gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity
Files
f4b666284ae9174b2ee4b91a1911dc13b646ab8b
infra/hosts/lazyworkhorse/configuration.nix
Hermes Agent f4b666284a feat: add Hyperspace Pods NixOS module and enable on lazyworkhorse 
Hyperspace Pods let multiple machines pool their GPUs into one private
P2P mesh AI cluster. Models are split across all connected GPUs —
e.g. two machines with 16GB VRAM each can run Qwen 3.5 32B together.

Changes:
- Add modules/nixos/services/hyperspace.nix — NixOS module that:
  * Fetches the Hyperspace CLI binary (v5.45.30) via fetchurl
  * Sets up systemd service for the agent
  * Opens firewall ports (libp2p 4001, chain 30301, API 8080)
  * Configures GPU passthrough for AMD MI50 (ROCm)
- Register module in flake.nix for lazyworkhorse
- Enable hyperspace service on lazyworkhorse (ai-worker user, port 8080)

Usage after deployment:
  hyperspace pod create "tdnde-lab"   # create pod
  hyperspace pod invite                # share invite with cyt-pi
  curl http://localhost:8080/v1/chat/completions  # OpenAI API

See skill: nixos-hyperspace-pods
2026-05-02 15:36:15 +00:00

347 lines
9.7 KiB
Nix
Raw Blame History

# edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, paths, self, keys, ... }:
{
# NAS Mounting
hoardingcow-mount.enable = true;
# Flakesss
nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" ];
nix.settings.trusted-users = [ "root" "gortium" ];
# Garbage collection
nix.gc = {
automatic = true;
dates = "daily"; # You can also use "daily" or a cron-like spec
options = "--delete-older-than 30d";
};
nix.settings = {
keep-derivations = true;
keep-outputs = true;
auto-optimise-store = true;
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
# 1. Force the kernel to ignore BIOS resource locks
boot.kernelParams = [
"acpi_enforce_resources=lax"
"nct6775.force_id=0xd120" # This forces the driver to ignore BIOS locks for NCT6116
"transparent_hugepage=always" # because mucho ram
];
# 2. Load the specific drivers found by sensors-detect
boot.kernelModules = [ "nct6775" "lm96163" ];
# 3. Force the nct6775 driver to recognize the chip if it's stubborn
boot.extraModprobeConfig = ''
options nct6775 force_id=0xd280
'';
boot.blacklistedKernelModules = [ "eeepc_wmi" ];
networking.hostName = "lazyworkhorse"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.hostId = "deadbeef";
# Set your time zone.
time.timeZone = "America/Montreal";
# Locales
i18n.defaultLocale = "en_CA.UTF-8";
i18n.supportedLocales = [
"en_CA.UTF-8/UTF-8"
];
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_CA.UTF-8";
LC_IDENTIFICATION = "en_CA.UTF-8";
LC_MEASUREMENT = "en_CA.UTF-8";
LC_MONETARY = "en_CA.UTF-8";
LC_NAME = "en_CA.UTF-8";
LC_NUMERIC = "en_CA.UTF-8";
LC_PAPER = "en_CA.UTF-8";
LC_TELEPHONE = "en_CA.UTF-8";
LC_TIME = "en_CA.UTF-8";
LC_CTYPE = "en_CA.UTF-8";
};
programs.zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
enableCompletion = true;
setOptions = [ "HIST_IGNORE_ALL_DUPS" "SHARE_HISTORY" ];
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
services.pipewire = {
enable = true;
pulse.enable = true;
};
# Nix Helper cli tool
environment.sessionVariables = {
NH_FLAKE = paths.flake;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# nvim please
environment.variables.EDITOR = "nvim";
# List packages installed in system profile.
# You can use https://Search.nixos.org/ to find more packages (and options).
environment.systemPackages = with pkgs; [
neovim
docker-compose
wget
age
agenix
git
nh
lm_sensors
rocmPackages.rocminfo
rocmPackages.rocm-smi
