Update from update-inputs-2024-08-22-04-20

config/common/default.nix

@@ -9,6 +9,7 @@ with lib; {
     ../../modules
   ];
   environment.systemPackages = with pkgs; [
+    kitty.terminfo
     bat
     dig
     htop
@@ -22,8 +23,6 @@ with lib; {
     unzip
     zip
     figlet
-  ] ++ lib.optionals (!config.kyouma.machine-type.container) [
-    kitty.terminfo
   ];
   programs = {
     mtr.enable = true;
@@ -58,7 +57,7 @@ with lib; {
   nix.gc.automatic = true;
   nix.gc.options = "--delete-older-than 7d";
   nix.optimise.automatic = true;
-  nix.registry.nixpkgs.to = lib.mkIf (!config.kyouma.machine-type.container) {
+  nix.registry.nixpkgs.to = {
     type = "path";
     path = pkgs.path;
   };

config/hosts/build-worker-oci/configuration.nix

@@ -1,15 +0,0 @@
-{ lib, modulesPath, ... }: { 
-  imports = [
-    "${modulesPath}/virtualisation/docker-image.nix"
-    ../../common
-    ../../profiles/builder.nix
-    ../../profiles/headless.nix
-  ];
-
-  networking.hostName = "build-worker-oci";
-  services.resolved.enable = lib.mkForce false;
-  kyouma = {
-    machine-type.container = true;
-    deployment.auto-upgrade.enable = lib.mkForce false;
-  };
-}

config/services/hydra/default.nix

@@ -1,6 +1,7 @@
-{ config, ... }: {
+{ config, inputs, lib, ... }: {
   imports = [
     ./nix-config.nix
+    inputs.lix-module.nixosModules.default
   ];
   sops.secrets."services/hydra/signKey" = {
     owner = "hydra-queue-runner";
@@ -18,8 +19,12 @@
   };
   kyouma.deployment.auto-upgrade.cache = "daemon";
 
+  nix.package = lib.mkForce inputs.lix-module.packages.${config.nixpkgs.hostPlatform.system}.default;
+  nix.settings.experimental-features = lib.mkForce [ "nix-command" "flakes" "pipe-operator" ];
+
   services.hydra = {
     enable = true;
+    package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
     hydraURL = "https://hydra.kyouma.net";
     listenHost = "localhost";
     notificationSender = "hydra@hydra.kyouma.net";

config/services/hydra/nix-config.nix

@@ -1,13 +1,12 @@
-{ config, ... }: {
+{ config, lib, ... }: {
   nix.buildMachines = [
     {
       hostName = "localhost";
-      sshUser = "hydra-queue-runner";
+      protocol = null;
-      maxJobs = 20;
+      maxJobs = 0;
-      speedFactor = 17;
+      speedFactor = 0;
       systems = [ "x86_64-linux" ];
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
     }
     {
       hostName = "integra.kyouma.net";
@@ -18,8 +17,8 @@
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
     }
-    {
+  ] ++ lib.forEach [ "03" "04" ] (num: {
-      hostName = "build-worker-03.nyantec.com";
+      hostName = "build-worker-${num}.nyantec.com";
       sshUser = "nix-ssh";
       maxJobs = 4;
       speedFactor = 18;
@@ -27,16 +26,15 @@
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
       sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
     }
-    {
+  ) ++ lib.forEach [ "01" "02" "03" "04" ] (num: {
-      hostName = "build-worker-04.nyantec.com";
+      hostName = "build-worker-${num}";
-      sshUser = "nix-ssh";
+      sshUser = "root";
-      maxJobs = 4;
+      maxJobs = 6;
-      speedFactor = 18;
+      speedFactor = 20;
-      systems = [ "x86_64-linux" "riscv64-linux" ];
+      systems = [ "x86_64-linux" ];
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
       sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
-    }
+  });
-  ];
   nix.settings = {
     allowed-uris = [
       "github:"
@@ -49,9 +47,29 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
   ];
   programs.ssh = {
-    knownHosts."build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
+    knownHosts = {
-    knownHosts."build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
+      "build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
-    knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
+      "build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
-    knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
+      "integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
+      "localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
+      "[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
+      "[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
+      "[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
+      "[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
+    }; 
+    extraConfig = ''
+      Host build-worker-01
+        Hostname build-worker-kyoumanet.fly.dev
+        Port 2201
+      Host build-worker-02
+        Hostname build-worker-kyoumanet.fly.dev
+        Port 2202
+      Host build-worker-03
+        Hostname build-worker-kyoumanet.fly.dev
+        Port 2203
+      Host build-worker-04
+        Hostname build-worker-kyoumanet.fly.dev
+        Port 2204
+    '';
   };
 }

