExecute = lib.mkForce "no"; + NoNewPrivileges = lib.mkForce "no"; + ProtectClock = lib.mkForce "no"; + RestrictAddressFamilies = lib.mkForce ""; + RestrictNamespaces = lib.mkForce ""; + RestrictRealtime = lib.mkForce "no"; + RestrictSUIDSGID = lib.mkForce "no"; + }; + }; + systemd.services.nginx = { + serviceConfig = { + DeviceAllow = lib.mkForce ""; + IPAddressDeny = lib.mkForce ""; + LockPersonality = lib.mkForce false; + MemoryDenyWriteExecute = lib.mkForce "no"; + NoNewPrivileges = lib.mkForce "no"; + ProtectClock = lib.mkForce "no"; + RestrictAddressFamilies = lib.mkForce ""; + RestrictNamespaces = lib.mkForce ""; + RestrictRealtime = lib.mkForce "no"; + RestrictSUIDSGID = lib.mkForce "no"; + }; + }; +} \ No newline at end of file diff --git a/dnsmasq.conf b/dnsmasq.conf new file mode 100644 index 0000000..fe9e61b --- /dev/null +++ b/dnsmasq.conf @@ -0,0 +1,5 @@ +port=0 # disable DNS server +interface=enp5s0u2u2 +bind-interfaces + +enable-tftp diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..c6b383c --- /dev/null +++ b/flake.lock @@ -0,0 +1,43 @@ +{ + "nodes": { + "common": { + "locked": { + "lastModified": 1718657915, + "narHash": "sha256-bOWGumfGVCkRn5wwqtLoVnFjDPiWSUzw6aksy7ZeDXU=", + "owner": "stary2001", + "repo": "nix-common", + "rev": "c88a9f284c17790aa5d003c557883fc25d71890a", + "type": "github" + }, + "original": { + "owner": "stary2001", + "repo": "nix-common", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1739114754, + "narHash": "sha256-SJhqKsnVleQKbD77pg53z9fjN4xfxq6ExDe+JJty2Jw=", + "owner": "stary2001", + "repo": "nixpkgs", + "rev": "4490ff4c27c1bc175982b1b46d4d0b4c24f219e8", + "type": "github" + }, + "original": { + "owner": "stary2001", + "ref": "stary/ppc32", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "common": "common", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..211126a --- /dev/null +++ b/flake.nix @@ -0,0 +1,66 @@ +# based on https://artemis.sh/2023/06/06/cross-compile-nixos-for-great-good.html +{ + description = "system configuration for ppc"; + + inputs = { + nixpkgs.url = "github:stary2001/nixpkgs/stary/ppc32"; + common.url = "github:stary2001/nix-common"; + }; + + outputs = + { + self, + common, + nixpkgs, + }: + rec { + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; + formatter.aarch64-linux = nixpkgs.legacyPackages.aarch64-linux.nixfmt-rfc-style; + + nixosConfigurations.lancom = nixpkgs.legacyPackages.x86_64-linux.pkgsCross.powerpc.nixos { + imports = [ + (import ./minimal.nix) + (import ./ssh-keys.nix) + (import ./locale.nix) + + common.nixosModules.wait-online-any + (import ./ppc.nix) + (import ./nginx.nix) + (import ./config.nix) + + (import ./disable-systemd-security.nix) + + ( + { pkgs, lib, ... }: + { + networking.hostName = "lancom"; + boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.callPackage ./lancom-kernel.nix { }); + system.boot.loader.kernelFile = "uImage"; + } + ) + ]; + }; + + nixosConfigurations.wiiu = nixpkgs.legacyPackages.x86_64-linux.pkgsCross.powerpc.nixos { + imports = [ + (import ./minimal.nix) + (import ./ssh-keys.nix) + + common.nixosModules.wait-online-any + (import ./ppc.nix) + (import ./nginx.nix) + (import ./config.nix) + + ( + { pkgs, lib, ... }: + { + networking.hostName = "nixos"; + boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.callPackage ./wiiu-kernel.nix { }); + + system.boot.loader.kernelFile = "dtbImage.wiiu"; + } + ) + ]; + }; + }; +} diff --git a/go.sh b/go.sh new file mode 100755 index 0000000..08f7f39 --- /dev/null +++ b/go.sh @@ -0,0 +1,14 @@ +# nix build .