failed nixbsd experiment

flake.lock

@@ -58,6 +58,33 @@
         "type": "github"
       }
     },
+    "cppnix": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-parts": "flake-parts",
+        "git-hooks-nix": "git-hooks-nix",
+        "nixpkgs": [
+          "nixbsd",
+          "nixpkgs"
+        ],
+        "nixpkgs-23-11": "nixpkgs-23-11",
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1771531533,
+        "narHash": "sha256-E6uWPzQoMpzUb+2kcrxaYsfhUXjyIAoTpI6DPtbe1Y0=",
+        "owner": "rhelmot",
+        "repo": "nix",
+        "rev": "d623444c12428e69a3269d3b4b40200f2b4618fc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rhelmot",
+        "ref": "freebsd-safe",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
     "crane": {
       "locked": {
         "lastModified": 1765145449,
@@ -105,6 +132,36 @@
       }
     },
     "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_3": {
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "revCount": 69,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+      }
+    },
+    "flake-compat_4": {
       "flake": false,
       "locked": {
         "lastModified": 1627913399,
@@ -120,6 +177,28 @@
         "type": "github"
       }
     },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nixbsd",
+          "cppnix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
@@ -153,6 +232,41 @@
         "type": "github"
       }
     },
+    "git-hooks-nix": {
+      "inputs": {
+        "flake-compat": [
+          "nixbsd",
+          "cppnix"
+        ],
+        "gitignore": [
+          "nixbsd",
+          "cppnix"
+        ],
+        "nixpkgs": [
+          "nixbsd",
+          "cppnix",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": [
+          "nixbsd",
+          "cppnix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734279981,
+        "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -220,6 +334,27 @@
         "type": "github"
       }
     },
+    "mini-tmpfiles": {
+      "inputs": {
+        "nixpkgs": [
+          "nixbsd",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1742754557,
+        "narHash": "sha256-nGxgiNhA94eSl8jcQwCboJ5Ed132z8yrFdOoT+rf8bE=",
+        "owner": "nixos-bsd",
+        "repo": "mini-tmpfiles",
+        "rev": "534ee577692c7092fdcd035f89bc29b663c6f9ca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos-bsd",
+        "repo": "mini-tmpfiles",
+        "type": "github"
+      }
+    },
     "nix-flatpak": {
       "locked": {
         "lastModified": 1767983141,
@@ -259,6 +394,26 @@
         "type": "github"
       }
     },
+    "nixbsd": {
+      "inputs": {
+        "cppnix": "cppnix",
+        "flake-compat": "flake-compat_3",
+        "mini-tmpfiles": "mini-tmpfiles",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1777600581,
+        "narHash": "sha256-DbKmDIFNLqR8xXnSepJPr29FngkiPDa8+vAErZRrQUA=",
+        "path": "/home/user/Projects/nixbsd",
+        "type": "path"
+      },
+      "original": {
+        "path": "/home/user/Projects/nixbsd",
+        "type": "path"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1776830795,
@@ -291,9 +446,41 @@
         "type": "github"
       }
     },
+    "nixpkgs-23-11": {
+      "locked": {
+        "lastModified": 1717159533,
+        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
     "peerix": {
       "inputs": {
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat_4",
         "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
@@ -367,6 +554,7 @@
         "lanzaboote": "lanzaboote",
         "nix-flatpak": "nix-flatpak",
         "nix-sweep": "nix-sweep",
+        "nixbsd": "nixbsd",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "peerix": "peerix",

flake.nix

@@ -34,6 +34,10 @@
       url = "github:Lumpiasty/acer-wmi-ext/main";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nixbsd = {
+      url = "path:/home/user/Projects/nixbsd";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
   
   outputs = { self, nixos-hardware, ... }@inputs:
@@ -41,11 +45,13 @@
       nixosConfigurations = 
         let
           mkNixosSystem = import lib/mkNixosSystem.nix inputs;
+          mkNixbsdSystem = import lib/mkNixbsdSystem.nix inputs;
         in
           with nixos-hardware.nixosModules; {
             x260 = mkNixosSystem lenovo-thinkpad-x260 hosts/x260.nix;
             acer = mkNixosSystem {} hosts/acer.nix;
             gaming-pc = mkNixosSystem {} hosts/gaming-pc.nix;
+            bestieTest = mkNixbsdSystem hosts/bestieTest.nix;
           };
     };
 }