flake.lock

@@ -13,11 +13,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1724086414,
+        "lastModified": 1724226964,
-        "narHash": "sha256-jcY81r8PdMQ9dCGhT0YLZzxPj3kQJXyWCmvQLXbR1EI=",
+        "narHash": "sha256-cltFh4su2vcFidxKp7LuEgX3ZGLfPy0DCdrQZ/QTe68=",
         "owner": "zhaofengli",
         "repo": "attic",
-        "rev": "acf3c351f8de47c6857f31948ab253f9c7ce2a6f",
+        "rev": "6d9aeaef0a067d664cb11bb7704f7ec373d47fb2",
         "type": "github"
       },
       "original": {
@@ -205,11 +205,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724163524,
+        "lastModified": 1724290508,
-        "narHash": "sha256-3A06DYw47oSLYMalkWDLzTMHC0MKgm1mNfaca9sqUnI=",
+        "narHash": "sha256-dtL4vielmrko/0XpZ3Wfd7czVvv3NC5oiwh8PKJN9hw=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "c7b14da22e302e0f9d7aa4df26b61016bcedf738",
+        "rev": "4b866c9942d0f771ae934f04ca9859936f9bfbcf",
         "type": "github"
       },
       "original": {
@@ -280,6 +280,22 @@
       }
     },
     "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_3": {
       "locked": {
         "lastModified": 1696426674,
         "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@@ -293,7 +309,7 @@
         "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
       }
     },
-    "flake-compat_3": {
+    "flake-compat_4": {
       "flake": false,
       "locked": {
         "lastModified": 1673956053,
@@ -310,6 +326,28 @@
       }
     },
     "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "hydra",
+          "nix-eval-jobs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_2": {
       "inputs": {
         "nixpkgs-lib": [
           "nixvim",
@@ -366,6 +404,39 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flakey-profile": {
+      "locked": {
+        "lastModified": 1712898590,
+        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "type": "github"
+      }
+    },
     "fromYaml": {
       "flake": false,
       "locked": {
@@ -471,6 +542,28 @@
         "type": "github"
       }
     },
+    "hydra": {
+      "inputs": {
+        "lix": [
+          "lix"
+        ],
+        "nix-eval-jobs": "nix-eval-jobs",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1724017314,
+        "narHash": "sha256-FFv/JT+A7xG6H1FN6aEHWzhrHXtw16BkSmBx0wgmC9U=",
+        "ref": "refs/heads/main",
+        "rev": "3ee51dbe589458cc54ff753317bbc6db530bddc0",
+        "revCount": 4201,
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/hydra.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/hydra.git"
+      }
+    },
     "iceshrimp": {
       "inputs": {
         "nixpkgs": [
@@ -514,6 +607,61 @@
         "url": "https://woof.rip/emily/kyouma-net.git"
       }
     },
+    "lix": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "nix2container": "nix2container",
+        "nixpkgs": "nixpkgs_3",
+        "nixpkgs-regression": "nixpkgs-regression",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1723503926,
+        "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
+        "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
+      }
+    },
+    "lix-module": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "flakey-profile": "flakey-profile",
+        "lix": "lix_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1723510904,
+        "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
+        "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
+      }
+    },
+    "lix_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1723503926,
+        "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
+        "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -535,6 +683,72 @@
         "type": "github"
       }
     },
+    "nix-eval-jobs": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "lix": [
+          "hydra",
+          "lix"
+        ],
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "hydra",
+          "nixpkgs"
+        ],
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1723579251,
+        "narHash": "sha256-xnHtfw0gRhV+2S9U7hQwvp2klTy1Iv7FlMMO0/WiMVc=",
+        "ref": "refs/heads/main",
+        "rev": "42a160bce2fd9ffebc3809746bc80cc7208f9b08",
+        "revCount": 609,
