diff --git a/flake.lock b/flake.lock index c09742c..b8a5699 100644 --- a/flake.lock +++ b/flake.lock @@ -58,6 +58,33 @@ "type": "github" } }, + "cppnix": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": [ + "nixbsd", + "nixpkgs" + ], + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1771531533, + "narHash": "sha256-E6uWPzQoMpzUb+2kcrxaYsfhUXjyIAoTpI6DPtbe1Y0=", + "owner": "rhelmot", + "repo": "nix", + "rev": "d623444c12428e69a3269d3b4b40200f2b4618fc", + "type": "github" + }, + "original": { + "owner": "rhelmot", + "ref": "freebsd-safe", + "repo": "nix", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1765145449, @@ -105,6 +132,36 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1627913399, @@ -120,6 +177,28 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixbsd", + "cppnix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -153,6 +232,41 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": [ + "nixbsd", + "cppnix" + ], + "gitignore": [ + "nixbsd", + "cppnix" + ], + "nixpkgs": [ + "nixbsd", + "cppnix", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixbsd", + "cppnix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -220,6 +334,27 @@ "type": "github" } }, + "mini-tmpfiles": { + "inputs": { + "nixpkgs": [ + "nixbsd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742754557, + "narHash": "sha256-nGxgiNhA94eSl8jcQwCboJ5Ed132z8yrFdOoT+rf8bE=", + "owner": "nixos-bsd", + "repo": "mini-tmpfiles", + "rev": "534ee577692c7092fdcd035f89bc29b663c6f9ca", + "type": "github" + }, + "original": { + "owner": "nixos-bsd", + "repo": "mini-tmpfiles", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1767983141, @@ -259,6 +394,26 @@ "type": "github" } }, + "nixbsd": { + "inputs": { + "cppnix": "cppnix", + "flake-compat": "flake-compat_3", + "mini-tmpfiles": "mini-tmpfiles", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777600581, + "narHash": "sha256-DbKmDIFNLqR8xXnSepJPr29FngkiPDa8+vAErZRrQUA=", + "path": "/home/user/Projects/nixbsd", + "type": "path" + }, + "original": { + "path": "/home/user/Projects/nixbsd", + "type": "path" + } + }, "nixos-hardware": { "locked": { "lastModified": 1776830795, @@ -291,9 +446,41 @@ "type": "github" } }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "peerix": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" @@ -367,6 +554,7 @@ "lanzaboote": "lanzaboote", "nix-flatpak": "nix-flatpak", "nix-sweep": "nix-sweep", + "nixbsd": "nixbsd", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "peerix": "peerix", diff --git a/flake.nix b/flake.nix index 3c3b25c..7b73b55 100644 --- a/flake.nix +++ b/flake.nix @@ -34,6 +34,10 @@ url = "github:Lumpiasty/acer-wmi-ext/main"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixbsd = { + url = "path:/home/user/Projects/nixbsd"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixos-hardware, ... }@inputs: @@ -41,11 +45,13 @@ nixosConfigurations = let mkNixosSystem = import lib/mkNixosSystem.nix inputs; + mkNixbsdSystem = import lib/mkNixbsdSystem.nix inputs; in with nixos-hardware.nixosModules; { x260 = mkNixosSystem lenovo-thinkpad-x260 hosts/x260.nix; acer = mkNixosSystem {} hosts/acer.nix; gaming-pc = mkNixosSystem {} hosts/gaming-pc.nix; + bestieTest = mkNixbsdSystem hosts/bestieTest.nix; }; }; } \ No newline at end of file diff --git a/hosts/bestieTest.nix b/hosts/bestieTest.nix new file mode 100644 index 0000000..eba3ccd --- /dev/null +++ b/hosts/bestieTest.