Add a host for hydra.

nix/configuration/flake.nix

@@ -57,6 +57,9 @@
         i_only_boot_zfs = {
           system = "x86_64-linux";
         };
+        hydra = {
+          system = "x86_64-linux";
+        };
       };
       nixosConfigs = builtins.mapAttrs (
         hostname: nodeConfig: format:

nix/configuration/hosts/hydra/DEPLOY_BOOT

@@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 : "${JOBS:="1"}"
 
-#TARGET=10.216.1.14
-# TARGET=192.168.211.250
 TARGET=hydra
 
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 
 nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
-
-# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

nix/configuration/hosts/hydra/DEPLOY_SWITCH

@@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 : "${JOBS:="1"}"
 
-#TARGET=10.216.1.14
-# TARGET=192.168.211.250
 TARGET=hydra
 
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 
 nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
-
-# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

nix/configuration/hosts/hydra/ISO

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

nix/configuration/hosts/hydra/SELF_BOOT

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: "${JOBS:="1"}"
+
+for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
+nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json

nix/configuration/hosts/hydra/SELF_BUILD

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: "${JOBS:="1"}"
+
+for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
+nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json

nix/configuration/hosts/hydra/SELF_SWITCH

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: "${JOBS:="1"}"
+
+for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
+nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json

nix/configuration/hosts/hydra/VM_ISO

@@ -7,7 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : "${JOBS:="1"}"
 
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
-nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
+nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
-
-install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
-unlink ./result

nix/configuration/hosts/hydra/default.nix

@@ -1,41 +1,40 @@
+# MANUAL: On client machines generate signing keys:
+#   nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub
 #
-# Testing:
+# Trust other machines and add the substituters:
-# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
+#   nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ];
-#      -accel kvm \
+#   nix.binaryCaches = [ "https://test.example/nix-cache" ];
-#      -cpu host \
-#      -smp cores=8 \
-#      -m 32768 \
-#      -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
-#      -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
-#      -device nvme,serial=deadbeef,drive=nvm \
-#      -nic user,hostfwd=tcp::60022-:22 \
-#      -boot order=d \
-#      -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
-#      -display vnc=127.0.0.1:0
-#
 
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
   imports = [
-    ./disk-config.nix
     ./hardware-configuration.nix
     ./vm_disk.nix
   ];
 
   config = {
     # Generate with `head -c4 /dev/urandom | od -A none -t x4`
-    networking.hostId = "fbd233d8";
+    networking.hostId = "6fbf418b";
 
     networking.hostName = "hydra"; # Define your hostname.
 
     time.timeZone = "America/New_York";
     i18n.defaultLocale = "en_US.UTF-8";
 
+    me.boot.enable = true;
     me.boot.secure = false;
     me.mountPersistence = true;
+    boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options.
 
     me.optimizations = {
       enable = true;
       arch = "znver4";
+      # build_arch = "x86-64-v3";
       system_features = [
         "gccarch-znver4"
         "gccarch-skylake"
@@ -53,26 +52,18 @@
     # Mount tmpfs at /tmp
     boot.tmp.useTmpfs = true;
 
-    me.base.enable = true;
+    # Enable TRIM
-    me.boot.enable = true;
+    # services.fstrim.enable = lib.mkDefault true;
-    me.doas.enable = true;
+
-    me.emacs_flavor = "plainmacs";
+    # nix.optimise.automatic = true;
-    me.firewall.enable = true;
+    # nix.optimise.dates = [ "03:45" ];
-    me.font.enable = true;
+    # nix.optimise.persistent = true;
-    me.git.enable = true;
+
-    me.graphical = false;
+    me.image_based_appliance.enable = lib.mkForce false;
-    me.hydra.enable = false;
+
-    me.memtest.enable = true;
+    me.build_in_ram.enable = true;
-    me.network.enable = true;
+    me.dont_use_substituters.enable = true;
+    me.minimal_base.enable = true;
     me.nix_worker.enable = true;
-    me.nvme.enable = true;
-    me.ssh.enable = true;
-    me.sshd.enable = true;
-    me.user.enable = true;
-    me.vm_disk.enable = true;
-    me.wireguard.activated = [ ];
-    me.wireguard.deactivated = [ ];
-    me.zfs.enable = true;
-    me.zsh.enable = true;
   };
 }