#pkgsCross.powerpc.ubootNwApp2 +# nix build .#pkgsCross.powerpc.nixosConfigurations.ppc.config.boot.kernelPackages.kernel +nix build .#nixosConfigurations.ppc.config.system.build.toplevel --no-eval-cache +ls -l result +sed "s^INIT^$(readlink result)/init^" tftp/boot.txt.tmpl > tftp/boot.txt +mkimage -T script -n 'Boot script' -d tftp/boot.txt tftp/boot.scr + +sudo cp result/kernel tftp/uImage +sudo cp result/initrd tftp/initrd +# dtb is fine. i hope + +sudo ip addr add 10.0.0.1/24 dev enp5s0u2u2 +sudo ip link set enp5s0u2u2 up +sudo dnsmasq -C dnsmasq.conf --tftp-root $(pwd)/tftp -d diff --git a/html/index.html b/html/index.html new file mode 100644 index 0000000..2f49816 --- /dev/null +++ b/html/index.html @@ -0,0 +1,2 @@ +Hello from NixOS on PowerPC! + diff --git a/html/logo.png b/html/logo.png new file mode 100644 index 0000000..5ce7757 Binary files /dev/null and b/html/logo.png differ diff --git a/lancom-kernel.nix b/lancom-kernel.nix new file mode 100644 index 0000000..2549c34 --- /dev/null +++ b/lancom-kernel.nix @@ -0,0 +1,53 @@ +# see https://discourse.nixos.org/t/port-nixos-to-ppc32/11965/13 + +{ + buildLinux, + fetchFromGitHub, + fetchurl, + lib, + stdenv, + ... +}@args: +lib.overrideDerivation + (buildLinux ( + args + // { + version = "6.13.0-rc4"; + src = fetchFromGitHub { + owner = "neuschaefer"; + repo = "linux"; + rev = "sha256-Mbbw+P8Fv1OL+sN4nZ/lc/ONibkEOivLx5QVXjVO7KU="; # mpc83xx branch + hash = "sha256-Mbbw+P8Fv1OL+sN4nZ/lc/ONibkEOivLx5QVXjVO7KU="; + }; + + kernelPatches = [ ]; + + features = { + efiBootStub = false; + iwlwifi = false; + needsCifsUtils = false; + }; + + autoModules = false; + + # enable nvme, disable kprobes because it takes too long at boot + structuredExtraConfig = with lib.kernel; { + BLK_DEV_NVME = yes; + KPROBES = lib.mkForce no; + FTRACE = lib.mkForce no; + RC_CORE = lib.mkForce no; + KEYRING = lib.mkForce no; + + DEFAULT_UIMAGE = yes; + }; + defconfig = "mpc83xx_defconfig"; + } + )) + (old: { + postInstall = + '' + cp arch/powerpc/boot/uImage $out/ + # lancom-nwapp2.dts ? + '' + + old.postInstall; + }) diff --git a/lancom.nix b/lancom.nix new file mode 100644 index 0000000..0cf2a32 --- /dev/null +++ b/lancom.nix @@ -0,0 +1,11 @@ +{ pkgs, lib, ... }: +{ + # temp hack in config + systemd.tpm2.enable = false; + + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; +} diff --git a/minimal.nix b/minimal.nix new file mode 100644 index 0000000..e8a2c36 --- /dev/null +++ b/minimal.nix @@ -0,0 +1,14 @@ +{ + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ + #(modulesPath + "/profiles/minimal.nix") + #(modulesPath + "/profiles/perlless.nix") + ]; + + hardware.enableAllHardware = lib.mkForce false; +} diff --git a/nginx.nix b/nginx.nix new file mode 100644 index 0000000..1304f7b --- /dev/null +++ b/nginx.