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: { + nixpkgs.hostPlatform = "x86_64-freebsd"; + nixpkgs.config.allowUnsupportedSystem = true; + + users.users.root.initialPassword = "toor"; + + networking.dhcpcd.wait = "background"; + + users.users.bestie = { + isNormalUser = true; + description = "your bestie"; + extraGroups = [ "wheel" ]; + inherit (config.users.users.root) initialPassword; + }; + + services.sshd.enable = true; + boot.loader.stand-freebsd.enable = true; + + fileSystems."/" = { + device = "/dev/gpt/nixos"; + fsType = "ufs"; + }; + + fileSystems."/boot" = { + device = "/dev/msdosfs/ESP"; + fsType = "msdosfs"; + }; + + virtualisation.vmVariant.virtualisation.diskImage = "./${config.system.name}.qcow2"; +} diff --git a/lib/mkNixbsdSystem.nix b/lib/mkNixbsdSystem.nix new file mode 100644 index 0000000..70f7fa5 --- /dev/null +++ b/lib/mkNixbsdSystem.nix @@ -0,0 +1,60 @@ +{ + self, + nixpkgs, + nixbsd, + home-manager, + nix-flatpak, + plasma-manager, + lanzaboote, + claude-code, + nix-sweep, + peerix, + acer-wmi-ext, + ... +}: +hostConfig: + +nixbsd.lib.nixbsdSystem { + modules = [ + # Cross-compile FreeBSD from Linux, builds dispatched to remote builder + { + nixpkgs.buildPlatform = "x86_64-linux"; + nixpkgs.config.allowUnsupportedSystem = true; + nixpkgs.overlays = [ + (final: prev: { + # No-op emulator for FreeBSD - builds happen on remote builder where binaries run natively + freebsdEmulator = prev.runCommand "freebsd-emulator" { } '' + mkdir -p $out/bin + cat > $out/bin/freebsd-exec << 'SCRIPT' + #!/bin/sh + exec "$@" + SCRIPT + chmod +x $out/bin/freebsd-exec + ''; + + # Override mesonEmulatorHook to not require a real emulator for FreeBSD + mesonEmulatorHook = + let + canExec = prev.stdenv.hostPlatform.canExecute prev.stdenv.targetPlatform; + emulatorPath = "${final.freebsdEmulator}/bin/freebsd-exec"; + in + if canExec then + prev.mesonEmulatorHook + else + prev.makeSetupHook + { + name = "mesonEmulatorHook"; + substitutions = { + crossFile = prev.writeText "cross-file.conf" '' + [binaries] + exe_wrapper = '${prev.lib.escape [ "'" "\\" ] emulatorPath}' + ''; + }; + } + "${nixpkgs.outPath}/pkgs/build-support/setup-hooks/meson/emulator-hook.sh"; + }) + ]; + } + hostConfig + ]; +} diff --git a/modules/system/nix.nix b/modules/system/nix.nix index 58824c6..162fcce 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -6,14 +6,48 @@ let else if config.boot.loader.systemd-boot.enable then config.boot.loader.systemd-boot.configurationLimit else null; + + # NixBSD builder VM SSH key (needs to be readable by root/nix-daemon) + builderKeyDir = "/etc/nix/builder-keys"; in { nix = { daemonIOSchedClass = "idle"; daemonCPUSchedPolicy = "idle"; settings.trusted-users = [ "root" "user" ]; + + # FreeBSD remote builder VM (NixBSD) + distributedBuilds = true; + buildMachines = [ + { + hostName = "192.168.122.100"; + system = "x86_64-freebsd"; + sshUser = "root"; + sshKey = "${builderKeyDir}/nixbsd-builder"; + maxJobs = 8; + speedFactor = 1; + supportedFeatures = [ "big-parallel" ]; + } + ]; + settings.builders-use-substitutes = true; }; + # Install the builder SSH key where root/nix-daemon can read it + system.activationScripts.nixbsd-builder-key = '' + mkdir -p ${builderKeyDir} + cp /home/user/Projects/nixbsd-flake/keys/builder ${builderKeyDir}/nixbsd-builder + chmod 600 ${builderKeyDir}/nixbsd-builder + chown root:root ${builderKeyDir}/nixbsd-builder + ''; + + # Skip host key checking for the local builder VM (keys change on rebuild) + programs.ssh.extraConfig = '' + Host 192.168.122.100 + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + LogLevel ERROR + ''; + # Clean up nix store from old configurations usinx nix-sweep services.nix-sweep = { enable = true;