diff --git a/config/hosts/rinnosuke/nixos.nix b/config/hosts/rinnosuke/nixos.nix
index 8cf3b775..e3a170d5 100644
--- a/config/hosts/rinnosuke/nixos.nix
+++ b/config/hosts/rinnosuke/nixos.nix
@@ -1,32 +1,57 @@
 { config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let
   oci-root = meta.deploy.targets.oci-root.tf;
+  addr_ipv6_nix = let
+    prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
+  in assert hasSuffix "::" prefix; prefix + "7";
 in
-{
-  imports = (with (import (sources.tf-nix + "/modules")); [
-    nixos.ubuntu-linux
-    nixos.oracle
-    ./oracle.nix
-  ]) ++ (with meta; [ services.nginx ]);
+  {
+    imports = (with (import (sources.tf-nix + "/modules")); [
+      nixos.ubuntu-linux
+      nixos.oracle
+      ./oracle.nix
+    ]) ++ (with meta; [
+      services.knot
+      services.nginx
+    ]);
 
-  services.nginx.virtualHosts =
-    let
-      splashy = pkgs.host-splash-site config.networking.hostName;
-    in
-    kw.virtualHostGen {
-      networkFilter = [ "public" ];
-      block.locations."/" = { root = splashy; };
-    };
+    services.nginx.virtualHosts =
+      let
+        splashy = pkgs.host-splash-site config.networking.hostName;
+      in
+      kw.virtualHostGen {
+        networkFilter = [ "public" ];
+        block.locations."/" = { root = splashy; };
+      };
 
-  networking = {
-    hostName = "rinnosuke";
-  };
+      networking = {
+        useDHCP = false;
+        hostName = "rinnosuke";
+        interfaces.ens3 = {
+          useDHCP = true;
+          ipv6 = {
+            addresses = [{
+              address = addr_ipv6_nix;
+              prefixLength = 64;
+            }];
+            routes = [{
+                address = "::";
+                prefixLength = 0;
+            }];
+          };
+        };
+      };
 
-  network = {
-    addresses.public.enable = true;
-    firewall.public.interfaces = singleton "ens3";
-    tf = {
-      enable = true;
-      ipv4_attr = "public_ip";
-    };
-  };
-}
+      network = {
+        addresses = {
+          public = {
+            enable = true;
+            ipv6.address = addr_ipv6_nix;
+          };
+        };
+        firewall.public.interfaces = singleton "ens3";
+        tf = {
+          enable = true;
+          ipv4_attr = "public_ip";
+        };
+      };
+    }
diff --git a/config/hosts/rinnosuke/oracle.nix b/config/hosts/rinnosuke/oracle.nix
index 08b437a2..fee7672d 100644
--- a/config/hosts/rinnosuke/oracle.nix
+++ b/config/hosts/rinnosuke/oracle.nix
@@ -61,6 +61,24 @@ in
             sort_order = "DESC";
           };
         };
+        rinnosuke_vnic = {
+          provider = "oci";
+          type = "core_vnic_attachments";
+          dataSource = true;
+          inputs = {
+            inherit compartment_id;
+            instance_id = tf.resources.rinnosuke.refAttr "id";
+          };
+        };
+        rinnosuke_ipv6 = {
+          provider = "oci";
+          type = "core_ipv6";
+          inputs = {
+            vnic_id = tf.resources.rinnosuke_vnic.refAttr "vnic_attachments[0].vnic_id";
+            display_name = config.networking.hostName;
+            ip_address = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"}", 7)'';
+          };
+        };
         rinnosuke = {
           provider = "oci";
           type = "core_instance";