migration: finalize

3 files changed, 139 insertions, 0 deletions

diff --git a/systems/x86_64-linux/copenhagen/default.nix b/systems/x86_64-linux/copenhagen/default.nix
new file mode 100644
index 0000000..e893f43
--- /dev/null
+++ b/systems/x86_64-linux/copenhagen/default.nix
@@ -0,0 +1,76 @@
+{ lib, pkgs, namespace, ... }:
+
+with lib; with lib.${namespace}; {
+  imports = [
+    ./hardware.nix
+    ./network.nix
+  ];
+
+  cxl = {
+    system = {
+      hostname = "copenhagen";
+      id = "a50062ff";
+      
+      impermanence.enable = true;
+      impermanence.home.enable = true;
+    };
+
+    suites.common.enable = true;
+
+    services = {
+      ssh = {
+        enable = true;
+        port = 42069;
+      };
+
+      web = {
+        personal.enable = true;
+        landing.enable = true;
+        images.enable = true;
+        stargazers.enable = true;
+      };
+
+      minecraft = {
+        stargazers = {
+          enable = true;
+          port = 25566;
+        };
+
+        zenith = {
+          enable = true;
+          port = 25569;
+        };
+      };
+    };
+  };
+
+  services = {
+    pcscd.enable = true;
+    udev.enable = true;
+  };
+
+  snowfallorg.users."c" = {
+    admin = true;
+
+    config = {
+      cxl.tools.git.key = "DE64538967CA0C68";
+    };
+  };
+
+  users.users = {
+    root.hashedPasswordFile = "/secrets/passwords/root";
+
+    "c" = {
+      hashedPasswordFile = "/secrets/passwords/c";
+
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDO8JxqS7B2n3YlNtlVMZGARi+GG/z7wLiiyl52qSZc caroline@larimo.re" # c-pc
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGftQ5W8QMIVhgDijreliiMgIqwQvxwTkpMftJdQWu+ caroline@larimo.re" # phoenix
+      ];
+
+      extraGroups = [ "minecraft" ];
+    };
+  };
+
+  system.stateVersion = "23.11";
+}
\ No newline at end of file
diff --git a/systems/x86_64-linux/copenhagen/hardware.nix b/systems/x86_64-linux/copenhagen/hardware.nix
new file mode 100644
index 0000000..c248fcf
--- /dev/null
+++ b/systems/x86_64-linux/copenhagen/hardware.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  boot = {
+    loader.grub = {
+      enable = true;
+
+      zfsSupport = true;
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      
+      mirroredBoots = [
+        { devices = [ "nodev" ]; path = "/boot"; }
+      ];
+    };
+
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+
+      #TODO: re-enable impermanence
+      # postDeviceCommands = lib.mkAfter ''
+      #   zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
+      # '';
+
+      postMountCommands = lib.mkAfter ''
+        chmod u=rw,g=,o= /secrets
+      '';
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+
+    supportedFilesystems = [ "ntfs" ];
+  };
+
+  fileSystems = {
+    "/"        = { fsType = "zfs"; neededForBoot = true; device = "zpool/root"; };
+    "/nix"     = { fsType = "zfs"; neededForBoot = true; device = "zpool/nix";  };
+    "/home"    = { fsType = "zfs"; neededForBoot = true; device = "zpool/home"; };
+    "/persist" = { fsType = "zfs"; neededForBoot = true; device = "zpool/persist"; };
+    "/secrets" = { fsType = "zfs"; neededForBoot = true; device = "zpool/secrets"; };
+
+    "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/DF61-E3BD"; };
+
+    "/mnt/old" = { fsType = "ext4"; device = "/dev/disk/by-label/box"; };
+  };
+
+  swapDevices = [ ];
+
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.intel.updateMicrocode = true;
+
+  nixpkgs.hostPlatform =  "x86_64-linux";
+}
diff --git a/systems/x86_64-linux/copenhagen/network.nix b/systems/x86_64-linux/copenhagen/network.nix
new file mode 100644
index 0000000..eccc693
--- /dev/null
+++ b/systems/x86_64-linux/copenhagen/network.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  networking = {
+    useDHCP = true;
+    firewall.enable = true;
+  };
+}