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/nix-eval-jobs"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/nix-eval-jobs"
+      }
+    },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "hydra",
+          "nix-eval-jobs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1720066371,
+        "narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "622f829f5fe69310a866c8a6cd07e747c44ef820",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
+    "nix2container": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1720642556,
+        "narHash": "sha256-qsnqk13UmREKmRT7c8hEnz26X3GFFyIQrqx4EaRc1Is=",
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "3853e5caf9ad24103b13aa6e0e8bcebb47649fe4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1724067415,
@@ -586,6 +800,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1720535198,
@@ -619,6 +849,38 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1723688146,
+        "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1721931987,
+        "narHash": "sha256-1Zg8LY0T5EfXtv0Kf4M6SFnjH7Eto4VV+EKJ/YSnhiI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e21630230c77140bc6478a21cd71e8bb73706fce",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1723991338,
         "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
@@ -637,8 +899,8 @@
     "nixvim": {
       "inputs": {
         "devshell": "devshell",
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat_3",
-        "flake-parts": "flake-parts",
+        "flake-parts": "flake-parts_2",
         "git-hooks": "git-hooks",
         "home-manager": [
           "home-manager"
@@ -648,14 +910,14 @@
           "nixpkgs"
         ],
         "nuschtosSearch": "nuschtosSearch",
-        "treefmt-nix": "treefmt-nix"
+        "treefmt-nix": "treefmt-nix_2"
       },
       "locked": {
-        "lastModified": 1724188973,
+        "lastModified": 1724222231,
-        "narHash": "sha256-JaP6B9kjXccjRp/7CY2QPSSMarjPJMB0vytfqBdJU7E=",
+        "narHash": "sha256-IFlMn1lgVsZQZC9WklY9YKcCdI0mUxSYZ7EfkaKCsQU=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "851edc8df1347aef556a646c80d469a3137331ba",
+        "rev": "b7f419a759f70126e220533b724cc17e8528b184",
         "type": "github"
       },
       "original": {
@@ -666,7 +928,7 @@
     },
     "nuschtosSearch": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "nixvim",
           "nixpkgs"
@@ -686,6 +948,22 @@
         "type": "github"
       }
     },
+    "pre-commit-hooks": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1721042469,
+        "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "attic": "attic",
@@ -694,11 +972,14 @@
         "fernglas": "fernglas",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
+        "hydra": "hydra",
         "iceshrimp": "iceshrimp",
         "kyouma-www": "kyouma-www",
+        "lix": "lix",
+        "lix-module": "lix-module",
         "nixos-hardware": "nixos-hardware",
         "nixos-needsreboot": "nixos-needsreboot",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_4",
         "nixvim": "nixvim",
         "sops-nix": "sops-nix",
         "stylix": "stylix"
@@ -734,7 +1015,7 @@
         "base16-kitty": "base16-kitty",
         "base16-tmux": "base16-tmux",
         "base16-vim": "base16-vim",
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
         "gnome-shell": "gnome-shell",
         "home-manager": [
           "home-manager"
@@ -744,11 +1025,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724091143,
+        "lastModified": 1724260414,
-        "narHash": "sha256-55CrA0BNqmnS4qB812D7JY9hNBB0r36sJlErepkfeTo=",
+        "narHash": "sha256-EP1yFDEm/f7+j+fE3TI7KZb5xJH6KNMtmlZciktC71c=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "94d70292d0c687ebacb65d00bd516cbefa18d3ca",
+        "rev": "c5f8f06543b70248a076f888177c7362a24d5dcc",
         "type": "github"
       },
       "original": {
@@ -787,7 +1068,44 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "hydra",
+          "nix-eval-jobs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1723454642,
+        "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "349de7bc435bdff37785c2466f054ed1766173be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "treefmt-nix_2": {
       "inputs": {
         "nixpkgs": [
           "nixvim",