nix/configuration/hosts/hydra/disk-config.nix

@@ -1,139 +0,0 @@
-# Manual Step:
-#   Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
-#   Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
-{
-  config,
-  lib,
-  ...
-}:
-
-lib.mkIf (!config.me.buildingIso) {
-  disko.devices = {
-    disk = {
-      main = {
-        type = "disk";
-        device = "/dev/nvme0n1";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              size = "1G";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [
-                  "umask=0077"
-                  "noatime"
-                  "discard"
-                ];
-              };
-            };
-            zfs = {
-              size = "100%";
-              content = {
-                type = "zfs";
-                pool = "zroot";
-              };
-            };
-          };
-        };
-      };
-    };
-    zpool = {
-      zroot = {
-        type = "zpool";
-        # mode = "mirror";
-        # Workaround: cannot import 'zroot': I/O error in disko tests
-        options.cachefile = "none";
-        options = {
-          ashift = "12";
-          compatibility = "openzfs-2.2-freebsd";
-          autotrim = "on";
-        };
-        rootFsOptions = {
-          acltype = "posixacl";
-          atime = "off";
-          relatime = "off";
-          xattr = "sa";
-          mountpoint = "none";
-          compression = "lz4";
-          canmount = "off";
-          utf8only = "on";
-          dnodesize = "auto";
-          normalization = "formD";
-        };
-
-        datasets = {
-          "linux/nix" = {
-            type = "zfs_fs";
-            options.mountpoint = "none";
-          };
-          "linux/nix/root" = {
-            type = "zfs_fs";
-            options.mountpoint = "legacy";
-            mountpoint = "/";
-            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
-          };
-          "linux/nix/nix" = {
-            type = "zfs_fs";
-            options.mountpoint = "legacy";
-            mountpoint = "/nix";
-            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
-            options = {
-              recordsize = "1MiB";
-              compression = "lz4";
-            };
-          };
-          "linux/nix/home" = {
-            type = "zfs_fs";
-            options.mountpoint = "legacy";
-            mountpoint = "/home";
-            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
-          };
-          "linux/nix/persist" = {
-            type = "zfs_fs";
-            options.mountpoint = "legacy";
-            mountpoint = "/persist";
-            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
-          };
-          "linux/nix/state" = {
-            type = "zfs_fs";
-            options.mountpoint = "legacy";
-            mountpoint = "/state";
-            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
-          };
-        };
-      };
-    };
-  };
-
-  # Make sure all persistent volumes are marked as neededForBoot
-  #
-  # Also mounts /home so it is mounted before the user home directories are created.
-  fileSystems."/persist".neededForBoot = true;
-  fileSystems."/state".neededForBoot = true;
-  fileSystems."/home".neededForBoot = true;
-
-  fileSystems."/".options = [
-    "noatime"
-    "norelatime"
-  ];
-  fileSystems."/nix".options = [
-    "noatime"
-    "norelatime"
-  ];
-  fileSystems."/persist".options = [
-    "noatime"
-    "norelatime"
-  ];
-  fileSystems."/state".options = [
-    "noatime"
-    "norelatime"
-  ];
-  fileSystems."/home".options = [
-    "noatime"
-    "norelatime"
-  ];
-}

nix/configuration/hosts/hydra/hardware-configuration.nix

@@ -1,4 +1,5 @@
 {
+  config,
   lib,
   modulesPath,
   ...
@@ -11,12 +12,9 @@
 
   config = {
     boot.initrd.availableKernelModules = [
-      "xhci_pci"
       "nvme"
-      "usbhid"
+      "xhci_pci"
-      "usb_storage"
+      "thunderbolt"
-      "sd_mod"
-      "sdhci_pci"
     ];
     boot.initrd.kernelModules = [ ];
     boot.kernelModules = [ ];
@@ -26,10 +24,8 @@
     # (the default) this is the recommended approach. When using systemd-networkd it's
     # still possible to use this option, but it's recommended to use it in conjunction
     # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-    networking.dhcpcd.enable = lib.mkForce true;
+    # networking.useDHCP = lib.mkDefault true;
-    networking.useDHCP = lib.mkForce true;
+    # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-    networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
+    # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
-    # systemd.network.enable = true;
-
   };
 }

nix/configuration/hosts/hydra/vm_disk.nix

@@ -1,24 +1,21 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 
 {
   imports = [ ];
 