hosts/bestieTest.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, lib, ... }: {
+  nixpkgs.hostPlatform = "x86_64-freebsd";
+  nixpkgs.config.allowUnsupportedSystem = true;
+
+  users.users.root.initialPassword = "toor";
+
+  networking.dhcpcd.wait = "background";
+
+  users.users.bestie = {
+    isNormalUser = true;
+    description = "your bestie";
+    extraGroups = [ "wheel" ];
+    inherit (config.users.users.root) initialPassword;
+  };
+
+  services.sshd.enable = true;
+  boot.loader.stand-freebsd.enable = true;
+
+  fileSystems."/" = {
+    device = "/dev/gpt/nixos";
+    fsType = "ufs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/msdosfs/ESP";
+    fsType = "msdosfs";
+  };
+
+  virtualisation.vmVariant.virtualisation.diskImage = "./${config.system.name}.qcow2";
+}

lib/mkNixbsdSystem.nix

@@ -0,0 +1,60 @@
+{
+  self,
+  nixpkgs,
+  nixbsd,
+  home-manager,
+  nix-flatpak,
+  plasma-manager,
+  lanzaboote,
+  claude-code,
+  nix-sweep,
+  peerix,
+  acer-wmi-ext,
+  ...
+}:
+hostConfig:
+
+nixbsd.lib.nixbsdSystem {
+  modules = [
+    # Cross-compile FreeBSD from Linux, builds dispatched to remote builder
+    {
+      nixpkgs.buildPlatform = "x86_64-linux";
+      nixpkgs.config.allowUnsupportedSystem = true;
+      nixpkgs.overlays = [
+        (final: prev: {
+          # No-op emulator for FreeBSD - builds happen on remote builder where binaries run natively
+          freebsdEmulator = prev.runCommand "freebsd-emulator" { } ''
+            mkdir -p $out/bin
+            cat > $out/bin/freebsd-exec << 'SCRIPT'
+            #!/bin/sh
+            exec "$@"
+            SCRIPT
+            chmod +x $out/bin/freebsd-exec
+          '';
+
+          # Override mesonEmulatorHook to not require a real emulator for FreeBSD
+          mesonEmulatorHook =
+            let
+              canExec = prev.stdenv.hostPlatform.canExecute prev.stdenv.targetPlatform;
+              emulatorPath = "${final.freebsdEmulator}/bin/freebsd-exec";
+            in
+            if canExec then
+              prev.mesonEmulatorHook
+            else
+              prev.makeSetupHook
+                {
+                  name = "mesonEmulatorHook";
+                  substitutions = {
+                    crossFile = prev.writeText "cross-file.conf" ''
+                      [binaries]
+                      exe_wrapper = '${prev.lib.escape [ "'" "\\" ] emulatorPath}'
+                    '';
+                  };
+                }
+                "${nixpkgs.outPath}/pkgs/build-support/setup-hooks/meson/emulator-hook.sh";
+        })
+      ];
+    }
+    hostConfig
+  ];
+}

modules/system/nix.nix

@@ -6,14 +6,48 @@ let
     else if config.boot.loader.systemd-boot.enable then 
       config.boot.loader.systemd-boot.configurationLimit
     else null;
+
+  # NixBSD builder VM SSH key (needs to be readable by root/nix-daemon)
+  builderKeyDir = "/etc/nix/builder-keys";
 in 
 {
   nix = {
     daemonIOSchedClass = "idle";
     daemonCPUSchedPolicy = "idle";
     settings.trusted-users = [ "root" "user" ];
+
+    # FreeBSD remote builder VM (NixBSD)
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "192.168.122.100";
+        system = "x86_64-freebsd";
+        sshUser = "root";
+        sshKey = "${builderKeyDir}/nixbsd-builder";
+        maxJobs = 8;
+        speedFactor = 1;
+        supportedFeatures = [ "big-parallel" ];
+      }
+    ];
+    settings.builders-use-substitutes = true;
   };
 
+  # Install the builder SSH key where root/nix-daemon can read it
+  system.activationScripts.nixbsd-builder-key = ''
+    mkdir -p ${builderKeyDir}
+    cp /home/user/Projects/nixbsd-flake/keys/builder ${builderKeyDir}/nixbsd-builder
+    chmod 600 ${builderKeyDir}/nixbsd-builder
+    chown root:root ${builderKeyDir}/nixbsd-builder
+  '';
+
+  # Skip host key checking for the local builder VM (keys change on rebuild)
+  programs.ssh.extraConfig = ''
+    Host 192.168.122.100
+      StrictHostKeyChecking no
+      UserKnownHostsFile /dev/null
+      LogLevel ERROR
+  '';
+
   # Clean up nix store from old configurations usinx nix-sweep
   services.nix-sweep = {
     enable = true;