talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add a role for mounting the nix store over 9pfs.

Browse Source 
This is useful for virtual machines since we can have a persistent /nix/store on the host machine.
This commit is contained in:
Tom Alexander 2025-05-10 16:57:19 -04:00
parent 158188c4c6
commit e65504b5f3
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
13 changed files with 272 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nix/configuration/configuration.nix
View File

@ -9,6 +9,7 @@
{ {
imports = [ imports = [
./roles/2ship2harkinian ./roles/2ship2harkinian
./roles/9pfs_nix_store
./roles/alacritty ./roles/alacritty
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares

213
nix/configuration/flake.nix
View File

@ -29,7 +29,7 @@
# Install on a new machine: # Install on a new machine:
# #
# #
# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/quark/disk-config.nix # doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake . # nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake . # nix flake update ansible-sshjail --flake .
@ -115,120 +115,131 @@
./configuration.nix ./configuration.nix
]; ];
}; };
systems = { systems =
odo = { let
main = nixpkgs.lib.nixosSystem ( additional_iso_modules = [
base_x86_64_linux (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
// { # TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkDefault false;
me._9pfs_nix_store.is_iso = true;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkDefault false;
}
{
# me._9pfs_nix_store.enable = true;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/odo ./hosts/odo
]; ];
} };
); iso = main // {
iso = nixpkgs.lib.nixosSystem ( modules = main.modules ++ additional_iso_modules;
base_x86_64_linux };
// { vm = main // {
modules = base_x86_64_linux.modules ++ [ modules = main.modules ++ additional_vm_modules;
./hosts/odo };
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") vm_iso = main // {
# TODO: Figure out how to do image based appliances modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") };
{ };
isoImage.makeEfiBootable = true; quark = rec {
isoImage.makeUsbBootable = true; main = base_x86_64_linux // {
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
];
}
);
};
quark = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/quark ./hosts/quark
]; ];
} };
); iso = main // {
iso = nixpkgs.lib.nixosSystem ( modules = main.modules ++ additional_iso_modules;
base_x86_64_linux };
// { vm = main // {
modules = base_x86_64_linux.modules ++ [ modules = main.modules ++ additional_vm_modules;
./hosts/quark };
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") vm_iso = main // {
# TODO: Figure out how to do image based appliances modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") };
{ };
isoImage.makeEfiBootable = true; neelix = rec {
isoImage.makeUsbBootable = true; main = base_x86_64_linux // {
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
];
}
);
};
neelix = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/neelix ./hosts/neelix
]; ];
} };
); iso = main // {
iso = nixpkgs.lib.nixosSystem ( modules = main.modules ++ additional_iso_modules;
base_x86_64_linux };
// { vm = main // {
modules = base_x86_64_linux.modules ++ [ modules = main.modules ++ additional_vm_modules;
./hosts/neelix };
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{ {
isoImage.makeEfiBootable = true; me.optimizations.enable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
} }
]; ];
} in
); rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
}; };
hydra = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
};
};
in in
{ {
nixosConfigurations.odo = systems.odo.main; nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage; iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.quark = systems.quark.main; nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
iso.quark = systems.quark.iso.config.system.build.isoImage; vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage; nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
nixosConfigurations.hydra = systems.hydra.main; iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
iso.hydra = systems.hydra.iso.config.system.build.isoImage; nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
}; };
} }

11
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@ -14,7 +14,14 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -23,7 +30,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

2
nix/configuration/hosts/odo/default.nix
View File

@ -7,7 +7,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./wrapped-disk-config.nix
./optimized_build.nix ./optimized_build.nix
./distributed_build.nix ./distributed_build.nix
./power_management.nix ./power_management.nix

8
nix/configuration/hosts/odo/disk-config.nix
View File

@ -1,14 +1,8 @@
# Manual Step: # Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) { {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

46
nix/configuration/hosts/odo/optimized_build.nix
View File

@ -56,31 +56,35 @@
(final: prev: { (final: prev: {
haskellPackages = prev.haskellPackages.extend ( haskellPackages = prev.haskellPackages.extend (
final': prev': { final': prev': {
crypton = pkgs-unoptimized.haskellPackages.crypton; inherit (pkgs-unoptimized.haskellPackages)
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection; crypton
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509; crypton-connection
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store; crypton-x509
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system; crypton-x509-store
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation; crypton-x509-system
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai; crypton-x509-validation
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls; hspec-wai
http2 = pkgs-unoptimized.haskellPackages.http2; http-client-tls
pandoc = pkgs-unoptimized.haskellPackages.pandoc; http2
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli; pandoc
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine; pandoc-cli
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server; pandoc-lua-engine
servant-server = pkgs-unoptimized.haskellPackages.servant-server; pandoc-server
tls = pkgs-unoptimized.haskellPackages.tls; servant-server
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static; tls
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra; wai-app-static
warp = pkgs-unoptimized.haskellPackages.warp; wai-extra
warp
;
} }
); );
}) })
(final: prev: { (final: prev: {
gsl = pkgs-unoptimized.gsl; inherit (pkgs-unoptimized)
redis = pkgs-unoptimized.redis; gsl
valkey = pkgs-unoptimized.valkey; redis
valkey
;
}) })
]; ];

