talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add a role for mounting the nix store over 9pfs.

Browse Source 
This is useful for virtual machines since we can have a persistent /nix/store on the host machine.
This commit is contained in:
Tom Alexander 2025-05-10 16:57:19 -04:00
parent 158188c4c6
commit e65504b5f3
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
13 changed files with 272 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nix/configuration/configuration.nix
View File

@ -9,6 +9,7 @@
{
imports = [
./roles/2ship2harkinian
./roles/9pfs_nix_store
./roles/alacritty
./roles/ansible
./roles/ares

191
nix/configuration/flake.nix
View File

@ -29,7 +29,7 @@
# Install on a new machine:
#
#
# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/quark/disk-config.nix
# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake .
@ -115,21 +115,9 @@
./configuration.nix
];
};
systems = {
odo = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
@ -137,98 +125,121 @@
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
me.optimizations.enable = nixpkgs.lib.mkDefault false;
me._9pfs_nix_store.is_iso = true;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkDefault false;
}
);
{
# me._9pfs_nix_store.enable = true;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
};
quark = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
];
}
);
};
neelix = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
];
}
);
};
hydra = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = true;
}
];
}
);
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
in
{
nixosConfigurations.odo = systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.quark = systems.quark.main;
iso.quark = systems.quark.iso.config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage;
nixosConfigurations.hydra = systems.hydra.main;
iso.hydra = systems.hydra.iso.config.system.build.isoImage;
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
};
}

11
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@ -14,7 +14,14 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@ -23,7 +30,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

2
nix/configuration/hosts/odo/default.nix
View File

@ -7,7 +7,7 @@
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./wrapped-disk-config.nix
./optimized_build.nix
./distributed_build.nix
./power_management.nix

8
nix/configuration/hosts/odo/disk-config.nix
View File

@ -1,14 +1,8 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
{
disko.devices = {
disk = {
main = {

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

46
nix/configuration/hosts/odo/optimized_build.nix
View File

@ -56,31 +56,35 @@
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
crypton = pkgs-unoptimized.haskellPackages.crypton;
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection;
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509;
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store;
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system;
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation;
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai;
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls;
http2 = pkgs-unoptimized.haskellPackages.http2;
pandoc = pkgs-unoptimized.haskellPackages.pandoc;
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli;
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine;
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server;
servant-server = pkgs-unoptimized.haskellPackages.servant-server;
tls = pkgs-unoptimized.haskellPackages.tls;
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static;
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra;
warp = pkgs-unoptimized.haskellPackages.warp;
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
gsl = pkgs-unoptimized.gsl;
redis = pkgs-unoptimized.redis;
valkey = pkgs-unoptimized.valkey;
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];

8
nix/configuration/hosts/odo/wrapped-disk-config.nix Normal file
View File

@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

2
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

46
nix/configuration/hosts/quark/optimized_build.nix
View File

@ -50,31 +50,35 @@
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
crypton = pkgs-unoptimized.haskellPackages.crypton;
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection;
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509;
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store;
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system;
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation;
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai;
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls;
http2 = pkgs-unoptimized.haskellPackages.http2;
pandoc = pkgs-unoptimized.haskellPackages.pandoc;
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli;
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine;
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server;
servant-server = pkgs-unoptimized.haskellPackages.servant-server;
tls = pkgs-unoptimized.haskellPackages.tls;
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static;
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra;
warp = pkgs-unoptimized.haskellPackages.warp;
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
gsl = pkgs-unoptimized.gsl;
redis = pkgs-unoptimized.redis;
valkey = pkgs-unoptimized.valkey;
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];

77
nix/configuration/roles/9pfs_nix_store/default.nix Normal file
View File

@ -0,0 +1,77 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
_9pfs_nix_store.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount /nix/store over 9pfs (useful in virtual machines to share a directory from the host as a persistent nix store.";
};
_9pfs_nix_store.is_iso = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether this build is for an ISO. It changes how we mount the nix store.";
};
};
config = lib.mkIf config.me._9pfs_nix_store.enable (
lib.mkMerge [
(lib.mkIf config.me._9pfs_nix_store.is_iso {
# fileSystems = {
# "/nix/store" = lib.mkForce {
# fsType = "overlay";
# device = "overlay";
# options = [
# "lowerdir=/nix/.ro-store"
# "upperdir=/store"
# "workdir=/work"
# ];
# depends = [
# "/nix/.ro-store"
# "/store"
# "/work"
# ];
# };
# "/store" = lib.mkForce {
# fsType = "9p";
# device = "nixstore";
# options = [
# "trans=virtio"
# "version=9p2000.L"
# "x-systemd.requires=modprobe@9pnet_virtio.service"
# "msize=16384" # Maximum packet size. Increasing this should improve performance at the cost of increased memory usage.
# "cache=loose"
# ];
# };
# };
})
(lib.mkIf (!config.me._9pfs_nix_store.is_iso) {
fileSystems = {
"/nix/store" = lib.mkForce {
fsType = "9p";
device = "nixstore";
neededForBoot = true;
options = [
"trans=virtio"
"version=9p2000.L"
"x-systemd.requires=modprobe@9pnet_virtio.service"
"msize=16384" # Maximum packet size. Increasing this should improve performance at the cost of increased memory usage.
"cache=loose"
];
};
};
})
]
);
}

4
nix/configuration/roles/network/default.nix
View File

@ -18,8 +18,8 @@
{
imports = [ ];
networking.dhcpcd.enable = false;
networking.useDHCP = false;
networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = lib.mkDefault false;
networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"

10
nix/configuration/roles/wasm/default.nix
View File

@ -24,7 +24,15 @@
environment.systemPackages = with pkgs; [
wabt
wasm-bindgen-cli
pkgs-unoptimized.binaryen # for wasm-opt
binaryen # for wasm-opt
];
nixpkgs.overlays = [
(final: prev: {
inherit (pkgs-unoptimized)
binaryen
;
})
];
}
]