Update packages.

I was getting corrupted builds, so as a test I am using the direct path where the drive is mounted rather than going through bind mounts.

nix/configuration/configuration.nix

@@ -1,9 +1,16 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 
+let
+  alias_nix_pin_revision = pkgs.writeShellScriptBin "nix-pin-revision" ''
+    # Usage: nix-pin-revision nixpkgs 'github:NixOS/nixpkgs/00c21e4c93d963c50d4c0c89bfa84ed6e0694df2'
+    exec nix flake lock --override-input "''${@}"
+  '';
+in
 {
   imports = [
     ./roles/2ship2harkinian
@@ -119,6 +126,9 @@
     nix.settings.max-free = 1000000000;
     nix.settings.fallback = true;
     nix.settings.warn-dirty = false;
+    nix.settings.fsync-metadata = true;
+    # Ensure store paths are durably written to disk before registering the paths so a crash mid-build does not leave us in a corrupted state.
+    nix.settings.fsync-store-paths = true;
 
     hardware.enableRedistributableFirmware = true;
 
@@ -137,6 +147,10 @@
     };
     nix.settings.auto-optimise-store = !config.me.buildingPortable;
 
+    environment.systemPackages = [
+      alias_nix_pin_revision
+    ];
+
     environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
       hideMounts = true;
       directories = [
@@ -222,9 +236,16 @@
       [
         (disableTests "coreutils")
         (disableTests "coreutils-full")
+        (disableTests "deno") # Tests use too much disk space
         (disableTests "libuv")
         (final: prev: {
-          inherit (final.unoptimized) libtpms libjxl;
+          inherit (final.unoptimized)
+            libtpms
+            libjxl
+            ddrescueview
+            deno
+            mesa
+            ;
         })
         (disableOptimizationsPython3 "scipy")
         # Works but probably sets python2's scipy to be python3:

nix/configuration/flake.lock

@@ -22,11 +22,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769524058,
+        "lastModified": 1776613567,
-        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
+        "narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
+        "rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
         "type": "github"
       },
       "original": {
@@ -164,11 +164,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1770197578,
+        "lastModified": 1777268161,
-        "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
+        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
+        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
         "type": "github"
       },
       "original": {

nix/configuration/hosts/odo/SELF_BUILD

@@ -5,7 +5,6 @@ IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 : "${JOBS:="1"}"
-: "${NOM:="true"}"
 
 for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
 

nix/configuration/roles/distributed_build/default.nix

@@ -56,7 +56,7 @@ let
         # "aarch64-linux"
       ];
 
-      hostName = lib.mkForce "hydra?remote-store=local?root=/home/nixworker/persist/root";
+      hostName = lib.mkForce "hydra?remote-store=local?root=/.disk/root";
     };
   };
   joined_configs =
@@ -101,7 +101,7 @@ in
         # Using an ssh-based substituter slows down the build because querying the remote store for paths takes ages.
         #
         # nix.settings.substituters = lib.mkForce [
-        #   "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/home/nixworker/persist/root"
+        #   "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/.disk/root"
         # ];
         # nix.settings.substitute = lib.mkForce true;
 

nix/configuration/roles/graphics/default.nix

@@ -34,7 +34,7 @@
         environment.systemPackages = with pkgs; [
           mesa-demos # for glxgears
           vulkan-tools # for vkcube
-          xorg.xeyes # to test which windows are using x11
+          xeyes # to test which windows are using x11
         ];
         hardware.graphics.enable = true;
         # hardware.graphics.enable32Bit = true;

nix/configuration/roles/hydra/default.nix

@@ -85,11 +85,11 @@ in
     };
 
     # Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only.
-    fileSystems."/home/nixworker/persist/root/nix/var/nix/builds" = {
+    fileSystems."/.disk/root/nix/var/nix/builds" = {
       device = "tmpfs";
       fsType = "tmpfs";
       options = [
-        "size=40G" # adjust for your situation and needs
+        "size=50G" # adjust for your situation and needs
         "mode=700"
         "uid=11400"
         "gid=11400"
@@ -110,7 +110,7 @@ in
         IFS=$'\n\t'
         DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
 
