Compare commits
29 Commits
feat/hyper
...
uconsole-c
| Author | SHA1 | Date | |
|---|---|---|---|
| 6543de3a45 | |||
| 0db8071300 | |||
| 9038863728 | |||
| 7e3b2520eb | |||
| 80efb68428 | |||
| 3d86af76b9 | |||
| 656570b39e | |||
| 8b6990ceee | |||
| a312c29221 | |||
| 053dd535d3 | |||
| 35e4155b8c | |||
| e8218c322a | |||
| 931ed2ac27 | |||
| 052081616c | |||
| d3d7cdff44 | |||
| 5202bc1fcb | |||
| 9319e32683 | |||
| 7da46d5769 | |||
| 8ea6be7ac1 | |||
| b455bf6866 | |||
| ce7c594562 | |||
| eb5e64ec67 | |||
| ec44012a64 | |||
| 16acc6a153 | |||
| 5ee644e9dd | |||
| efc50d23c4 | |||
| a527b65eae | |||
| 698d3f91eb | |||
| 1f99ca0d37 |
Submodule assets/compose updated: d3f2e3b7b9...3c92d93366
91
flake.nix
91
flake.nix
@@ -12,10 +12,23 @@
|
||||
url = "git+https://git.lix.systems/lix-project/lix?ref=main";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
self.submodules = true;
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, agenix, lix, ... }@inputs:
|
||||
# uConsole CM5 — pinned nixpkgs for kernel patch compatibility
|
||||
nixpkgs-uconsole.url = "github:NixOS/nixpkgs/nixos-25.11";
|
||||
nixos-uconsole = {
|
||||
url = "github:nixos-uconsole/nixos-uconsole/v1.1.0";
|
||||
inputs.nixpkgs.follows = "nixpkgs-uconsole";
|
||||
inputs.nixos-raspberrypi.follows = "nixos-raspberrypi";
|
||||
};
|
||||
nixos-raspberrypi = {
|
||||
url = "github:gortium/nixos-raspberrypi/cm5-cross-v1";
|
||||
inputs.nixpkgs.follows = "nixpkgs-uconsole";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, agenix, lix
|
||||
, nixpkgs-uconsole, nixos-uconsole, nixos-raspberrypi
|
||||
, ... }@inputs:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
keys = import ./lib/keys.nix;
|
||||
@@ -61,7 +74,6 @@
|
||||
./modules/nixos/services/open_code_server.nix
|
||||
./modules/nixos/services/ollama_init_custom_models.nix
|
||||
./modules/nixos/services/openclaw_node.nix
|
||||
./modules/nixos/services/hyperspace.nix
|
||||
./modules/nixos/security/ai-worker-restricted.nix
|
||||
./users/gortium.nix
|
||||
./users/ai-worker.nix
|
||||
@@ -81,7 +93,78 @@
|
||||
./hosts/cyt-pi/hardware-configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
# ============================================================
|
||||
# uConsole CM5 — cross-compilé (build sur x86_64, run sur ARM)
|
||||
# Approche incrémentale pour fixer l'écran
|
||||
# ============================================================
|
||||
uconsole-cm5 = nixpkgs-uconsole.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = {
|
||||
inherit self keys paths inputs;
|
||||
nixos-raspberrypi = nixos-raspberrypi;
|
||||
isCM4 = false;
|
||||
};
|
||||
modules = [
|
||||
{
|
||||
# Cross-compile : build sur x86_64, run sur aarch64
|
||||
nixpkgs.buildPlatform = "x86_64-linux";
|
||||
nixpkgs.hostPlatform = "aarch64-linux";
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
boot.loader.raspberry-pi.bootloader = "kernel";
|
||||
}
|
||||
# nixos-raspberrypi — pkgs.rpi + overlays standardisés
|
||||
nixos-raspberrypi.nixosModules.nixpkgs-rpi
|
||||
nixos-raspberrypi.nixosModules.raspberry-pi-5.base
|
||||
nixos-raspberrypi.lib.inject-overlays
|
||||
nixos-raspberrypi.lib.inject-overlays-global
|
||||
# nixos-uconsole CM5 modules
|
||||
nixos-uconsole.nixosModules.kernel
|
||||
(nixos-uconsole.nixosModules.cm { lib = nixpkgs-uconsole.lib; isCM4 = false; })
|
||||
nixos-uconsole.nixosModules.base
|
||||
# Lix cross-compilé (lix.packages.aarch64-linux est natif → QEMU)
|
||||
({ config, lib, pkgs, inputs, ... }: let
|
||||
lix-cross = import inputs.nixpkgs-uconsole {
|
||||
localSystem = { system = "x86_64-linux"; };
|
||||
crossSystem = { system = "aarch64-linux"; };
|
||||
overlays = [ inputs.lix.overlays.default ];
|
||||
};
|
||||
in { nix.package = lix-cross.lix; })
|
||||
# agenix
|
||||
agenix.nixosModules.default
|
||||
# Notre config
|
||||
./hosts/uconsole-cm5/configuration.nix
|
||||
./hosts/uconsole-cm5/hardware-configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
devShells.${system}.default = devShell;
|
||||
packages.${system} = {
|
||||
# Image SD flashable pour uConsole CM5 (SSH + WiFi + clés)
|
||||
# Usage : dd if=result of=/dev/sda bs=4M status=progress conv=fsync
|
||||
uconsole-cm5-image = (nixos-raspberrypi.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = {
|
||||
inherit self keys inputs;
|
||||
nixos-raspberrypi = nixos-raspberrypi;
|
||||
