feat: add Hyperspace Pods NixOS module

Create modules/nixos/services/hyperspace.nix for Hyperspace Pods P2P AI cluster agent. Registered in flake.nix under lazyworkhorse modules list.

- Fetches CLI binary v5.45.30 via fetchurl with SRI hash verification
- Systemd system service: auto profile, api port 8080, ai-worker user
- GPU device access via DeviceAllow (kfd+dri) and video+render groups
- Service hardening: NoNewPrivileges, ProtectHome, ProtectSystem, PrivateTmp
- Firewall: TCP 4001 (libp2p), 30301 (chain), 8080 (API); UDP 4001 (libp2p)
- AMD MI50 ROCm compatibility via HSA_OVERRIDE_GFX_VERSION=9.0.6

flake.nix

@@ -12,21 +12,10 @@
       url = "git+https://git.lix.systems/lix-project/lix?ref=main";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    nixpkgs-uconsole.url = "github:NixOS/nixpkgs/nixos-25.11";
+    self.submodules = true;
-    nixos-uconsole = {
-      url = "github:gortium/nixos-uconsole/cm5_fix";
-      inputs.nixpkgs.follows = "nixpkgs-uconsole";
-      inputs.nixos-raspberrypi.follows = "nixos-raspberrypi";
-    };
-    nixos-raspberrypi = {
-      url = "github:gortium/nixos-raspberrypi/cm5-cross-v1";
-      inputs.nixpkgs.follows = "nixpkgs-uconsole";
-    };
   };
 
-  outputs = { self, nixpkgs, agenix, lix
+  outputs = { self, nixpkgs, agenix, lix, ... }@inputs:
-            , nixpkgs-uconsole, nixos-uconsole, nixos-raspberrypi
-            , ... }@inputs:
     let
       system = "x86_64-linux";
       keys = import ./lib/keys.nix;
@@ -41,109 +30,58 @@
       pkgs = import nixpkgs {
         inherit system overlays;
         config.allowUnfree = true;
-        config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];
+        config.permittedInsecurePackages = [
+          "openclaw-2026.3.12"
+        ];
       };
+
       devShell = import ./shells/nix_dev.nix {
         inherit pkgs system agenix;
       };
-    in {
+    in
-      nixosConfigurations = {
+      {
-        lazyworkhorse = nixpkgs.lib.nixosSystem {
+        nixosConfigurations = {
-          specialArgs = { inherit system self keys paths inputs; };
+          lazyworkhorse = nixpkgs.lib.nixosSystem {
-          modules = [
+            specialArgs = { inherit system self keys paths inputs; };
-            {
+            modules = [
-              nixpkgs.overlays = overlays;
+              {
-              nixpkgs.config.allowUnfree = true;
+                nixpkgs.overlays = overlays;
-              nixpkgs.config.rocmSupport = true;
+                nixpkgs.config.allowUnfree = true;
-              nixpkgs.config.permittedInsecurePackages = [ "openclaw-2026.3.12" ];
+                nixpkgs.config.rocmSupport = true;
-              nix.package = lix.packages.${system}.default;
+                nixpkgs.config.permittedInsecurePackages = [
-            }
+                  "openclaw-2026.3.12"
-            agenix.nixosModules.default
+                ];
-            ./hosts/lazyworkhorse/configuration.nix
+                nix.package = lix.packages.${system}.default;
-            ./hosts/lazyworkhorse/hardware-configuration.nix
+              }
-            ./modules/nixos/filesystem/hoardingcow-mount.nix
+              agenix.nixosModules.default
-            ./modules/nixos/services/docker_manager.nix
+              ./hosts/lazyworkhorse/configuration.nix
-            ./modules/nixos/services/open_code_server.nix
+              ./hosts/lazyworkhorse/hardware-configuration.nix
-            ./modules/nixos/services/ollama_init_custom_models.nix
+              ./modules/nixos/filesystem/hoardingcow-mount.nix
-            ./modules/nixos/services/openclaw_node.nix
+              ./modules/nixos/services/docker_manager.nix
-            ./modules/nixos/security/ai-worker-restricted.nix
+              ./modules/nixos/services/open_code_server.nix
-            ./users/gortium.nix
+              ./modules/nixos/services/ollama_init_custom_models.nix
-            ./users/ai-worker.nix
+              ./modules/nixos/services/openclaw_node.nix
-          ];
+              ./modules/nixos/services/hyperspace.nix
-        };
+              ./modules/nixos/security/ai-worker-restricted.nix
-
+              ./users/gortium.nix
-        cyt-pi = nixpkgs.lib.nixosSystem {
+              ./users/ai-worker.nix
-          specialArgs = { inherit self keys paths inputs; };
+            ];
-          modules = [
-            {
-              nixpkgs.overlays = overlays;
-              nixpkgs.config.allowUnfree = true;
-              nixpkgs.hostPlatform = "aarch64-linux";
-              nix.package = lix.packages."aarch64-linux".default;
-            }
-            ./hosts/cyt-pi/configuration.nix
-            ./hosts/cyt-pi/hardware-configuration.nix
-          ];
-        };
-
-        uconsole-cm5 = nixpkgs-uconsole.lib.nixosSystem {
-          system = "aarch64-linux";
-          specialArgs = {
-            inherit self keys paths inputs;
-            nixos-raspberrypi = nixos-raspberrypi;
-            isCM4 = false;
           };
-          modules = [
-            {
-              nixpkgs.buildPlatform = "x86_64-linux";
-              nixpkgs.hostPlatform = "aarch64-linux";
-              nixpkgs.config.allowUnfree = true;
-              boot.loader.raspberry-pi.bootloader = "kernel";
-            }
-            nixos-raspberrypi.nixosModules.nixpkgs-rpi
-# Patches are now in gortium/nixos-uconsole fork (cm5_fix branch)
-            nixos-raspberrypi.nixosModules.raspberry-pi-5.base
-            nixos-raspberrypi.lib.inject-overlays
-            nixos-raspberrypi.lib.inject-overlays-global
-            nixos-uconsole.nixosModules.uconsole-cm5
-            ({ config, lib, pkgs, inputs, ... }: let
-              lix-cross = import inputs.nixpkgs-uconsole {
-                localSystem = { system = "x86_64-linux"; };
-                crossSystem = { system = "aarch64-linux"; };
-                overlays = [ inputs.lix.overlays.default ];
-              };
-            in { nix.package = lix-cross.lix; })
-            agenix.nixosModules.default
-            ./hosts/uconsole-cm5/configuration.nix
-            ./hosts/uconsole-cm5/hardware-configuration.nix
-          ];
-        };
-      };
 
