diff --git a/flake.nix b/flake.nix index aa30775..4521e0c 100644 --- a/flake.nix +++ b/flake.nix @@ -67,6 +67,7 @@ "rift" "sk" "straylight" + "svc" "vade" ] (hostName: lib.nixosSystem { specialArgs = { inherit inputs; }; diff --git a/hw/svc/default.nix b/hw/svc/default.nix new file mode 100644 index 0000000..aa926a8 --- /dev/null +++ b/hw/svc/default.nix @@ -0,0 +1,24 @@ +{ inputs, lib, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ../../configs/mcpkg.nix + ../../configs/mcp.nix + ]; + + config = { + # svc is BIOS, not UEFI — override baseline systemd-boot. + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/xvda"; + + # mc-proxy (container) binds 443; MCNS (container) binds 53; MCP agent on 9555. + networking.firewall.allowedTCPPorts = [ 53 443 9555 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + # Allow rootless containers to bind privileged ports (mc-proxy :443, MCNS :53). + boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0; + }; +} diff --git a/hw/svc/disk-config.nix b/hw/svc/disk-config.nix new file mode 100644 index 0000000..c4aefce --- /dev/null +++ b/hw/svc/disk-config.nix @@ -0,0 +1,29 @@ +{ lib, ... }: + +{ + disko.devices = { + disk = { + main = { + device = lib.mkDefault "/dev/xvda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # BIOS boot partition for GRUB + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hw/svc/hardware-configuration.nix b/hw/svc/hardware-configuration.nix new file mode 100644 index 0000000..c9537ed --- /dev/null +++ b/hw/svc/hardware-configuration.nix @@ -0,0 +1,2 @@ +# Placeholder — overwritten by nixos-anywhere --generate-hardware-config. +{ ... }: {}