feat: add Hyperspace Pods NixOS module #56

Open

Hermes wants to merge 1 commits from feat/hyperspace-pods-module into master

pull from: feat/hyperspace-pods-module

merge into: gortium:master

gortium:master

gortium:feat/worldmonitor

gortium:feat/ups-config

gortium:feat/rollback-sentinel-on-fresh-branch

gortium:fix/honcho-vector-dim-empty

gortium:fix/backup-submodule-update

gortium:feat/restrict-docker-blacklist

gortium:feat/restrict-docker-commands-for-ai-worker

gortium:fix/hermes-matrix-deps-venv-persist

gortium:feat/uconsole-cm5-v3

gortium:fix/update-compose-submodule-matrix-bridge

gortium:feat/nix-deployment-v2

gortium:kvm-pr

gortium:feat/nixos-ci-workflow

gortium:kvm-pr-consolidate

gortium:feat/hermes-workspace-combined

gortium:feat/hermes-workspace

gortium:feat/hermes-workers

gortium:feat/add-paperclip-agent-orchestrator

gortium:feat/syncthing-org-sync

gortium:fix/vpn-iptables-nft-v3

gortium:fix/vpn-iptables-nft-v2

gortium:fix/vpn-iptables-nft-upstream

gortium:feat/nixos-ci

gortium:feat/update-compose-submodule-custom-tools

gortium:feat/kvm-libvirt

gortium:fix/wg-easy-iptables-nft

gortium:feat/compose-submodule-v2

gortium:feat/hermes-fork-dockerfile

gortium:ai-worker-restricted-access

gortium:feat/wireguard-vpn

gortium:feat/k3s-pod-cluster

gortium:feature/server-hardening-clean

gortium:docs/merge-priority-order

gortium:feat/hermes-voice-gpu-support

gortium:feat/uconsole-cm5-v2

gortium:fix/matrix-bridge-v2

gortium:fix/backup-network-v2

gortium:feat/docker-add-qemu-cross-compilation

gortium:feat/docker-add-latex-stack

gortium:feat/docker-add-chromium-browser-deps

gortium:feat/docker-add-curl-poppler-imagemagick

gortium:feat/add-uconsole-host

gortium:home_manager

Conversation 0 Commits 1 Files Changed 2 +135

Hermes commented 2026-05-20 18:06:22 +00:00

Collaborator

Copy Link

Summary

Adds a NixOS module for Hyperspace Pods — a private P2P mesh AI cluster agent for distributed LLM inference across machines.

Changes

modules/nixos/services/hyperspace.nix — new NixOS module with:

• Binary fetch: Downloads aios-cli-x86_64-unknown-linux-gnu.tar.gz v5.45.30 via fetchurl with SRI hash verification
• Systemd service: Runs as ai-worker user, auto profile, configurable API port (default 8080), on-failure restart
• GPU passthrough: DeviceAllow for /dev/kfd and /dev/dri, SupplementaryGroups for video and render, HSA_OVERRIDE_GFX_VERSION=9.0.6 for AMD MI50 (gfx906) ROCm compatibility
• Service hardening: NoNewPrivileges, ProtectHome=tmpfs, ProtectSystem=strict, PrivateTmp
• Firewall: Opens TCP 4001 (libp2p), 30301 (chain P2P), 8080 (API) and UDP 4001 (libp2p)
• Persistent GPU groups: Adds video and render to ai-worker user's extraGroups

flake.nix — registered ./modules/nixos/services/hyperspace.nix under the lazyworkhorse modules list.

Configuration

Once merged, enable in hosts/lazyworkhorse/configuration.nix:

services.hyperspace = {
  enable = true;
  user = "ai-worker";
  apiPort = 8080;
  profile = "auto";
  autoStart = true;
};

References

• Hyperspace Pods
• CLI releases
• Existing skill: nixos-hyperspace-pods

## Summary Adds a NixOS module for Hyperspace Pods — a private P2P mesh AI cluster agent for distributed LLM inference across machines. ## Changes **`modules/nixos/services/hyperspace.nix`** — new NixOS module with: - **Binary fetch**: Downloads `aios-cli-x86_64-unknown-linux-gnu.tar.gz` v5.45.30 via `fetchurl` with SRI hash verification - **Systemd service**: Runs as `ai-worker` user, `auto` profile, configurable API port (default 8080), on-failure restart - **GPU passthrough**: DeviceAllow for `/dev/kfd` and `/dev/dri`, SupplementaryGroups for `video` and `render`, `HSA_OVERRIDE_GFX_VERSION=9.0.6` for AMD MI50 (gfx906) ROCm compatibility - **Service hardening**: NoNewPrivileges, ProtectHome=tmpfs, ProtectSystem=strict, PrivateTmp - **Firewall**: Opens TCP 4001 (libp2p), 30301 (chain P2P), 8080 (API) and UDP 4001 (libp2p) - **Persistent GPU groups**: Adds `video` and `render` to `ai-worker` user's extraGroups **`flake.nix`** — registered `./modules/nixos/services/hyperspace.nix` under the lazyworkhorse modules list. ## Configuration Once merged, enable in `hosts/lazyworkhorse/configuration.nix`: ```nix services.hyperspace = { enable = true; user = "ai-worker"; apiPort = 8080; profile = "auto"; autoStart = true; }; ``` ## References - [Hyperspace Pods](https://hyperspace.sh) - [CLI releases](https://github.com/hyperspaceai/aios-cli/releases) - Existing skill: `nixos-hyperspace-pods`

Hermes added 1 commit 2026-05-20 18:06:23 +00:00

feat: add Hyperspace Pods NixOS module ... 09c8211e58

Create modules/nixos/services/hyperspace.nix for Hyperspace Pods P2P AI cluster agent. Registered in flake.nix under lazyworkhorse modules list.

- Fetches CLI binary v5.45.30 via fetchurl with SRI hash verification
- Systemd system service: auto profile, api port 8080, ai-worker user
- GPU device access via DeviceAllow (kfd+dri) and video+render groups
- Service hardening: NoNewPrivileges, ProtectHome, ProtectSystem, PrivateTmp
- Firewall: TCP 4001 (libp2p), 30301 (chain), 8080 (API); UDP 4001 (libp2p)
- AMD MI50 ROCm compatibility via HSA_OVERRIDE_GFX_VERSION=9.0.6

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feat/hyperspace-pods-module:feat/hyperspace-pods-module

git checkout feat/hyperspace-pods-module

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Hermes gortium

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: gortium/infra#56

No description provided.