-      devShells.${system}.default = devShell;
+          cyt-pi = nixpkgs.lib.nixosSystem {
-
+            specialArgs = { inherit self keys paths inputs; };
-      packages.${system} = {
+            modules = [
-        uconsole-cm5-image = (nixos-raspberrypi.lib.nixosSystem {
+              {
-          system = "aarch64-linux";
+                nixpkgs.overlays = overlays;
-          specialArgs = {
+                nixpkgs.config.allowUnfree = true;
-            inherit self keys inputs;
+                nixpkgs.hostPlatform = "aarch64-linux";
-            nixos-raspberrypi = nixos-raspberrypi;
+                nix.package = lix.packages."aarch64-linux".default;
-            isCM4 = false;
+              }
+              ./hosts/cyt-pi/configuration.nix
+              ./hosts/cyt-pi/hardware-configuration.nix
+            ];
           };
-          modules = [
+        };
-            {
+        devShells.${system}.default = devShell;
-              nixpkgs.buildPlatform = system;
-              nixpkgs.hostPlatform = "aarch64-linux";
-            }
-            nixos-raspberrypi.nixosModules.nixpkgs-rpi
-            nixos-raspberrypi.nixosModules.raspberry-pi-5.base
-            nixos-raspberrypi.lib.inject-overlays-global
-            nixos-raspberrypi.nixosModules.sd-image
-            nixos-uconsole.nixosModules.uconsole-cm5
-            agenix.nixosModules.default
-            ./hosts/uconsole-cm5/configuration.nix
-          ];
-        }).config.system.build.sdImage;
       };
-    };
 }

hosts/lazyworkhorse/configuration.nix

@@ -9,7 +9,7 @@
   hoardingcow-mount.enable = true;
 
   # Flakesss
-  nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" "ca-derivations" ];
+  nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" ];
   nix.settings.trusted-users = [ "root" "gortium" ];
 
