From e8077fde966e051fc449fffcfa061c7f7edc47b0 Mon Sep 17 00:00:00 2001
From: Caroline Larimore <caroline@larimo.re>
Date: Mon, 14 Apr 2025 19:01:38 -0700
Subject: migration: finalize

---
 systems/x86_64-linux/c-pc/default.nix        | 62 +++++++++++++++++++++++
 systems/x86_64-linux/c-pc/hardware.nix       | 58 +++++++++++++++++++++
 systems/x86_64-linux/c-pc/network.nix        | 25 +++++++++
 systems/x86_64-linux/copenhagen/default.nix  | 76 ++++++++++++++++++++++++++++
 systems/x86_64-linux/copenhagen/hardware.nix | 55 ++++++++++++++++++++
 systems/x86_64-linux/copenhagen/network.nix  |  8 +++
 6 files changed, 284 insertions(+)
 create mode 100644 systems/x86_64-linux/c-pc/default.nix
 create mode 100644 systems/x86_64-linux/c-pc/hardware.nix
 create mode 100644 systems/x86_64-linux/c-pc/network.nix
 create mode 100644 systems/x86_64-linux/copenhagen/default.nix
 create mode 100644 systems/x86_64-linux/copenhagen/hardware.nix
 create mode 100644 systems/x86_64-linux/copenhagen/network.nix

(limited to 'systems/x86_64-linux')

