diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix index 5a1b58f..7907444 100644 --- a/nix/configuration/configuration.nix +++ b/nix/configuration/configuration.nix @@ -9,6 +9,7 @@ { imports = [ ./roles/2ship2harkinian + ./roles/9pfs_nix_store ./roles/alacritty ./roles/ansible ./roles/ares diff --git a/nix/configuration/flake.nix b/nix/configuration/flake.nix index 38ece4e..2e1e840 100644 --- a/nix/configuration/flake.nix +++ b/nix/configuration/flake.nix @@ -29,7 +29,7 @@ # Install on a new machine: # # -# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/quark/disk-config.nix +# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix # nix flake update zsh-histdb --flake . # nix flake update ansible-sshjail --flake . @@ -115,120 +115,131 @@ ./configuration.nix ]; }; - systems = { - odo = { - main = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { + systems = + let + additional_iso_modules = [ + (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") + # TODO: Figure out how to do image based appliances + # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") + { + isoImage.makeEfiBootable = true; + isoImage.makeUsbBootable = true; + me.buildingIso = true; + me.optimizations.enable = nixpkgs.lib.mkDefault false; + me._9pfs_nix_store.is_iso = true; + } + { + # These are big space hogs. The chance that I need them on an ISO is slim. + me.steam.enable = nixpkgs.lib.mkForce false; + me.pcsx2.enable = nixpkgs.lib.mkForce false; + } + ]; + additional_vm_modules = [ + (nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") + { + networking.dhcpcd.enable = true; + networking.useDHCP = true; + me.optimizations.enable = nixpkgs.lib.mkDefault false; + } + { + # me._9pfs_nix_store.enable = true; + } + ]; + in + { + odo = rec { + main = base_x86_64_linux // { modules = base_x86_64_linux.modules ++ [ ./hosts/odo ]; - } - ); - iso = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { - modules = base_x86_64_linux.modules ++ [ - ./hosts/odo - (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") - # TODO: Figure out how to do image based appliances - # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") - { - isoImage.makeEfiBootable = true; - isoImage.makeUsbBootable = true; - me.buildingIso = true; - me.optimizations.enable = nixpkgs.lib.mkForce false; - } - ]; - } - ); - }; - quark = { - main = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { + }; + iso = main // { + modules = main.modules ++ additional_iso_modules; + }; + vm = main // { + modules = main.modules ++ additional_vm_modules; + }; + vm_iso = main // { + modules = main.modules ++ additional_vm_modules ++ additional_iso_modules; + }; + }; + quark = rec { + main = base_x86_64_linux // { modules = base_x86_64_linux.modules ++ [ ./hosts/quark ]; - } - ); - iso = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { - modules = base_x86_64_linux.modules ++ [ - ./hosts/quark - (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") - # TODO: Figure out how to do image based appliances - # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") - { - isoImage.makeEfiBootable = true; - isoImage.makeUsbBootable = true; - me.buildingIso = true; - me.optimizations.enable = nixpkgs.lib.mkForce false; - } - ]; - } - ); - }; - neelix = { - main = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { + }; + iso = main // { + modules = main.modules ++ additional_iso_modules; + }; + vm = main // { + modules = main.modules ++ additional_vm_modules; + }; + vm_iso = main // { + modules = main.modules ++ additional_vm_modules ++ additional_iso_modules; + }; + }; + neelix = rec { + main = base_x86_64_linux // { modules = base_x86_64_linux.modules ++ [ ./hosts/neelix ]; - } - ); - iso = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { - modules = base_x86_64_linux.modules ++ [ - ./hosts/neelix - (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") + }; + iso = main // { + modules = main.modules ++ additional_iso_modules; + }; + vm = main // { + modules = main.modules ++ additional_vm_modules; + }; + vm_iso = main // { + modules = main.modules ++ additional_vm_modules ++ additional_iso_modules; + }; + }; + hydra = + let + additional_iso_modules = additional_iso_modules ++ [ { - isoImage.makeEfiBootable = true; - isoImage.makeUsbBootable = true; - me.buildingIso = true; - me.optimizations.enable = nixpkgs.lib.mkForce false; + me.optimizations.enable = true; } ]; - } - ); + in + rec { + main = base_x86_64_linux // { + modules = base_x86_64_linux.modules ++ [ + ./hosts/hydra + ]; + }; + iso = main // { + modules = main.modules ++ additional_iso_modules; + }; + vm = main // { + modules = main.modules ++ additional_vm_modules; + }; + vm_iso = main // { + modules = main.modules ++ additional_vm_modules ++ additional_iso_modules; + }; + }; }; - hydra = { - main = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { - modules = base_x86_64_linux.modules ++ [ - ./hosts/hydra - ]; - } - ); - iso = nixpkgs.lib.nixosSystem ( - base_x86_64_linux - // { - modules = base_x86_64_linux.modules ++ [ - ./hosts/hydra - (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") - { - isoImage.makeEfiBootable = true; - isoImage.makeUsbBootable = true; - me.buildingIso = true; - } - ]; - } - ); - }; - }; in { - nixosConfigurations.odo = systems.odo.main; - iso.odo = systems.odo.iso.config.system.build.isoImage; - nixosConfigurations.quark = systems.quark.main; - iso.quark = systems.quark.iso.config.system.build.isoImage; - nixosConfigurations.neelix = systems.neelix.main; - iso.neelix = systems.neelix.iso.config.system.build.isoImage; - nixosConfigurations.hydra = systems.hydra.main; - iso.hydra = systems.hydra.iso.config.system.build.isoImage; + nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main; + iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage; + nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm; + vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage; + + nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main; + iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage; + nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm; + vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage; + + nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main; + iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage; + nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm; + vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage; + + nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main; + iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage; + nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm; + vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage; }; } diff --git a/nix/configuration/hosts/neelix/hardware-configuration.nix b/nix/configuration/hosts/neelix/hardware-configuration.nix index b583e6a..fe3c1cb 100644 --- a/nix/configuration/hosts/neelix/hardware-configuration.nix +++ b/nix/configuration/hosts/neelix/hardware-configuration.nix @@ -14,7 +14,14 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; @@ -23,7 +30,7 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; diff --git a/nix/configuration/hosts/odo/default.nix b/nix/configuration/hosts/odo/default.nix index a7e64f6..c950775 100644 --- a/nix/configuration/hosts/odo/default.nix +++ b/nix/configuration/hosts/odo/default.nix @@ -7,7 +7,7 @@ { imports = [ ./hardware-configuration.nix - ./disk-config.nix + ./wrapped-disk-config.nix ./optimized_build.nix ./distributed_build.nix ./power_management.nix diff --git a/nix/configuration/hosts/odo/disk-config.nix b/nix/configuration/hosts/odo/disk-config.nix index dc31c68..4575e94 100644 --- a/nix/configuration/hosts/odo/disk-config.nix +++ b/nix/configuration/hosts/odo/disk-config.nix @@ -1,14 +1,8 @@ # Manual Step: # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 -{ - config, - lib, - pkgs, - ... -}: -lib.mkIf (!config.me.buildingIso) { +{ disko.devices = { disk = { main = { diff --git a/nix/configuration/hosts/odo/hardware-configuration.nix b/nix/configuration/hosts/odo/hardware-configuration.nix index 1852fa3..d463cf9 100644 --- a/nix/configuration/hosts/odo/hardware-configuration.nix +++ b/nix/configuration/hosts/odo/hardware-configuration.nix @@ -27,7 +27,7 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; diff --git a/nix/configuration/hosts/odo/optimized_build.nix b/nix/configuration/hosts/odo/optimized_build.nix index 7315afa..3f5b975 100644 --- a/nix/configuration/hosts/odo/optimized_build.nix +++ b/nix/configuration/hosts/odo/optimized_build.nix @@ -56,31 +56,35 @@ (final: prev: { haskellPackages = prev.haskellPackages.extend ( final': prev': { - crypton = pkgs-unoptimized.haskellPackages.crypton; - crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection; - crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509; - crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store; - crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system; - crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation; - hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai; - http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls; - http2 = pkgs-unoptimized.haskellPackages.http2; - pandoc = pkgs-unoptimized.haskellPackages.pandoc; - pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli; - pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine; - pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server; - servant-server = pkgs-unoptimized.haskellPackages.servant-server; - tls = pkgs-unoptimized.haskellPackages.tls; - wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static; - wai-extra = pkgs-unoptimized.haskellPackages.wai-extra; - warp = pkgs-unoptimized.haskellPackages.warp; + inherit (pkgs-unoptimized.haskellPackages) + crypton + crypton-connection + crypton-x509 + crypton-x509-store + crypton-x509-system + crypton-x509-validation + hspec-wai + http-client-tls + http2 + pandoc + pandoc-cli + pandoc-lua-engine + pandoc-server + servant-server + tls + wai-app-static + wai-extra + warp + ; } ); }) (final: prev: { - gsl = pkgs-unoptimized.gsl; - redis = pkgs-unoptimized.redis; - valkey = pkgs-unoptimized.valkey; + inherit (pkgs-unoptimized) + gsl + redis + valkey + ; }) ]; diff --git a/nix/configuration/hosts/odo/wrapped-disk-config.nix b/nix/configuration/hosts/odo/wrapped-disk-config.nix new file mode 100644 index 0000000..78e5f86 --- /dev/null +++ b/nix/configuration/hosts/odo/wrapped-disk-config.nix @@ -0,0 +1,8 @@ +{ + config, + lib, + pkgs, + ... +}: + +lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix) diff --git a/nix/configuration/hosts/quark/hardware-configuration.nix b/nix/configuration/hosts/quark/hardware-configuration.nix index 1852fa3..d463cf9 100644 --- a/nix/configuration/hosts/quark/hardware-configuration.nix +++ b/nix/configuration/hosts/quark/hardware-configuration.nix @@ -27,7 +27,7 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; diff --git a/nix/configuration/hosts/quark/optimized_build.nix b/nix/configuration/hosts/quark/optimized_build.nix index aecdd43..851201b 100644 --- a/nix/configuration/hosts/quark/optimized_build.nix +++ b/nix/configuration/hosts/quark/optimized_build.nix @@ -50,31 +50,35 @@ (final: prev: { haskellPackages = prev.haskellPackages.extend ( final': prev': { - crypton = pkgs-unoptimized.haskellPackages.crypton; - crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection; - crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509; - crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store; - crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system; - crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation; - hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai; - http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls; - http2 = pkgs-unoptimized.haskellPackages.http2; - pandoc = pkgs-unoptimized.haskellPackages.pandoc; - pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli; - pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine; - pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server; - servant-server = pkgs-unoptimized.haskellPackages.servant-server; - tls = pkgs-unoptimized.haskellPackages.tls; - wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static; - wai-extra = pkgs-unoptimized.haskellPackages.wai-extra; - warp = pkgs-unoptimized.haskellPackages.warp; + inherit (pkgs-unoptimized.haskellPackages) + crypton + crypton-connection + crypton-x509 + crypton-x509-store + crypton-x509-system + crypton-x509-validation + hspec-wai + http-client-tls + http2 + pandoc + pandoc-cli + pandoc-lua-engine + pandoc-server + servant-server + tls + wai-app-static + wai-extra + warp + ; } ); }) (final: prev: { - gsl = pkgs-unoptimized.gsl; - redis = pkgs-unoptimized.redis; - valkey = pkgs-unoptimized.valkey; + inherit (pkgs-unoptimized) + gsl + redis + valkey + ; }) ]; diff --git a/nix/configuration/roles/9pfs_nix_store/default.nix b/nix/configuration/roles/9pfs_nix_store/default.nix new file mode 100644 index 0000000..a459c80 --- /dev/null +++ b/nix/configuration/roles/9pfs_nix_store/default.nix @@ -0,0 +1,77 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + _9pfs_nix_store.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to mount /nix/store over 9pfs (useful in virtual machines to share a directory from the host as a persistent nix store."; + }; + + _9pfs_nix_store.is_iso = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether this build is for an ISO. It changes how we mount the nix store."; + }; + }; + + config = lib.mkIf config.me._9pfs_nix_store.enable ( + lib.mkMerge [ + (lib.mkIf config.me._9pfs_nix_store.is_iso { + # fileSystems = { + # "/nix/store" = lib.mkForce { + # fsType = "overlay"; + # device = "overlay"; + # options = [ + # "lowerdir=/nix/.ro-store" + # "upperdir=/store" + # "workdir=/work" + # ]; + # depends = [ + # "/nix/.ro-store" + # "/store" + # "/work" + # ]; + # }; + + # "/store" = lib.mkForce { + # fsType = "9p"; + # device = "nixstore"; + # options = [ + # "trans=virtio" + # "version=9p2000.L" + # "x-systemd.requires=modprobe@9pnet_virtio.service" + # "msize=16384" # Maximum packet size. Increasing this should improve performance at the cost of increased memory usage. + # "cache=loose" + # ]; + # }; + # }; + }) + (lib.mkIf (!config.me._9pfs_nix_store.is_iso) { + fileSystems = { + "/nix/store" = lib.mkForce { + fsType = "9p"; + device = "nixstore"; + neededForBoot = true; + options = [ + "trans=virtio" + "version=9p2000.L" + "x-systemd.requires=modprobe@9pnet_virtio.service" + "msize=16384" # Maximum packet size. Increasing this should improve performance at the cost of increased memory usage. + "cache=loose" + ]; + }; + }; + }) + ] + ); +} diff --git a/nix/configuration/roles/network/default.nix b/nix/configuration/roles/network/default.nix index 7e11876..6d87538 100644 --- a/nix/configuration/roles/network/default.nix +++ b/nix/configuration/roles/network/default.nix @@ -18,8 +18,8 @@ { imports = [ ]; - networking.dhcpcd.enable = false; - networking.useDHCP = false; + networking.dhcpcd.enable = lib.mkDefault false; + networking.useDHCP = lib.mkDefault false; networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "2a07:e340::2#doh.mullvad.net" diff --git a/nix/configuration/roles/wasm/default.nix b/nix/configuration/roles/wasm/default.nix index 3ce9433..8f8a696 100644 --- a/nix/configuration/roles/wasm/default.nix +++ b/nix/configuration/roles/wasm/default.nix @@ -24,7 +24,15 @@ environment.systemPackages = with pkgs; [ wabt wasm-bindgen-cli - pkgs-unoptimized.binaryen # for wasm-opt + binaryen # for wasm-opt + ]; + + nixpkgs.overlays = [ + (final: prev: { + inherit (pkgs-unoptimized) + binaryen + ; + }) ]; } ]