   # Garbage collection

hosts/lazyworkhorse/hyperspace-commit-msg.txt

@@ -1,12 +0,0 @@
-feat: add Hyperspace Pods NixOS module
-
-Create modules/nixos/services/hyperspace.nix for the Hyperspace Pods
-P2P AI cluster agent. Registered in flake.nix under lazyworkhorse.
-
-- Fetches CLI binary v5.45.30 via fetchurl with SRI hash verification
-- Systemd system service: auto profile, configurable api port 8080,
-  ai-worker user, GPU device access (kfd+dri), SupplementaryGroups
-  for video+render groups, service hardening
-- Firewall: TCP 4001 libp2p, 30301 chain, 8080 API; UDP 4001 libp2p
-- AMD MI50 ROCm via HSA_OVERRIDE_GFX_VERSION=9.0.6
-- Adds video+render groups to ai-worker for persistent GPU access

hosts/uconsole-cm5/configuration.nix

@@ -1,41 +0,0 @@
-{ config, lib, pkgs, keys, ... }:
-
-{
-  networking.hostName = "uConsole";
-  time.timeZone = "America/Montreal";
-  i18n.defaultLocale = "en_CA.UTF-8";
-  system.stateVersion = "25.11";
-
-  # SSH — root access avec clés gortium + ai-worker
-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = lib.mkForce "prohibit-password";
-      PasswordAuthentication = lib.mkForce false;
-    };
-  };
-
-  users.users.root.openssh.authorizedKeys.keys = with keys; [
-    users.gortium.main
-    users.ai-worker.main
-  ];
-
-  # WiFi via NetworkManager + secret agenix
-  networking.networkmanager.enable = true;
-
-  # Firmware
-  hardware.enableRedistributableFirmware = true;
-
-  # Hyprland Wayland compositor (manual start — no SDDM)
-  programs.hyprland = {
-    enable = true;
-    xwayland.enable = true;
-  };
-
-  # Override pipewire to drop libcamera (fixes cross-compile: rpi-pisp subproject blocked)
-  nixpkgs.overlays = [
-    (final: prev: {
-      pipewire = prev.pipewire.override { libcamera = null; };
-    })
-  ];
-}

hosts/uconsole-cm5/hardware-configuration.nix

@@ -1,30 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sdhci_pci" "nvme" ];
-  boot.initrd.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  # SD card partitions (nixos-uconsole layout)
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/NIXOS_SD";
-    fsType = "ext4";
-    options = [ "noatime" ];
-  };
-
-  fileSystems."/boot/firmware" = {
-    device = "/dev/disk/by-label/FIRMWARE";
-    fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
-  };
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-  hardware.enableRedistributableFirmware = true;
-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
-}

secrets/home_wifi.age

@@ -1,10 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSAycE1Y
-YmMvUWZpK2VKQVlqaHFtaERBRGROcFIyL0d6dEVRQmFxLzlqdFZNCkYxWkNIUXRZ
-V0dQOG4zY3U3Nk1JelBtY0cwUGdxaEI3dmZaVTZId04rVTQKLT4geV1cZC4wMnst
-Z3JlYXNlIDYgOG1IME1xCkQ0RGN1NU1FUWk0Y1RmamNEY0tJWmFQNGdoMkROcGVy
-aU5UYVFobVRLMVVUQ1JicUM2c0tSVzRQdEZ0VE5YamQKZUxPeVpLWDZJR0hqemdD
-cmkyUUdFZEZKZjBDNGhmNFR6bVUKLS0tIDRQUGR5RGI5UEhGNk5EQWw4dFk0R01k
-TUJWOFpleXBUajFPckFmem52cGsKHzn+QnuYLI2NEh5WWZQHrNuvVzYk+kVjsAsn
-KNS2dHjvadAopVY2Gypldf1p2RRtmgZkDHaPlNzv5Hk=
------END AGE ENCRYPTED FILE-----

secrets/secrets.nix

@@ -11,5 +11,4 @@ in
   "lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys;
   "n8n_ssh_key.age".publicKeys = authorizedKeys;
   "openclaw_gateway_token.age".publicKeys = authorizedKeys;
-  "home_wifi.age".publicKeys = authorizedKeys;
 }