flake.nix

@@ -20,13 +20,16 @@
     };
     fernglas = {
       url = "github:wobcom/fernglas";
-      #inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
     };
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    hydra = {
+      url = "git+https://git.lix.systems/lix-project/hydra.git";
+      inputs.lix.follows = "lix";
+    };
     iceshrimp = {
       url = "git+https://iceshrimp.dev/iceshrimp/packaging";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -36,6 +39,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
     };
+    lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz";
+    lix-module = {
+      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nixos-needsreboot = {
       url = "github:thefossguy/nixos-needsreboot";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -64,10 +72,6 @@
       "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
     ];
     builders-use-substitutes = true;
-    builders = ''
-      ssh://build@seras.kyouma.net x86_64-linux - 40 40 nixos-test,benchmark,big-parallel,kvm
-      ssh://build@integra.kyouma.net aarch64-linux - 4 8 nixos-test,benchmark,big-parallel,kvm
-    '';
   };
 
   outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
@@ -109,7 +113,6 @@
     };
     images = {
       lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
-      build-worker-oci = self.nixosConfigurations.build-worker-oci.config.system.build.tarball;
     };
 
     overlays = {
@@ -133,14 +136,18 @@
     };
   in {
     packages = shinyflakes.mapPackages (pkgs) {
-#      newhost = pkgs.stdenv.mkDerivation {
+#      newHost = pkgs.writeShellApplication {
-#        name = "newhost";
+#        name = "update-flyio";
+#        text = ''
+#        '';
 #      };
     };
-#    apps = rec {
+    apps = {
-#      newhost = self.packages.${system}.newhost;
+      update-build-worker = {
-#      default = newhost;
+        type = "app";
-#    };
+        program = ./pkgs/build-worker-oci/update.sh;
+      };
+    };
     devShells.default = pkgs.mkShell {
       packages = [ pkgs.colmena pkgs.sops ];
     };

fly.toml

@@ -0,0 +1,77 @@
+app = 'build-worker-kyoumanet'
+primary_region = 'ams'
+
+[build]
+  image = 'registry.fly.io/build-worker-kyoumanet:latest'
+
+[processes]
+  bw-01 = '/entrypoint.sh'
+  bw-02 = '/entrypoint.sh'
+  bw-03 = '/entrypoint.sh'
+  bw-04 = '/entrypoint.sh'
+
+[[mounts]]
+  source = 'bw01'
+  destination = '/mnt/data'
+  initial_size = '128GB'
+  processes = ['bw-01']
+
+[[mounts]]
+  source = 'bw02'
+  destination = '/mnt/data'
+  initial_size = '128GB'
+  processes = ['bw-02']
+
+[[mounts]]
+  source = 'bw03'
+  destination = '/mnt/data'
+  initial_size = '128GB'
+  processes = ['bw-03']
+
+[[mounts]]
+  source = 'bw04'
+  destination = '/mnt/data'
+  initial_size = '128GB'
+  processes = ['bw-04']
+
+[[services]]
+  protocol = 'tcp'
+  internal_port = 2222
+  auto_stop_machines = 'off'
+  processes = ['bw-01']
+
+  [[services.ports]]
+    port = 2201
+
+[[services]]
+  protocol = 'tcp'
+  internal_port = 2222
+  auto_stop_machines = 'off'
+  processes = ['bw-02']
+
+  [[services.ports]]
+    port = 2202
+
+[[services]]
+  protocol = 'tcp'
+  internal_port = 2222
+  auto_stop_machines = 'off'
+  processes = ['bw-03']
+
+  [[services.ports]]
+    port = 2203
+
+[[services]]
+  protocol = 'tcp'
+  internal_port = 2222
+  auto_stop_machines = 'off'
+  processes = ['bw-04']
+
+  [[services.ports]]
+    port = 2204
+
+[[restart]]
+  policy = 'never'
+
+[[vm]]
+  size = 'performance-16x'

modules/machine-type/default.nix

@@ -38,11 +38,6 @@ in {
       default = false;
       description = mdDoc "Mark machine as portable.";
     };
-    container = mkOption {
-      type = types.bool;
-      default = false;
-      description = mdDoc "Mark machine as container image.";
-    };
   };
   config = {
     assertions = [

