From 0baa66c52092e757c567d9c90007dfec79bd167a Mon Sep 17 00:00:00 2001
From: Kat Inskip <kat@inskip.me>
Date: Thu, 22 Feb 2024 14:46:08 -0800
Subject: [PATCH] feat(katbox): add machine

---
 systems/katbox/default.nix |  7 ++++
 systems/katbox/lxc.json    |  7 ++++
 systems/katbox/nixos.nix   | 26 ++++++++++++++
 tf/proxmox_vms.tf          | 70 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 110 insertions(+)
 create mode 100644 systems/katbox/default.nix
 create mode 100644 systems/katbox/lxc.json
 create mode 100644 systems/katbox/nixos.nix

diff --git a/systems/katbox/default.nix b/systems/katbox/default.nix
new file mode 100644
index 00000000..ea396fa3
--- /dev/null
+++ b/systems/katbox/default.nix
@@ -0,0 +1,7 @@
+_: {
+  arch = "x86_64";
+  type = "NixOS";
+  modules = [
+    ./nixos.nix
+  ];
+}
diff --git a/systems/katbox/lxc.json b/systems/katbox/lxc.json
new file mode 100644
index 00000000..1e80a3a3
--- /dev/null
+++ b/systems/katbox/lxc.json
@@ -0,0 +1,7 @@
+{
+	"lxc": {
+		"lxc.mount.entry": [
+			"/dev/net/tun dev/net/tun none bind,optional,create=file"
+		]
+	}
+}
diff --git a/systems/katbox/nixos.nix b/systems/katbox/nixos.nix
new file mode 100644
index 00000000..63915034
--- /dev/null
+++ b/systems/katbox/nixos.nix
@@ -0,0 +1,26 @@
+{
+  meta,
+  ...
+}: {
+  imports = let
+    inherit (meta) nixos;
+  in [
+    #nixos.sops
+    nixos.base
+    nixos.reisen-ct
+    nixos.tailscale
+  ];
+
+  #sops.defaultSopsFile = ./secrets.yaml;
+
+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:34:F4:AB";
+      Type = "ether";
+    };
+    DHCP = "yes";
+  };
+
+  system.stateVersion = "23.11";
+}
diff --git a/tf/proxmox_vms.tf b/tf/proxmox_vms.tf
index c189d5a8..612e453f 100644
--- a/tf/proxmox_vms.tf
+++ b/tf/proxmox_vms.tf
@@ -4,6 +4,8 @@ variable "proxmox_container_template" {
 }
 
 locals {
+  proxmox_katbox_vm_id        = 106
+  proxmox_katbox_config       = jsondecode(file("${path.root}/../systems/aya/lxc.json"))
   proxmox_aya_vm_id        = 105
   proxmox_aya_config       = jsondecode(file("${path.root}/../systems/aya/lxc.json"))
   proxmox_reimu_vm_id      = 104
@@ -381,3 +383,71 @@ EOT
     ignore_changes = [started, description, operating_system[0], cdrom[0].enabled, cdrom[0].file_id]
   }
 }
+
+resource "proxmox_virtual_environment_container" "katbox" {
+  node_name   = "reisen"
+  vm_id       = local.proxmox_katbox_vm_id
+  tags        = ["tf"]
+  description = <<EOT
+kat's box
+EOT
+
+  memory {
+    dedicated = 512
+    swap      = 512
+  }
+
+  disk {
+    datastore_id = "local-zfs"
+    size         = 64
+  }
+
+  initialization {
+    hostname = "katbox"
+    ip_config {
+      ipv6 {
+        address = "auto"
+      }
+      ipv4 {
+        address = "auto"
+      }
+    }
+  }
+
+  startup {
+    order      = 4
+    up_delay   = 0
+    down_delay = 0
+  }
+
+  network_interface {
+    name        = "eth0"
+    mac_address = "BC:24:11:C4:66:AB"
+  }
+
+  operating_system {
+    template_file_id = var.proxmox_container_template
+    type             = "nixos"
+  }
+
+  unprivileged = true
+  features {
+    nesting = true
+  }
+
+  console {
+    type = "console"
+  }
+  started = false
+
+  lifecycle {
+    ignore_changes = [started, unprivileged, initialization[0].dns, operating_system[0].template_file_id]
+  }
+}
+
+module "katbox_config" {
+  source     = "./system/proxmox/lxc/config"
+  connection = local.proxmox_reisen_connection
+  container  = proxmox_virtual_environment_container.katbox
+  config     = local.proxmox_katbox_config.lxc
+}