isCM4 = false;
|
||||
};
|
||||
modules = [
|
||||
{
|
||||
nixpkgs.buildPlatform = system;
|
||||
nixpkgs.hostPlatform = "aarch64-linux";
|
||||
}
|
||||
nixos-raspberrypi.nixosModules.nixpkgs-rpi
|
||||
nixos-raspberrypi.nixosModules.raspberry-pi-5.base
|
||||
nixos-raspberrypi.lib.inject-overlays-global
|
||||
nixos-raspberrypi.nixosModules.sd-image
|
||||
nixos-uconsole.nixosModules.kernel
|
||||
(nixos-uconsole.nixosModules.cm { lib = nixpkgs-uconsole.lib; isCM4 = false; })
|
||||
nixos-uconsole.nixosModules.base
|
||||
agenix.nixosModules.default
|
||||
./hosts/uconsole-cm5/configuration.nix
|
||||
];
|
||||
}).config.system.build.sdImage;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
hoardingcow-mount.enable = true;
|
||||
|
||||
# Flakesss
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" ];
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" "ca-derivations" ];
|
||||
nix.settings.trusted-users = [ "root" "gortium" ];
|
||||
|
||||
# Garbage collection
|
||||
|
||||
12
hosts/lazyworkhorse/hyperspace-commit-msg.txt
Executable file
12
hosts/lazyworkhorse/hyperspace-commit-msg.txt
Executable file
@@ -0,0 +1,12 @@
|
||||
feat: add Hyperspace Pods NixOS module
|
||||
|
||||
Create modules/nixos/services/hyperspace.nix for the Hyperspace Pods
|
||||
P2P AI cluster agent. Registered in flake.nix under lazyworkhorse.
|
||||
|
||||
- Fetches CLI binary v5.45.30 via fetchurl with SRI hash verification
|
||||
- Systemd system service: auto profile, configurable api port 8080,
|
||||
ai-worker user, GPU device access (kfd+dri), SupplementaryGroups
|
||||
for video+render groups, service hardening
|
||||
- Firewall: TCP 4001 libp2p, 30301 chain, 8080 API; UDP 4001 libp2p
|
||||
- AMD MI50 ROCm via HSA_OVERRIDE_GFX_VERSION=9.0.6
|
||||
- Adds video+render groups to ai-worker for persistent GPU access
|
||||
0
modules/nixos/services/hyperspace.nix → hosts/lazyworkhorse/hyperspace.nix
Normal file → Executable file
0
modules/nixos/services/hyperspace.nix → hosts/lazyworkhorse/hyperspace.nix
Normal file → Executable file
28
hosts/uconsole-cm5/configuration.nix
Normal file
28
hosts/uconsole-cm5/configuration.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
{ config, lib, pkgs, keys, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "uConsole";
|
||||
time.timeZone = "America/Montreal";
|
||||
i18n.defaultLocale = "en_CA.UTF-8";
|
||||
system.stateVersion = "25.11";
|
||||
|
||||
# SSH — root access avec clés gortium + ai-worker
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PermitRootLogin = lib.mkForce "prohibit-password";
|
||||
PasswordAuthentication = lib.mkForce false;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = with keys; [
|
||||
users.gortium.main
|
||||
users.ai-worker.main
|
||||
];
|
||||
|
||||
# WiFi via NetworkManager + secret agenix
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Firmware
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
||||
30
hosts/uconsole-cm5/hardware-configuration.nix
Normal file
30
hosts/uconsole-cm5/hardware-configuration.nix
Normal file
@@ -0,0 +1,30 @@
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sdhci_pci" "nvme" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# SD card partitions (nixos-uconsole layout)
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot/firmware" = {
|
||||
device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
}
|
||||
10
secrets/home_wifi.age
Normal file
10
secrets/home_wifi.age
Normal file
@@ -0,0 +1,10 @@
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSAycE1Y
|
||||
YmMvUWZpK2VKQVlqaHFtaERBRGROcFIyL0d6dEVRQmFxLzlqdFZNCkYxWkNIUXRZ
|
||||
V0dQOG4zY3U3Nk1JelBtY0cwUGdxaEI3dmZaVTZId04rVTQKLT4geV1cZC4wMnst
|
||||
Z3JlYXNlIDYgOG1IME1xCkQ0RGN1NU1FUWk0Y1RmamNEY0tJWmFQNGdoMkROcGVy
|
||||
aU5UYVFobVRLMVVUQ1JicUM2c0tSVzRQdEZ0VE5YamQKZUxPeVpLWDZJR0hqemdD
|
||||
cmkyUUdFZEZKZjBDNGhmNFR6bVUKLS0tIDRQUGR5RGI5UEhGNk5EQWw4dFk0R01k
|
||||
TUJWOFpleXBUajFPckFmem52cGsKHzn+QnuYLI2NEh5WWZQHrNuvVzYk+kVjsAsn
|
||||
KNS2dHjvadAopVY2Gypldf1p2RRtmgZkDHaPlNzv5Hk=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
@@ -11,4 +11,5 @@ in
|
||||
"lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys;
|
||||
"n8n_ssh_key.age".publicKeys = authorizedKeys;
|
||||
"openclaw_gateway_token.age".publicKeys = authorizedKeys;
|
||||
"home_wifi.age".publicKeys = authorizedKeys;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user