pkgs/build-worker-oci/default.nix

@@ -0,0 +1,91 @@
+# I hate this so much aaa
+{
+  callPackage,
+  dockerTools,
+  openssh,
+  bash,
+  gnused,
+  util-linux,
+}:
+
+dockerTools.buildLayeredImage {
+  name = "build-worker-oci";
+  tag = "latest";
+
+  fromImage = callPackage ./source.nix {};
+
+  maxLayers = 110;
+
+  passthru.updateScript = ./update.sh;
+
+  enableFakechroot = true;
+
+  contents = [ openssh util-linux bash gnused ];
+
+  config.Cmd = [ "/entrypoint.sh" ];
+
+  fakeRootCommands = ''
+    mkdir -p /root
+    cat <<EOF > /root/nix.conf
+    build-users-group = nixbld
+    experimental-features = nix-command flakes
+    sandbox = true
+    substituters = https://cache.kyouma.net https://cache.nixos.org
+    trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+    max-substitution-jobs = 20
+    max-silent-time = 14400
+    min-free = 17179869184
+    max-free = 34359738368
+    system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
+    EOF
+
+    mkdir -p /root/.ssh
+    cat <<EOF > /root/.ssh/authorized_keys
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
+    EOF
+
+    cat <<EOF > /root/.ssh/environment
+    PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin
+    EOF
+
+    cat <<EOF > /root/sshd_config
+    AcceptEnv GIT_PROTOCOL
+    AuthenticationMethods publickey
+    AuthorizedPrincipalsFile none
+    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+    GatewayPorts no
+    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
+    KbdInteractiveAuthentication no
+    KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
+    LogLevel INFO
+    Macs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+    PasswordAuthentication no
+    PermitRootLogin prohibit-password
+    PermitUserEnvironment yes
+    PrintMotd no
+    PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
+    StreamLocalBindUnlink yes
+    StrictModes yes
+    UseDns no
+    UsePAM no
+    X11Forwarding no
+    Banner none
+    AddressFamily any
+    Port 2222
+
+    Subsystem sftp ${openssh}/libexec/sftp-server
+    AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
+    HostKey /mnt/data/ssh/ssh_host_ed25519_key
+    EOF
+    
+    mkdir -p /etc/keys
+    mkdir -p /var/empty
+    mkdir -p /var/log
+
+    cp ${./entrypoint.sh} /entrypoint.sh
+    chmod +x /entrypoint.sh
+  '';
+}

pkgs/build-worker-oci/entrypoint.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+cat /etc/passwd > /root/passwd
+rm -f /etc/passwd
+cp /root/passwd /etc/passwd
+echo "sshd:x:498:65534::/var/empty:/run/current-system/sw/bin/nologin" >> /etc/passwd
+cat /etc/shadow > /root/shadow
+rm -f /etc/shadow
+cp /root/shadow /etc/shadow
+/bin/sed -i "s/root:!/root:*/g" /etc/shadow
+
+[[ ! -d "/mnt/data/ssh" ]] && mkdir -p /mnt/data/ssh
+if [[ "$(ls /mnt/data/ssh/*_key)" = "" ]]; then
+  ssh-keygen -t "ed25519" -f "/mnt/data/ssh/ssh_host_ed25519_key" -N ""
+fi
+
+[[ ! -d "/mnt/data/nix-store" ]] && mkdir -p /mnt/data/nix-store
+[[ ! -d "/mnt/data/workdir" ]] && mkdir -p /mnt/data/workdir
+[[ ! -d "/mnt/data/tmp" ]] && mkdir -p /mnt/data/tmp
+
+rm -rf /mnt/data/nix-store/*
+
+rm -f /etc/nix/nix.conf
+cp /root/nix.conf /etc/nix/nix.conf
+
+/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
+/bin/mount --bind /mnt/data/tmp /tmp
+
+/root/.nix-profile/bin/sshd -D -f /root/sshd_config

pkgs/build-worker-oci/source.nix

@@ -0,0 +1,11 @@
+{
+  dockerTools,
+}:
+
+dockerTools.pullImage {
+  imageName = "nixos/nix";
+  imageDigest = "sha256:552b0a2f097ac72a148c28a4ed40760bbc4054760881fdd7709f5f7c5c88e48f";
+  sha256 = "0ballvgln13rc1n14grqbzgmi5vn2hn2x7c9bb781g79cq1k2n4p";
+  finalImageName = "nixos/nix";
+  finalImageTag = "latest";
+}

pkgs/build-worker-oci/update.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p skopeo nix-prefetch-docker
+
+set -euo pipefail
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    *)
+      echo "Unknown option $1"
+      exit 1
+    ;;
+  esac
+done
+
+IMAGE=$(nix-prefetch-docker --image-name nixos/nix --image-tag latest --arch amd64 --os linux)
+
+cat > ./pkgs/build-worker-oci/source.nix << EOF
+{
+  dockerTools,
+}:
+
+dockerTools.pullImage ${IMAGE}
+EOF

pkgs/overlay.nix

@@ -2,4 +2,5 @@ final: prev: {
   nyastodon = final.callPackage ./nyastodon/default.nix {};
   upgrade-system = final.callPackage ./upgrade-system/default.nix {};
   update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
+  build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
 }