From 768e9a61dcb2674b0c18dd421e4158f67e665962 Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Sat, 4 Apr 2026 15:21:01 -0700
Subject: [PATCH] Add svc host: NixOS config for TornadoVPS edge node

BIOS boot with GRUB on /dev/xvda, MCP agent via systemd,
mc-proxy and MCNS as containers via MCP agent.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 flake.nix                         |  1 +
 hw/svc/default.nix                | 24 ++++++++++++++++++++++++
 hw/svc/disk-config.nix            | 29 +++++++++++++++++++++++++++++
 hw/svc/hardware-configuration.nix |  2 ++
 4 files changed, 56 insertions(+)
 create mode 100644 hw/svc/default.nix
 create mode 100644 hw/svc/disk-config.nix
 create mode 100644 hw/svc/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index aa30775..4521e0c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -67,6 +67,7 @@
       "rift"
       "sk"
       "straylight"
+      "svc"
       "vade"
     ] (hostName: lib.nixosSystem {
       specialArgs = { inherit inputs; };
diff --git a/hw/svc/default.nix b/hw/svc/default.nix
new file mode 100644
index 0000000..aa926a8
--- /dev/null
+++ b/hw/svc/default.nix
@@ -0,0 +1,24 @@
+{ inputs, lib, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disk-config.nix
+    ../../configs/mcpkg.nix
+    ../../configs/mcp.nix
+  ];
+
+  config = {
+    # svc is BIOS, not UEFI — override baseline systemd-boot.
+    boot.loader.systemd-boot.enable = lib.mkForce false;
+    boot.loader.grub.enable = true;
+    boot.loader.grub.device = "/dev/xvda";
+
+    # mc-proxy (container) binds 443; MCNS (container) binds 53; MCP agent on 9555.
+    networking.firewall.allowedTCPPorts = [ 53 443 9555 ];
+    networking.firewall.allowedUDPPorts = [ 53 ];
+
+    # Allow rootless containers to bind privileged ports (mc-proxy :443, MCNS :53).
+    boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0;
+  };
+}
diff --git a/hw/svc/disk-config.nix b/hw/svc/disk-config.nix
new file mode 100644
index 0000000..c4aefce
--- /dev/null
+++ b/hw/svc/disk-config.nix
@@ -0,0 +1,29 @@
+{ lib, ... }:
+
+{
+  disko.devices = {
+    disk = {
+      main = {
+        device = lib.mkDefault "/dev/xvda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # BIOS boot partition for GRUB
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hw/svc/hardware-configuration.nix b/hw/svc/hardware-configuration.nix
new file mode 100644
index 0000000..c9537ed
--- /dev/null
+++ b/hw/svc/hardware-configuration.nix
@@ -0,0 +1,2 @@
+# Placeholder — overwritten by nixos-anywhere --generate-hardware-config.
+{ ... }: {}