nvtopPackages.amd
clinfo
ncurses
kitty.terminfo
nodejs_22
uv
openclaw
(python3.withPackages (ps: with ps; [
openai-whisper
]))
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon
services.openssh = {
enable = true;
ports = [ 2424 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "prohibit-password";
};
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
services.dockerStacks = {
versioncontrol = {
path = self + "/assets/compose/versioncontrol";
ports = [ 2222 ];
};
network = {
path = self + "/assets/compose/network";
envFile = config.age.secrets.containers_env.path;
ports = [ 80 443 ];
};
passwordmanager = {
path = self + "/assets/compose/passwordmanager";
};
ai = {
path = self + "/assets/compose/ai";
envFile = config.age.secrets.containers_env.path;
};
cloudstorage = {
path = self + "/assets/compose/cloudstorage";
envFile = config.age.secrets.containers_env.path;
};
homeautomation = {
path = self + "/assets/compose/homeautomation";
envFile = config.age.secrets.containers_env.path;
};
authentification = {
path = self + "/assets/compose/authentification";
};
backup = {
path = self + "/assets/compose/backup";
envFile = config.age.secrets.containers_env.path;
};
coms = {
path = self + "/assets/compose/coms";
envFile = config.age.secrets.containers_env.path;
};
finance = {
path = self + "/assets/compose/finance";
};
homepage = {
path = self + "/assets/compose/homepage";
};
# tak = {
# path = self + "/assets/compose/tak";
# };
};
services.opencode = {
enable = true;
port = 4099;
ollamaUrl = "http://127.0.0.1:11434/v1";
};
# Private host ssh key managed by agenix
age = {
identityPaths = paths.identities;
secrets = {
containers_env = {
file = ../../secrets/containers.env.age;
path = "/run/secrets/containers.env";
owner = "root";
group = "root";
mode = "0400";
};
lazyworkhorse_host_ssh_key = {
file = ../../secrets/lazyworkhorse_host_ssh_key.age;
owner = "root";
group = "root";
mode = "0600";
path = "/etc/ssh/ssh_host_ed25519_key";
};
ai_ssh_key = {
file = ../../secrets/ai_ssh_key.age;
owner = "root";
group = "root";
mode = "0600";
path = "/home/ai-worker/.ssh/ai_ssh_key";
};
openclaw_gateway_token = {
file = ../../secrets/openclaw_gateway_token.age;
owner = "root";
group = "ai-worker";
mode = "0440";
path = "/run/secrets/openclaw_gateway_token";
};
};
};
# OpenClaw Node service (host-side execution for Docker gateway)
services.openclaw-node = {
enable = true;
user = "ai-worker";
gatewayHost = "127.0.0.1";
gatewayPort = 18789;
gatewayTokenFile = "/run/secrets/openclaw_gateway_token";
displayName = "lazyworkhorse-host";
};
# Hyperspace Pods — P2P mesh AI cluster (combine GPUs across machines)
services.hyperspace = {
enable = true;
user = "ai-worker";
apiPort = 8080;
profile = "auto";
openFirewall = true;
extraArgs = [ "--verbose" ];
};
# Public host ssh key (kept in sync with the private one)
environment.etc."ssh/ssh_host_ed25519_key.pub".text =
"${keys.hosts.lazyworkhorse.main}";
services.fstrim.enable = true;
services.zfs.autoSnapshot.enable = true;
services.zfs.autoScrub.enable = true;
# Mi50 config
hardware.graphics = {
enable = true;
enable32Bit = true; # Useful for some compatibility layers
extraPackages = with pkgs; [
rocmPackages.clr.icd # OpenCL/HIP runtime
];
};
nixpkgs.config.rocmTargets = [ "gfx906" ];
environment.variables = {
# This "tricks" ROCm into supporting the MI50 if using newer versions
HSA_OVERRIDE_GFX_VERSION = "9.0.6";
# Ensures the system sees both GPUs
HIP_VISIBLE_DEVICES = "0,1";
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink