From 0ab856b18e60b750b8a2760f5b4e1ca6ab433590 Mon Sep 17 00:00:00 2001 From: Bun Date: Wed, 11 Jun 2025 01:29:35 -0400 Subject: [PATCH] Add flight, more stuff with distributed builds --- flake.nix | 3 +- hosts/flight/boot/default.nix | 8 ++ hosts/flight/default.nix | 18 +++ hosts/flight/disko/default.nix | 106 ++++++++++++++++++ hosts/flight/filesystems/default.nix | 14 +++ hosts/flight/hardware/default.nix | 22 ++++ hosts/flight/services/default.nix | 11 ++ hosts/flight/user/default.nix | 8 ++ .../home/settings/gtk/bookmarks/default.nix | 2 +- .../devices/networking/hosts/default.nix | 8 ++ .../settings/nix/distributed/default.nix | 20 ++++ 11 files changed, 218 insertions(+), 2 deletions(-) create mode 100644 hosts/flight/boot/default.nix create mode 100644 hosts/flight/default.nix create mode 100644 hosts/flight/disko/default.nix create mode 100644 hosts/flight/filesystems/default.nix create mode 100644 hosts/flight/hardware/default.nix create mode 100644 hosts/flight/services/default.nix create mode 100644 hosts/flight/user/default.nix diff --git a/flake.nix b/flake.nix index 4b5af39d..012a73be 100644 --- a/flake.nix +++ b/flake.nix @@ -61,7 +61,7 @@ colmena = { meta = { # Info - description = "The Bun Hive"; + description = "The Bun Systems"; name = "bunhive"; # NixPKGs @@ -82,6 +82,7 @@ # Laptops intuos.imports = [ ./hosts/intuos ]; jupiter.imports = [ ./hosts/jupiter ]; + flight.imports = [ ./hosts/flight ]; # Servers midas.imports = [ ./hosts/midas ]; diff --git a/hosts/flight/boot/default.nix b/hosts/flight/boot/default.nix new file mode 100644 index 00000000..bd399e82 --- /dev/null +++ b/hosts/flight/boot/default.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader.grub.enable = true; + plymouth.enable = true; + }; +} diff --git a/hosts/flight/default.nix b/hosts/flight/default.nix new file mode 100644 index 00000000..c3b0bc3b --- /dev/null +++ b/hosts/flight/default.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + imports = [ + ./boot + ./disko + ./filesystems + ./hardware + ./services + ./user + ]; + + system = { + nixos.tags = [ "pc" ]; + stateVersion = "25.05"; + }; + + deployment.targetHost = ""; +} diff --git a/hosts/flight/disko/default.nix b/hosts/flight/disko/default.nix new file mode 100644 index 00000000..4d195170 --- /dev/null +++ b/hosts/flight/disko/default.nix @@ -0,0 +1,106 @@ +{ config, disko, ... }: +{ + imports = [ disko.nixosModules.disko ]; + + disko.devices = { + disk = { + "${config.networking.hostName}" = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "${config.networking.hostName}-disk"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "lvm_pv"; + vg = "${config.networking.hostName}"; + }; + }; + }; + }; + }; + }; + }; + + lvm_vg = { + "${config.networking.hostName}" = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "ssd" + ]; + }; + "/prev" = { + mountpoint = "/prev"; + mountOptions = [ + "compress=zstd" + "noexec" + "ssd" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "ssd" + ]; + }; + + # Impermanence + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ + "compress=zstd" + "ssd" + ]; + }; + "/persist/.snapshots" = { }; + "/persist/home" = { }; + "/persist/home/.snapshots" = { }; + }; + }; + }; + swap = { + size = "8G"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + }; + + # Needed for impermanence + fileSystems."