From 64e6441aae4837cb11a918a80eb46c0e25c08249 Mon Sep 17 00:00:00 2001
From: kat witch <kat@kittywit.ch>
Date: Tue, 21 Sep 2021 20:55:56 +0100
Subject: [PATCH] hosts/marisa: Init

---
 README.md               | 24 +++++++------
 config/hosts/marisa.nix | 77 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 11 deletions(-)
 create mode 100644 config/hosts/marisa.nix

diff --git a/README.md b/README.md
index 2cf87ad0..99a46cfd 100644
--- a/README.md
+++ b/README.md
@@ -10,17 +10,18 @@ These are the NixOS configurations for my systems. I run nothing other than NixO
 
 ## Nodes
 
-| Node             | Network | Purpose                                                  |
-|------------------|---------|----------------------------------------------------------|
-| [kyouko][]       | Public  | Currently the main server. Ad-hoc hetzner cloud box.     |
-| [daiyousei][]    | Public  | Intended kyouko replacement. Provisioned OCI Ampere box. |
-| [rinnosuke][]    | Public  | My primary nameserver. Provisioned OCI EPYC box.         |
-| [shinmyoumaru][] | Public  | My Raspberry Pi 1 Model B+. DHT22 sensors box.           |
-| [yukari][]       | Private | Home server. NAS + HTPC, does DVB stuff.                 |
-| [goliath][]      | Private | Beloved workstation. Does VFIO.                          |
-| [koishi][]       | Private | Main laptop.                                             |
-| [ran][]          | Private | CCTV netbook.                                            |
-| [medicine][]     | None    | Work-in-progress Live USB.                               |
+| Node             | Network | Purpose                                                       |
+|------------------|---------|---------------------------------------------------------------|
+| [kyouko][]       | Public  | Currently the main server. Ad-hoc hetzner cloud box.          |
+| [marisa][]       | Public  | Reverse proxier and wireguard interconnect. Ad-hoc BuyVM box. |
+| [daiyousei][]    | Public  | Intended kyouko replacement. Provisioned OCI Ampere box.      |
+| [rinnosuke][]    | Public  | My primary nameserver. Provisioned OCI EPYC box.              |
+| [shinmyoumaru][] | Public  | My Raspberry Pi 1 Model B+. DHT22 sensors box.                |
+| [yukari][]       | Private | Home server. NAS + HTPC, does DVB stuff.                      |
+| [goliath][]      | Private | Beloved workstation. Does VFIO.                               |
+| [koishi][]       | Private | Main laptop.                                                  |
+| [ran][]          | Private | CCTV netbook.                                                 |
+| [medicine][]     | None    | Work-in-progress Live USB.                                    |
 
 ## Profiles
 
@@ -154,6 +155,7 @@ Please use `nix-shell` or [direnv/direnv][]. The shell is not compatible with [n
   [This repository on my self hosted git.]: https://git.kittywit.ch/kat/nixfiles
   [This repository on GitHub.]: https://github.com/kittywitch/nixfiles
   [kyouko]: config/hosts/kyouko.nix
+  [marisa]: config/hosts/marisa.nix
   [daiyousei]: config/hosts/daiyousei.nix
   [rinnosuke]: config/hosts/rinnosuke.nix
   [shinmyoumaru]: config/hosts/shinmyoumaru.nix
diff --git a/config/hosts/marisa.nix b/config/hosts/marisa.nix
new file mode 100644
index 00000000..e596bb92
--- /dev/null
+++ b/config/hosts/marisa.nix
@@ -0,0 +1,77 @@
+{ config, lib, pkgs, modulesPath, tf, meta, ... }: with lib; {
+  imports = with meta; [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    services.dnscrypt-proxy
+    profiles.network
+    services.nginx
+    users.kat.server
+  ];
+
+
+  deploy.tf = {
+    resources.marisa = {
+      provider = "null";
+      type = "resource";
+      connection = {
+        port = head config.services.openssh.ports;
+        host = config.network.addresses.public.nixos.ipv4.address;
+      };
+    };
+  };
+
+  boot = {
+    loader.grub = {
+      enable = true;
+      version = 2;
+      device = "/dev/vda";
+    };
+    initrd = {
+      availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
+    };
+    kernelModules = [ "kvm-amd" ];
+  };
+
+  networking = {
+    hostName = "marisa";
+    nameservers = [
+      "1.1.1.1"
+    ];
+    useDHCP = false;
+    defaultGateway = "104.244.72.1";
+    defaultGateway6 = {
+      address = "2605:6400:30::1";
+      interface = "ens3";
+    };
+    interfaces.ens3 = {
+      ipv4.addresses = [
+        {
+          inherit (config.network.addresses.public.nixos.ipv4) address;
+          prefixLength = 24;
+        }
+      ];
+      ipv6.addresses = [
+        {
+          inherit (config.network.addresses.public.nixos.ipv6) address;
+          prefixLength = 48;
+        }
+      ];
+    };
+  };
+
+  network.addresses.public = {
+    enable = true;
+    nixos.ipv4.address = "104.244.72.5";
+    nixos.ipv6.address = "2605:6400:30:eed1:6cf7:bbfc:b4e:15c0";
+  };
+
+  fileSystems."/" ={
+    device = "/dev/disk/by-uuid/6ed3e886-d390-433f-90ac-2b37aed9f15f";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/ba1425d4-8c18-47aa-b909-65bb710be400"; }
+  ];
+
+  system.stateVersion = "21.11";
+}