-        NIX_REMOTE='local?root=/home/nixworker/persist/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update --target family_disks --target family_disks_update
+        NIX_REMOTE='local?root=/.disk/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update --target family_disks --target family_disks_update --target nixbsd
       '';
       restartIfChanged = false;
       serviceConfig = {
@@ -138,7 +138,7 @@ in
         IFS=$'\n\t'
         DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
 
-        NIX_REMOTE='local?root=/home/nixworker/persist/root' nix-collect-garbage -d
+        NIX_REMOTE='local?root=/.disk/root' nix-collect-garbage -d
       '';
       path = with pkgs; [
         pkgs.nix

nix/configuration/roles/hydra/files/nix_builder.toml

@@ -177,3 +177,10 @@ output_directory = "/home/nixworker/persist/nix_builder"
   attr = "nixosConfigurations.family_disks.config.system.build.toplevel"
   update = true
   update_branch = "nix_update"
+
+[[targets]]
+  name = "nixbsd"
+  repo = "https://github.com/nixos-bsd/nixbsd.git"
+  revision = "828ff7a3c4ee91f548de65a963fca40eaedb171c"
+  path = "."
+  attr = "base.vmClosureInfo"

nix/configuration/roles/network/default.nix

@@ -56,13 +56,17 @@ in
     # TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
     networking.extraHosts = ''
       127.0.0.1 ${config.networking.hostName}.home.arpa
-      10.216.1.1		homeserver
+      10.216.1.32		homeserver
+      fdfd:5e8a:ee2d::1:32	homeserver
       10.216.1.6		media
       10.216.1.12		odo
+      fdfd:5e8a:ee2d::1:2	odo
       10.216.1.14		neelix
       10.216.1.15		quark
+      fdfd:5e8a:ee2d::1:3	quark
       10.217.1.1		drmario
       10.217.2.1		mrmanager
+      fdfd:5e8a:ee2d::2:2 mrmanager
       172.16.16.245		turtle
       172.16.16.251		stream
     '';

nix/configuration/roles/optimized_build/default.nix

@@ -79,9 +79,15 @@
               in
               {
                 linux_me = addConfig {
-                  # Full preemption
+                  # Server | No preemption - Run until the next tick. Highest throughput but can cause stutter.
-                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
+                  # PREEMPT = lib.mkOverride 60 lib.kernel.no;
+                  # Desktop | Preempt kernel threads only at pre-defined places that call cond_resched().
                   PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
+                  # Low-latency desktop | Full preemption - Kernel threads can be preempted unless they hold a spinlock or are in a no-preemption section.
+                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
+                  # RT - All kernel code is preemptible except for a few critical sections.
+                  # Middle ground | Real-time tasks preempt immediately like FULL, normal tasks run until the next tick.
+                  PREEMPT_LAZY = lib.mkOverride 90 lib.kernel.no;
 
                   # Google's BBRv3 TCP congestion Control
                   TCP_CONG_BBR = lib.kernel.yes;

nix/configuration/roles/qemu/files/qemurc.bash

@@ -355,6 +355,7 @@ function start_body {
         -smp cores="$CPU_CORES"
         -m "$MEMORY"
         -rtc base=localtime
+        -device virtio-rng-pci
         -drive "file=\"@OVMFfd@/FV/OVMF_CODE.fd\",if=pflash,format=raw,readonly=on"
         -drive "if=pflash,format=raw,file=\"$(readlink -f "${mount_path}/OVMF_VARS.fd")\""
         -drive "if=none,file=/dev/zvol/${zfs_path}/disk0,format=raw,id=hd0"

nix/configuration/roles/recovery/default.nix

@@ -29,7 +29,7 @@
       }
       (lib.mkIf config.me.graphical {
         environment.systemPackages = with pkgs; [
-          ddrescueview
+          #ddrescueview
         ];
       })
     ]

nix/configuration/roles/rpcs3/default.nix

@@ -53,6 +53,8 @@ in
       rpcs3
     ];
 
+    allowedUnfree = [ "rpcs3" ];
+
     security.pam.loginLimits = [
       {
         domain = "@wheel";