8
nix/configuration/hosts/odo/wrapped-disk-config.nix Normal file
View File

@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

2
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

46
nix/configuration/hosts/quark/optimized_build.nix
View File

@ -50,31 +50,35 @@
(final: prev: { (final: prev: {
haskellPackages = prev.haskellPackages.extend ( haskellPackages = prev.haskellPackages.extend (
final': prev': { final': prev': {
crypton = pkgs-unoptimized.haskellPackages.crypton; inherit (pkgs-unoptimized.haskellPackages)
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection; crypton
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509; crypton-connection
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store; crypton-x509
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system; crypton-x509-store
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation; crypton-x509-system
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai; crypton-x509-validation
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls; hspec-wai
http2 = pkgs-unoptimized.haskellPackages.http2; http-client-tls
pandoc = pkgs-unoptimized.haskellPackages.pandoc; http2
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli; pandoc
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine; pandoc-cli
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server; pandoc-lua-engine
servant-server = pkgs-unoptimized.haskellPackages.servant-server; pandoc-server
tls = pkgs-unoptimized.haskellPackages.tls; servant-server
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static; tls
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra; wai-app-static
warp = pkgs-unoptimized.haskellPackages.warp; wai-extra
warp
;
} }
); );
}) })
(final: prev: { (final: prev: {
gsl = pkgs-unoptimized.gsl; inherit (pkgs-unoptimized)
redis = pkgs-unoptimized.redis; gsl
valkey = pkgs-unoptimized.valkey; redis
valkey
;
}) })
]; ];

77
nix/configuration/roles/9pfs_nix_store/default.nix Normal file
View File

@ -0,0 +1,77 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
_9pfs_nix_store.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount /nix/store over 9pfs (useful in virtual machines to share a directory from the host as a persistent nix store.";
};
_9pfs_nix_store.is_iso = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether this build is for an ISO. It changes how we mount the nix store.";
};
};
config = lib.mkIf config.me._9pfs_nix_store.enable (
lib.mkMerge [
(lib.mkIf config.me._9pfs_nix_store.is_iso {
# fileSystems = {
# "/nix/store" = lib.mkForce {
# fsType = "overlay";
# device = "overlay";
# options = [
# "lowerdir=/nix/.ro-store"
# "upperdir=/store"
# "workdir=/work"
# ];
# depends = [
# "/nix/.ro-store"
# "/store"
# "/work"
# ];
# };
# "/store" = lib.mkForce {
# fsType = "9p";
# device = "nixstore";
# options = [
# "trans=virtio"
# "version=9p2000.L"
# "x-systemd.requires=modprobe@9pnet_virtio.service"
# "msize=16384" # Maximum packet size. Increasing this should improve performance at the cost of increased memory usage.
# "cache=loose"
# ];
# };
# };
})
(lib.mkIf (!config.me._9pfs_nix_store.is_iso) {
fileSystems = {
"/nix/store" = lib.mkForce {
fsType = "9p";
device = "nixstore";
neededForBoot = true;
options = [
"trans=virtio"
"version=9p2000.L"
"x-systemd.requires=modprobe@9pnet_virtio.service"
"msize=16384" # Maximum packet size. Increasing this should improve performance at the cost of increased memory usage.
"cache=loose"
];
};
};
})
]
);
}

4
nix/configuration/roles/network/default.nix
View File

@ -18,8 +18,8 @@
{ {
imports = [ ]; imports = [ ];
networking.dhcpcd.enable = false; networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = false; networking.useDHCP = lib.mkDefault false;
networking.nameservers = [ networking.nameservers = [
"194.242.2.2#doh.mullvad.net" "194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net" "2a07:e340::2#doh.mullvad.net"

10
nix/configuration/roles/wasm/default.nix
View File

@ -24,7 +24,15 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wabt wabt
wasm-bindgen-cli wasm-bindgen-cli
pkgs-unoptimized.binaryen # for wasm-opt binaryen # for wasm-opt
];
nixpkgs.overlays = [
(final: prev: {
inherit (pkgs-unoptimized)
binaryen
;
})
]; ];
} }
] ]