cleanup

2026-03-18 21:15:20 -05:00
parent 5466c59dde
commit c1028fc0f0
5 changed files with 27 additions and 478 deletions
--- a/systems/aarch64-linux/pi5/boot.nix
+++ b/systems/aarch64-linux/pi5/boot.nix
@@ -6,10 +6,6 @@
 }:
 {
  boot = {
-    # loader.raspberry-pi = {
-    #   bootloader = "kernel";
-    #   firmwarePackage = pkgs.raspberrypifw;
-    # };
    kernelPackages = pkgs.${namespace}.linuxPackages_rpi5-latest;
    initrd = {
      availableKernelModules = lib.mkForce [ ];
@@ -43,84 +39,17 @@

  specialisation = {
    "linux-stable".configuration = {
-      boot = {
-        kernelPackages = lib.mkOverride 90 pkgs.${namespace}.linuxPackages_rpi5-lts;
-        #  loader.systemd-boot.installDeviceTree = true;
-      };
-      #  hardware.deviceTree = {
-      #    enable = true;
-      #    package = lib.mkForce pkgs.${namespace}.linuxPackages_rpi5-lts.kernel;
-      #    name = "bcm2712-rpi-5-b.dtb";
-      #    filter = "bcm2712*";
-      #  };
-      #  boot.bootspec.extensions."org.nixos.systemd-boot" = lib.mkForce {
-      #    inherit (config.boot.loader.systemd-boot) sortKey;
-      #    devicetree = "./bcm2712-rpi-5-b.dtb";
-      #  };
+      boot.kernelPackages = lib.mkOverride 90 pkgs.${namespace}.linuxPackages_rpi5-lts;
    };
  };

-  ${namespace}.hardware.raspberry-pi.config = {
-    # extra-config = {
-    #   armstub = "RPI_EFI.fd";
-    # };
-    all = {
-      #   # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
-
-      # options = {
-      #     # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
-      #     # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
-      #     # creates a serial console, accessible using GPIOs 14 and 15 (pins
-      #     #  8 and 10 on the 40-pin header)
-      #     enable_uart = {
-      #       enable = true;
-      #       value = true;
-      #     };
-      #     # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
-      #     # enable debug logging to the UART, also automatically enables
-      #     # UART logging in `start.elf`
-      #     uart_2ndstage = {
-      #       enable = true;
-      #       value = true;
-      #     };
-      #   };
-
-      # Base DTB parameters
-      # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
-      base-dt-params = {
-
-        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
-        pciex1 = {
-          enable = true;
-          value = "on";
-        };
-        # PCIe Gen 3.0
-        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
-        pciex1_gen = {
-          enable = true;
-          value = "3";
-        };
-
-      };
-
-      # extra-config = ''
-      #   armstub=RPI_EFI.fd
-      #   device_tree_address=0x1f0000
-      #   device_tree_end=0x210000
-
-      #   # Force 32 bpp framebuffer allocation.
-      #   framebuffer_depth=32
-
-      #   # Disable compensation for displays with overscan.
-      #   disable_overscan=1
-
-      #   # Force maximum USB power regardless of the power supply.
-      #   usb_max_current_enable=1
-
-      #   # Force maximum CPU speed.
-      #   force_turbo=1
-      # '';
-
-    };
+  ${namespace}.hardware.raspberry-pi.config.all.base-dt-params = {
+    # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
+    pciex1.enable = true;
+    pciex1.value = "on";
+    # PCIe Gen 3.0
+    # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
+    pciex1_gen.enable = true;
+    pciex1_gen.value = "3";
  };
 }
--- a/systems/x86_64-linux/jallen-nas/vpn.nix
+++ b/systems/x86_64-linux/jallen-nas/vpn.nix
@@ -3,13 +3,6 @@
  lib,
  ...
 }:
-# let
-#   configFile = pkgs.writeText "openvpn-config-us.protonvpn.udp" ''
-#     errors-to-stderr
-#     ${config.services.openvpn.servers."us.protonvpn.udp".config}
-#     auth-user-pass ${config.services.openvpn.servers."us.protonvpn.udp".authUserPass}
-#   '';
-# in
 {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  sops = {
@@ -31,80 +24,6 @@
    };
  };

-  # networking.nftables = {
-  #   enable = true;
-  #   ruleset = ''
-  #     table ip nat {
-  #       chain postrouting {
-  #         type nat hook postrouting priority 100;
-  #         oifname "enp197s0" ip saddr 10.200.0.0/30 masquerade
-  #       }
-  #     }
-  #   '';
-  # };
-
-  # systemd.services = {
-  #   vpn-netns =
-  #   let
-  #     ip = "${pkgs.iproute2}/bin/ip";
-  #   in  {
-  #     description = "Create VPN network namespace";
-  #     wantedBy = [ "multi-user.target" ];
-  #     before = [ "openvpn-us.protonvpn.udp.service" ];
-
-  #     serviceConfig = {
-  #       Type = "oneshot";
-  #       RemainAfterExit = true;
-
-  #       ExecStart = pkgs.writeShellScript "vpn-netns-up" ''
-  #         set -euxo pipefail
-
-  #         # Ensure namespace exists
-  #         ${ip} netns add vpn 2>/dev/null || true
-
-  #         # Clean up any previous veth (deleting one end deletes the peer too)
-  #         ${ip} link del veth-host 2>/dev/null || true
-
-  #         # Create veth pair
-  #         ${ip} link add veth-host type veth peer name veth-vpn
-
-  #         # Move peer into namespace
-  #         ${ip} link set veth-vpn netns vpn
-
-  #         # Host side
-  #         ${ip} addr add 10.200.0.1/30 dev veth-host 2>/dev/null || true
-  #         ${ip} link set veth-host up
-
-  #         # Namespace side
-  #         ${ip} -n vpn addr add 10.200.0.2/30 dev veth-vpn 2>/dev/null || true
-  #         ${ip} -n vpn link set veth-vpn up
-  #         ${ip} -n vpn link set lo up
-
-  #         # Default route in namespace via host
-  #         ${ip} -n vpn route replace default via 10.200.0.1
-
-  #         ${ip} -n vpn route replace 10.0.1.0/24 via 10.200.0.1 dev veth-vpn
-  #       '';
-  #       ExecStop = pkgs.writeShellScript "vpn-netns-down" ''
-  #         set -eux
-  #         ${ip} link del veth-host 2>/dev/null || true
-  #       '';
-  #     };
-  #   };
-
-  #   "openvpn-us.protonvpn.udp" = {
-  #     after = [ "network-online.target" "vpn-netns.service" ];
-  #     wants = [ "network-online.target" ];
-  #     serviceConfig = {
-  #       ExecStart = lib.mkOverride 90 ''
-  #         ${pkgs.iproute2}/bin/ip netns exec vpn \
-  #           ${pkgs.openvpn}/sbin/openvpn --config ${configFile}
-  #       '';
-  #     };
-  #   };
-  # };
-
-  # Services configs
  services = {
    openvpn = {
      servers = {