depot/ops/nixos/kerrigan/default.nix

# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, config, modulesPath, ... }:

let
  nmFiles = builtins.attrNames (lib.filterAttrs (n: v: v == "regular" && lib.hasSuffix ".nmconnection" n) (builtins.readDir ./networkmanager));
  nmBits = lib.mkMerge (map (filename: {
    "NetworkManager/system-connections/${filename}" = {
      source = ./networkmanager + "/${filename}";
      mode = "0600";
    };
  }) nmFiles);

  uboot-envtools = pkgs.ubootTools.override {
    extraMakeFlags = [ "HOST_TOOLS_ALL=y" "CROSS_BUILD_TOOLS=1" "NO_SDL=1" "envtools" ];

    outputs = [ "out" "man" ];

    postInstall = ''
      ln -s $out/bin/fw_printenv $out/bin/fw_setenv
      installManPage doc/*.1
    '';
    filesToInstall = [
      "tools/env/fw_printenv"
    ];
  };
in
{
  fileSystems = {
    "/" = { device = "/dev/disk/by-label/NIXOS"; fsType = "ext4"; };
    "/boot" = { device = "/dev/disk/by-label/ESP"; fsType = "vfat"; };
  };

  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.kernelParams = [ "console=ttyS0,115200n8" ];
  boot.initrd.kernelModules = [ "phy-mvebu-cp110-utmi" ];

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = "1";
    "net.ipv6.conf.default.forwarding" = "1";
    "net.ipv6.conf.all.forwarding" = "1";
    "net.ipv6.conf.default.accept_ra_from_local" = "1";
    "net.ipv6.conf.all.accept_ra_from_local" = "1";
  };

  networking = {
    hostName = "kerrigan";
    domain = "as205479.net";
    hostId = "c424eeb8";
    useNetworkd = true;
    nameservers = [
      "2001:4860:4860::8888"
      "2001:4860:4860::8844"
      "8.8.8.8"
      "8.8.4.4"
    ];
    interfaces.eth2.useDHCP = true;
    interfaces.enu1u4i10.useDHCP = true;
    firewall.interfaces.br0.allowedTCPPorts = [ 80 ];
    nat = {
      enable = true;
      enableIPv6 = true;
      internalInterfaces = [ "br0" ];
      externalInterface = "enu1u4i10";
      dmzHost = "10.42.0.2";
    };
  };
  users.users.lukegb.extraGroups = lib.mkAfter [ "networkmanager" ];
  my.systemType = "aarch64-linux";

  my.ip.tailscale = "100.110.212.70";
  my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:626e:d446";

  systemd.network.netdevs.br0 = {
    netdevConfig = {
      Name = "br0";
      Kind = "bridge";
    };
  };
  systemd.network.networks.br0 = {
    matchConfig.Name = "br0";
    networkConfig = {
      Address = [ "10.42.0.1/24" "2a09:a443:ee::1/64" ];
      DHCPServer = true;
      IPv6SendRA = true;
    };
    ipv6Prefixes = [{
      Prefix = "2a09:a443:ee::/64";
    }];
    ipv6RoutePrefixes = [{
      Route = "::/0";
    }];
    dhcpServerConfig = {
      PoolOffset = 100;
      PoolSize = 100;
    };
  };
  systemd.network.networks.links-to-bridge = {
    matchConfig.Name = "lan*";
    networkConfig.Bridge = "br0";
  };

  environment.systemPackages = with pkgs; [
    libqmi screen minicom conntrack-tools modemmanager android-tools
    uboot-envtools
  ];
  services.udev.packages = with pkgs; [
    modemmanager
  ];

  services.caddy = {
    enable = true;
    extraConfig = ''
      10.42.0.1:80 {
        reverse_proxy /mbbstatus http://add-on.ee.co.uk {
          header_up Host add-on.ee.co.uk
        }
      }
    '';
  };

  boot.loader.efi.canTouchEfiVariables = false;
  boot.loader.systemd-boot.enable = true;

  systemd.services."systemd-networkd-wait-online".wantedBy = lib.mkForce [];

  system.stateVersion = "23.05";

  hardware.deviceTree = {
    enable = true;
    name = "marvell/armada-7040-mochabin.dtb";
    filter = "armada-7040-mochabin.dtb";
    overlays = [{
      name = "spi";
      filter = "armada-7040-mochabin.dtb";
      dtsText = ''
        /dts-v1/;
        /plugin/;

        / {
          compatible = "globalscale,mochabin marvell,armada7040 marvell,armada-ap806-quad marvell,armada-ap806";
        };

        &cp0_spi1 {
          flash@0 {
            status = "disabled";
          };
          flash-real@0 {
            #address-cells = <1>;
            #size-cells = <1>;
            compatible = "jedec,spi-nor";
            reg = <0>;
            spi-max-frequency = <20000000>;

            partitions {
              compatible = "fixed-partitions";
              #address-cells = <1>;
              #size-cells = <1>;

              partition@0 {
                label = "firmware";
                reg = <0x0 0x3e0000>;
                read-only;
              };
              partition@3e0000 {
                label = "u-boot-env";
                reg = <0x3e0000 0x20000>;
              };
            };
          };
        };
      '';
    }];
  };
}