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + services.nginx = { + enable = true; + virtualHosts = { + "ppc" = { + locations."/" = { + root = ./html; + }; + }; + }; + }; +} diff --git a/ppc.nix b/ppc.nix new file mode 100644 index 0000000..ea05e86 --- /dev/null +++ b/ppc.nix @@ -0,0 +1,40 @@ +{ + inputs, + lib, + pkgs, + config, + ... +}: +{ + # Serial console + boot.kernelParams = [ + "console=ttyS2,1500000" + "earlycon=uart8250,mmio32,0xff130000" + ]; + + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + boot.consoleLogLevel = lib.mkDefault 7; + + networking = { + interfaces = { + "eth0" = { + useDHCP = true; + }; + }; + }; + + # originally from hardware-configuration.nix + nixpkgs.hostPlatform = lib.mkDefault "powerpc-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + + hardware.enableAllHardware = false; + + # temp hack in config + systemd.tpm2.enable = false; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; +} diff --git a/sd-image.nix b/sd-image.nix new file mode 100644 index 0000000..b0d9098 --- /dev/null +++ b/sd-image.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + sdImage = { + populateFirmwareCommands = ""; + populateRootCommands = '' + mkdir -p ./files/boot + ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot + ''; + }; +} diff --git a/ssh-keys.nix b/ssh-keys.nix new file mode 100644 index 0000000..c35dc4d --- /dev/null +++ b/ssh-keys.nix @@ -0,0 +1,15 @@ +{ ... }: +let + myKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjUz1FruDlg5VNmvd4wi7DiXbMJcN4ujr8KtQ6OhlSc stary@pc" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+q372oe3sFtBQPAH93L397gYGYrjeGewzoOW97gSy1 stary@wheatley" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLg5nSbedQYRzm4BAU1OIYpaiTwP+afCAE3BvPcG7OI eddsa-key-20210602" # Windows VM + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK45+pMQ9LCmGLbP4fmDmjJaxEsB0JfeqXm8NK/Q9QSp JuiceSSH" # Phone + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3cTdfUSCjbQaZQRtpGlF+C7Ez9KYI7QCMMwwNlG91H stary@vorticon" # chrome thing + ]; +in +{ + users.users.root.password = "root"; + users.users.root.openssh.authorizedKeys.keys = myKeys; + users.users.stary.openssh.authorizedKeys.keys = myKeys; +} diff --git a/wiiu-kernel.nix b/wiiu-kernel.nix new file mode 100644 index 0000000..289e41f --- /dev/null +++ b/wiiu-kernel.nix @@ -0,0 +1,40 @@ +# see https://discourse.nixos.org/t/port-nixos-to-ppc32/11965/13 + +{ + buildLinux, + fetchFromGitLab, + fetchurl, + lib, + stdenv, + ... +}@args: +lib.overrideDerivation + (buildLinux ( + args + // { + version = "6.6.75-wiiu"; + src = fetchFromGitLab { + owner = "linux-wiiu"; + repo = "linux-wiiu"; + rev = "841387c876c096f8dd0df1756541aa57b1166577"; # rewrite-6.6 + hash = "sha256-qrC9jdRGQusdZCYX/Lz1boPtEFGlc74A+lB3kEIDrSY="; + }; + + autoModules = false; + + features = { + efiBootStub = false; + iwlwifi = false; + needsCifsUtils = false; + }; + + defconfig = "wiiu_defconfig"; + } + )) + (old: { + postInstall = + '' + cp arch/powerpc/boot/dtbImage.wiiu $out/ + '' + + old.postInstall; + })