/persist".neededForBoot = true; +} diff --git a/hosts/flight/filesystems/default.nix b/hosts/flight/filesystems/default.nix new file mode 100644 index 00000000..f02cc20b --- /dev/null +++ b/hosts/flight/filesystems/default.nix @@ -0,0 +1,14 @@ +{ config, ... }: +{ + fileSystems = { + "/persist/storage" = { + device = "/dev/disk/by-uuid/d0d6783f-ad51-4d85-b8a9-3374f6460ef6"; + fsType = "btrfs"; + options = [ + "nofail" + "nosuid" + "subvol=storage" + ]; + }; + }; +} diff --git a/hosts/flight/hardware/default.nix b/hosts/flight/hardware/default.nix new file mode 100644 index 00000000..ba47de8a --- /dev/null +++ b/hosts/flight/hardware/default.nix @@ -0,0 +1,22 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "ahci" + "ehci_pci" + "sd_mod" + "sr_mod" + "xhci_pci" + ]; + kernelModules = [ "dm-snapshot" ]; + }; + kernelModules = [ "kvm-intel" ]; + }; + + hardware.cpu.intel.updateMicrocode = true; + + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/hosts/flight/services/default.nix b/hosts/flight/services/default.nix new file mode 100644 index 00000000..3c638bd3 --- /dev/null +++ b/hosts/flight/services/default.nix @@ -0,0 +1,11 @@ +{ lib, ... }: +{ + networking.useNetworkd = lib.mkForce false; + + services.globalprotect.enable = true; + + virtualisation = { + libvirtd.enable = true; + vmware.host.enable = true; + }; +} diff --git a/hosts/flight/user/default.nix b/hosts/flight/user/default.nix new file mode 100644 index 00000000..43b57345 --- /dev/null +++ b/hosts/flight/user/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + home-manager.users."${config.vars.mainUser}".home = { + guifull.enable = true; + school.enable = true; + enableNixpkgsReleaseCheck = false; + }; +} diff --git a/modules/home/settings/gtk/bookmarks/default.nix b/modules/home/settings/gtk/bookmarks/default.nix index f4c9c95a..904aabfd 100644 --- a/modules/home/settings/gtk/bookmarks/default.nix +++ b/modules/home/settings/gtk/bookmarks/default.nix @@ -7,6 +7,6 @@ "file://${config.home.homeDirectory}/Videos" "file://${config.home.homeDirectory}/Photos" "file://${config.home.homeDirectory}/Photos/Screenshots" - "file:///etc/nixos" + "file:///network" ]; } diff --git a/modules/system/devices/networking/hosts/default.nix b/modules/system/devices/networking/hosts/default.nix index 5f1aea5f..0be8aad1 100644 --- a/modules/system/devices/networking/hosts/default.nix +++ b/modules/system/devices/networking/hosts/default.nix @@ -1,6 +1,14 @@ { config, lib, nodes, ... }: { networking.hosts = with nodes; { + # PCs + "${tower.config.deployment.targetHost}" = [ "tower" ]; + "${hidden.config.deployment.targetHost}" = [ "hidden" ]; + "${intuos.config.deployment.targetHost}" = [ "intuos" ]; + "${jupiter.config.deployment.targetHost}" = [ "jupiter" ]; + "${flight.config.deployment.targetHost}" = [ "flight" ]; + + # Servers "${midas.config.deployment.targetHost}" = [ "midas" ]; "${kitty.config.deployment.targetHost}" = [ "kitty" ]; "${detritus.config.deployment.targetHost}" = [ "detritus" ]; diff --git a/modules/system/settings/nix/distributed/default.nix b/modules/system/settings/nix/distributed/default.nix index cd128b1a..a57f9ee4 100644 --- a/modules/system/settings/nix/distributed/default.nix +++ b/modules/system/settings/nix/distributed/default.nix @@ -1,6 +1,7 @@ { config, lib, nodes, ... }: { nix = { + # Machines to build derviations on buildMachines = with nodes; [ { hostName = "midas"; @@ -49,10 +50,29 @@ } ]; + # Enable distributed builds distributedBuilds = true; settings = { + # Serve derivations more efficiently, using substituters + substituters = [ + "ssh-ng://midas" + "ssh-ng://kitty" + "ssh-ng://detritus" + "ssh-ng://elder" + "ssh-ng://prophet" + ]; + trusted-public-keys = [ + "midas:YpyfZyVlTlPjzcVsYBnN13EgeK95y1WXxm9h1V8tM7E=" + "kitty:QLl9Do4v+2Q/fapozUGoXIKJul+Zck3yAsmAo9Lg4is=" + "detritus:xtQVaIyDIBWS+EAU11dBsW9BUMT7aAZRPjKp3Udgdvc=" + "elder:U+zIEvxNeqOxAWbZyrJzDNrJF1GJdcrLEYbIqmKGd7U=" + "prophet:NPlWmuX1vz95uUIddQXlwrkmdSMZW1U27CdEY812brg=" + ]; + + # Settings to sign the derivations and allow building max-jobs = if builtins.elem "server" config.system.nixos.tags then "auto" else 0; + secret-key-files = "/var/lib/nixos/cache-priv-key.pem"; trusted-users = [ "root" ]; }; };