-  options.me = {
+  config = {
-    vm_disk.enable = lib.mkOption {
+    # environment.systemPackages = with pkgs; [
-      type = lib.types.bool;
+    #   e2fsprogs # mkfs.ext4
-      default = false;
+    #   gptfdisk # cgdisk
-      example = true;
+    # ];
-      description = "Whether we want to mount the local disk for persistent storage.";
-    };
-  };
 
-  config = lib.mkIf config.me.vm_disk.enable {
     # Mount the local disk
-    fileSystems = {
+    fileSystems = lib.mkIf config.me.mountPersistence {
       "/.disk" = lib.mkForce {
         device = "/dev/nvme0n1p1";
         fsType = "ext4";
@@ -29,6 +26,21 @@
         neededForBoot = true;
       };
 
+      # "/.disk" = lib.mkForce {
+      #   device = "bind9p";
+      #   fsType = "9p";
+      #   options = [
+      #     "noatime"
+      #     "trans=virtio"
+      #     "version=9p2000.L"
+      #     "cache=mmap"
+      #     "msize=512000"
+      #     # "noauto"
+      #     # "x-systemd.automount"
+      #   ];
+      #   neededForBoot = true;
+      # };
+
       "/persist" = {
         fsType = "none";
         device = "/.disk/persist";
@@ -39,6 +51,7 @@
         depends = [
           "/.disk/persist"
         ];
+        neededForBoot = true;
       };
 
       "/state" = {
@@ -51,16 +64,22 @@
         depends = [
           "/.disk/state"
         ];
+        neededForBoot = true;
       };
 
       "/nix/store" = lib.mkForce {
-        fsType = "overlay";
+        overlay = {
-        device = "overlay";
+          lowerdir = [ "/nix/.ro-store" ];
-        options = [
+          upperdir = "/.disk/persist/store";
-          "lowerdir=/nix/.ro-store"
+          workdir = "/.disk/state/work";
-          "upperdir=/.disk/persist/store"
+        };
-          "workdir=/.disk/state/work"
+        # fsType = "overlay";
-        ];
+        # device = "overlay";
+        # options = [
+        #   "lowerdir=/nix/.ro-store"
+        #   "upperdir=/.disk/persist/store"
+        #   "workdir=/.disk/state/work"
+        # ];
         depends = [
           "/nix/.ro-store"
           "/.disk/persist/store"

nix/configuration/roles/distributed_build/default.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   all_nixos_configs,
+  pkgs,
   ...
 }:
 
@@ -56,6 +57,21 @@ in
     lib.mkMerge [
       {
         nix.distributedBuilds = true;
+
+        nix.settings.substituters = lib.mkForce [ "ssh://hydra" ];
+        nix.settings.substitute = lib.mkForce true;
+        nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" ''
+          set -euo pipefail
+          IFS=$'\n\t'
+          set -f # disable globbing
+          echo "Signing and uploading paths" $OUT_PATHS
+          #exec nix copy --to 'ssh://hydra?secret-key=/persist/manual/nix/nix-cache-key.sec' $OUT_PATHS
+          exec nix copy --to 'ssh://hydra' $OUT_PATHS
+        '';
+        nix.settings.secret-key-files = [ "/persist/manual/nix/nix-cache-key.sec" ];
+        nix.settings.trusted-public-keys = lib.mkForce [
+          "odo:0S/XKSFjjIrihQ7lbHEIebXk/c/xuoodhm0Gz26YhjA="
+        ];
       }
       {
         nix.buildMachines = (

nix/configuration/roles/qemu/files/qemurc.bash

@@ -307,7 +307,7 @@ function start_body {
     local additional_args=()
 
     if [ -n "$BIND9P" ]; then
-        additional_args+=(-device "virtio-9p-type,fsdev=${BIND9P},mount_tag=bind9p")
+        additional_args+=(-device "virtio-9p-pci,fsdev=${BIND9P},mount_tag=bind9p")
     fi
 
     if [ -n "$mount_cd" ]; then