From a1c7956366e8ba7ec38bb8d959929190f554b11b Mon Sep 17 00:00:00 2001
From: Caroline Larimore <caroline@larimo.re>
Date: Thu, 25 Jul 2024 20:02:01 -0700
Subject: phoenix: create host

---
 README.md                       | 15 ++++++++
 flake.nix                       | 10 ++++++
 hosts/phoenix/configuration.nix | 79 +++++++++++++++++++++++++++++++++++++++++
 hosts/phoenix/hardware.nix      | 54 ++++++++++++++++++++++++++++
 4 files changed, 158 insertions(+)
 create mode 100644 hosts/phoenix/configuration.nix
 create mode 100644 hosts/phoenix/hardware.nix

diff --git a/README.md b/README.md
index 52aace9..abf3cfb 100644
--- a/README.md
+++ b/README.md
@@ -41,3 +41,18 @@ See [Hardware Configuration](hosts/copenhagen/hardware-configuration.nix)
 - Old Server HDD
     - `boot` (fat32, unlabeled)
     - `box` (ext4) -> `/mnt/old`
+
+## phoenix
+Rarely-used laptop
+
+### Disks / Partitions
+See [Hardware Configuration](hosts/phoenix/hardware-configuration.nix)
+- Main SSD
+    - `boot` (fat32) -> `/boot`
+    - `zpool` (zfs pool)
+        - `root` -> `/`
+        - `home` -> `/home`
+        - `secure` (encrypted)
+            - `nix` -> `/nix`
+            - `persist` -> `/persist`
+            - `secrets` -> `/secrets`
diff --git a/flake.nix b/flake.nix
index 9768e6c..abc0301 100644
--- a/flake.nix
+++ b/flake.nix
@@ -35,6 +35,16 @@
           inputs.nix-minecraft.nixosModules.minecraft-servers
         ];
       };
+
+      phoenix = nixpkgs.lib.nixosSystem {
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/phoenix/configuration.nix
+          inputs.home-manager.nixosModules.default
+          inputs.impermanence.nixosModules.impermanence
+          inputs.nix-minecraft.nixosModules.minecraft-servers
+        ];
+      };
     };
   };
 }
diff --git a/hosts/phoenix/configuration.nix b/hosts/phoenix/configuration.nix
new file mode 100644
index 0000000..45007dc
--- /dev/null
+++ b/hosts/phoenix/configuration.nix
@@ -0,0 +1,79 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  imports = [
+    ./hardware.nix
+    ../../core
+    ../../roles
+  ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  environment.persistence."/persist/system" = {
+    hideMounts = true;
+    
+    directories = [
+      "/etc/nixos"
+      "/var/log"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+    ];
+
+    files = [
+      "/etc/machine-id"
+    ];
+  };
+
+  programs.fuse.userAllowOther = true;
+
+  networking = {
+    hostName = "phoenix";
+    hostId = "d62900ff";
+
+    useDHCP = true;
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  users.users = {
+    root.hashedPasswordFile = "/secrets/passwords/root";
+
+    "c" = {
+      isNormalUser = true;
+      hashedPasswordFile = "/secrets/passwords/c";
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDO8JxqS7B2n3YlNtlVMZGARi+GG/z7wLiiyl52qSZc caroline@larimo.re" ];
+    };
+  };
+
+  roles = {
+    
+  };
+
+  programs = {
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+
+  services = {
+    pcscd.enable = true;
+    openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    (writeShellScriptBin "rb" "sudo nixos-rebuild switch --flake /etc/nixos")
+    (writeShellScriptBin "rbf" "sudo nixos-rebuild switch --flake path:/etc/nixos")
+
+    ffmpeg
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/phoenix/hardware.nix b/hosts/phoenix/hardware.nix
new file mode 100644
index 0000000..3057c0e
--- /dev/null
+++ b/hosts/phoenix/hardware.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    loader.grub = {
+      enable = true;
+
+      zfsSupport = true;
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      
+      mirroredBoots = [
+        { devices = [ "nodev" ]; path = "/boot"; }
+      ];
+    };
+
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+      kernelModules = [ ];
+
+      postDeviceCommands = lib.mkAfter ''
+        zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
+      '';
+
+      postMountCommands = lib.mkAfter ''
+        chmod u=rw,g=,o= /secrets
+      '';
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+
+    supportedFilesystems = [ "ntfs" ];
+  };
+
+  fileSystems = {
+    "/"        = { fsType = "zfs"; device = "zpool/root"; };
+    "/nix"     = { fsType = "zfs"; device = "zpool/secure/nix"; };
+    "/home"    = { fsType = "zfs"; device = "zpool/home"; };
+    "/persist" = { fsType = "zfs"; device = "zpool/secure/persist"; neededForBoot = true; };
+    "/secrets" = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; };
+
+    "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/C48C-5EE1"; };
+  };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
-- 
cgit v1.2.3