diff --git a/systems/x86_64-linux/c-pc/default.nix b/systems/x86_64-linux/c-pc/default.nix
new file mode 100644
index 0000000..33bec71
--- /dev/null
+++ b/systems/x86_64-linux/c-pc/default.nix
@@ -0,0 +1,62 @@
+{ lib, pkgs, namespace, ... }:
+
+with lib; with lib.${namespace}; {
+  imports = [
+    ./hardware.nix
+    ./network.nix
+  ];
+
+  cxl = {
+    system = {
+      hostname = "c-pc";
+      id = "23ce94ff";
+      
+      impermanence.enable = true;
+      impermanence.home.enable = true;
+
+      fonts.nerdfonts = true;
+      fonts.extra = with pkgs; [
+        minecraftia
+      ];
+    };
+
+    suites = {
+      common.enable = true;
+      desktop.enable = true;
+      gaming.enable = true;
+    };
+
+    apps.i3 = {
+      videoDrivers = [ "amdgpu" ];
+      #TODO: migrate to services.autorandr
+      setupCommands = ''
+        if ${pkgs.xorg.xrandr}/bin/xrandr --query | grep 2560x1080; then
+          ${pkgs.xorg.xrandr}/bin/xrandr --output DVI-D-0 --mode 1920x1080  --rate 60  --pos 0x0
+          ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-2 --mode 2560x1080  --rate 60  --pos 1920x0 --primary
+          ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-A-0 --mode 1920x1080  --rate 75  --pos 4480x0
+        elif ${pkgs.xorg.xrandr}/bin/xrandr --query | grep 2560x1440; then
+          ${pkgs.xorg.xrandr}/bin/xrandr --output DVI-D-0 --mode 1920x1080 --rate 60 --pos 0x360
+          ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-2 --mode 2560x1440 --rate 165 --pos 1920x0 --primary
+          ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 --mode 1920x1200 --rate 60 --pos 4480x0
+        fi
+      '';
+    };
+  };
+
+  services = {
+    printing.enable = true;
+    hardware.openrgb.enable = true;
+    udev.enable = true;
+  };
+
+  snowfallorg.users."c" = {
+    admin = true;
+  };
+
+  users.users = {
+    root.hashedPasswordFile = "/secrets/passwords/root";
+    "c".hashedPasswordFile = "/secrets/passwords/c";
+  };
+
+  system.stateVersion = "23.11";
+}
diff --git a/systems/x86_64-linux/c-pc/hardware.nix b/systems/x86_64-linux/c-pc/hardware.nix
new file mode 100644
index 0000000..8f7f8cd
--- /dev/null
+++ b/systems/x86_64-linux/c-pc/hardware.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  boot = {
+    loader.grub = {
+      enable = true;
+
+      useOSProber = true;
+
+      zfsSupport = true;
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      
+      mirroredBoots = [
+        { devices = [ "nodev" ]; path = "/boot"; }
+      ];
+    };
+
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+      kernelModules = [ "amdgpu" ];
+
+      #TODO: re-enable impermanence
+      # postDeviceCommands = lib.mkAfter ''
+      #   zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
+      # '';
+
+      postMountCommands = lib.mkAfter ''
+        chmod u=rw,g=,o= /secrets
+      '';
+    };
+
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+
+    supportedFilesystems = [ "ntfs" ];
+  };
+
+  fileSystems = {
+    "/"               = { fsType = "zfs"; neededForBoot = true; device = "zpool/root"; };
+    "/nix"            = { fsType = "zfs"; neededForBoot = true; device = "zpool/nix";  };
+    "/home"           = { fsType = "zfs"; neededForBoot = true; device = "zpool/home"; };
+    "/persist"        = { fsType = "zfs"; neededForBoot = true; device = "zpool/persist"; };
+    "/persist/secure" = { fsType = "zfs"; neededForBoot = true; device = "zpool/secure/persist"; };
+    "/secrets"        = { fsType = "zfs"; neededForBoot = true; device = "zpool/secure/secrets"; };
+
+    "/boot"           = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };
+
+    "/mnt/4tb"        = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; };
+  };
+
+  swapDevices = [ ];
+
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.amd.updateMicrocode = true;
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+}
diff --git a/systems/x86_64-linux/c-pc/network.nix b/systems/x86_64-linux/c-pc/network.nix
new file mode 100644
index 0000000..aa7e075
--- /dev/null
+++ b/systems/x86_64-linux/c-pc/network.nix
@@ -0,0 +1,25 @@
+{ ... }:
+
+{
+  networking = {
+    useDHCP = true;
+
+    wireless = {
+      enable = true;
+      
+      # Import /etc/wpa_supplicant.conf networks
+      allowAuxiliaryImperativeNetworks = true;
+    };
+
+    firewall = {
+      enable = false;
+
+      allowedTCPPorts = [ 8096 50000 ];
+      allowedUDPPorts = [ ];
+    };
+  };
+
+  environment.etc."wpa_supplicant.conf" = {
+    source = "/secrets/wireless.conf";
+  };
+}
diff --git a/systems/x86_64-linux/copenhagen/default.nix b/systems/x86_64-linux/copenhagen/default.nix
new file mode 100644
index 0000000..e893f43
--- /dev/null
+++ b/systems/x86_64-linux/copenhagen/default.nix
@@ -0,0 +1,76 @@
+{ lib, pkgs, namespace, ... }:
+
+with lib; with lib.${namespace}; {
+  imports = [
+    ./hardware.nix
+    ./network.nix
+  ];
+
+  cxl = {
+    system = {
+      hostname = "copenhagen";
+      id = "a50062ff";
+      
+      impermanence.enable = true;
+      impermanence.home.enable = true;
+    };
+
+    suites.common.enable = true;
+
+    services = {
+      ssh = {
+        enable = true;
+        port = 42069;
+      };
+
+      web = {
+        personal.enable = true;
+        landing.enable = true;
+        images.enable = true;
+        stargazers.enable = true;
+      };
+
+      minecraft = {
+        stargazers = {
+          enable = true;
+          port = 25566;
+        };
+
+        zenith = {
+          enable = true;
+          port = 25569;
+        };
+      };
+    };
+  };
+
+  services = {
+    pcscd.enable = true;
+    udev.enable = true;
+  };
+
+  snowfallorg.users."c" = {
+    admin = true;
+
+    config = {
+      cxl.tools.git.key = "DE64538967CA0C68";
+    };
+  };
+
+  users.users = {
+    root.hashedPasswordFile = "/secrets/passwords/root";
+
+    "c" = {
+      hashedPasswordFile = "/secrets/passwords/c";
+
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDO8JxqS7B2n3YlNtlVMZGARi+GG/z7wLiiyl52qSZc caroline@larimo.re" # c-pc
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGftQ5W8QMIVhgDijreliiMgIqwQvxwTkpMftJdQWu+ caroline@larimo.re" # phoenix
+      ];
+
+      extraGroups = [ "minecraft" ];
+    };
+  };
+
+  system.stateVersion = "23.11";
+}
\ No newline at end of file
diff --git a/systems/x86_64-linux/copenhagen/hardware.nix b/systems/x86_64-linux/copenhagen/hardware.nix
new file mode 100644
index 0000000..c248fcf
--- /dev/null
+++ b/systems/x86_64-linux/copenhagen/hardware.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  boot = {
+    loader.grub = {
+      enable = true;
+
+      zfsSupport = true;
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      
+      mirroredBoots = [
+        { devices = [ "nodev" ]; path = "/boot"; }
+      ];
+    };
+
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+
+      #TODO: re-enable impermanence
+      # postDeviceCommands = lib.mkAfter ''
+      #   zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
+      # '';
+
+      postMountCommands = lib.mkAfter ''
+        chmod u=rw,g=,o= /secrets
+      '';
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+
+    supportedFilesystems = [ "ntfs" ];
+  };
+
+  fileSystems = {
+    "/"        = { fsType = "zfs"; neededForBoot = true; device = "zpool/root"; };
+    "/nix"     = { fsType = "zfs"; neededForBoot = true; device = "zpool/nix";  };
+    "/home"    = { fsType = "zfs"; neededForBoot = true; device = "zpool/home"; };
+    "/persist" = { fsType = "zfs"; neededForBoot = true; device = "zpool/persist"; };
+    "/secrets" = { fsType = "zfs"; neededForBoot = true; device = "zpool/secrets"; };
+
+    "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/DF61-E3BD"; };
+
+    "/mnt/old" = { fsType = "ext4"; device = "/dev/disk/by-label/box"; };
+  };
+
+  swapDevices = [ ];
+
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.intel.updateMicrocode = true;
+
+  nixpkgs.hostPlatform =  "x86_64-linux";
+}
diff --git a/systems/x86_64-linux/copenhagen/network.nix b/systems/x86_64-linux/copenhagen/network.nix
new file mode 100644
index 0000000..eccc693
--- /dev/null
+++ b/systems/x86_64-linux/copenhagen/network.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  networking = {
+    useDHCP = true;
+    firewall.enable = true;
+  };
+}
-- 
cgit v1.2.3