feat: add aphrodite host(gmms)

Author: sijanthapa171

hosts/Aphrodite/configuration.nix

@@ -0,0 +1,78 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ./extras/tinyproxy.nix
+    ../../users/sylveon.nix
+  ];
+
+  zaphkiel = {
+    data.headless = true;
+    data.wallpaper = ./kokomi_116824847_p0_cropped.jpg;
+    secrets.tailAuth.file = ../../secrets/secret8.age;
+    services = {
+      enable = true;
+      tailscale = {
+        enable = true;
+        exitNode.enable = true;
+        exitNode.networkDevice = "ens18";
+        authFile = config.age.secrets.tailAuth.path;
+      };
+      openssh.enable = true;
+      fail2ban.enable = false;
+    };
+    programs.shpool = {
+      enable = true;
+      users = ["rexies"];
+    };
+  };
+  time.timeZone = "Asia/Kathmandu";
+
+  boot.tmp.cleanOnBoot = true;
+  networking.hostName = "Aphrodite";
+  networking.domain = "divinity.org";
+
+  networking = {
+    interfaces = {
+      ens18.ipv4.addresses = [
+        {
+          address = "103.160.145.75";
+          prefixLength = 24;
+        }
+      ];
+    };
+
+    defaultGateway = {
+      address = "103.160.144.1";
+      interface = "ens18";
+    };
+  };
+
+  # forward dns onto the tailnet
+  networking = {
+    nftables.enable = true;
+    firewall = {
+      interfaces."tailscale0" = {
+        allowedTCPPorts = config.services.openssh.ports;
+        allowedUDPPorts = [53];
+      };
+    };
+  };
+  services.dnscrypt-proxy.settings = {
+    listen_addresses = [
+      "100.121.86.4:53"
+      "[fd7a:115c:a1e0::6e01:5604]:53"
+      "127.0.0.1:53"
+      "[::1]:53"
+    ];
+  };
+
+  services.openssh = {
+    openFirewall = lib.mkForce false;
+    startWhenNeeded = lib.mkForce false;
+  };
+  system.stateVersion = "23.11";
+}

hosts/Aphrodite/extras/tinyproxy.nix

@@ -0,0 +1,17 @@
+{
+  services.tinyproxy = {
+    enable = true;
+    settings = {
+      Port = 8888;
+      Listen = "100.121.86.4";
+      Timeout = 600;
+      Allow = [
+        "100.112.116.17" # Seraphine
+        "100.65.1.15" # Persephone (New)
+      ];
+    };
+  };
+
+  networking.firewall.interfaces."tailscale0".allowedTCPPorts = [8888];
+  systemd.services.tinyproxy.serviceConfig.RestartSec = 30;
+}

hosts/Aphrodite/hardware-configuration.nix

@@ -0,0 +1,15 @@
+{
+  modulesPath,
+  lib,
+  ...
+}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
+  boot.initrd.kernelModules = ["nvme"];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/Aphrodite/kokomi_116824847_p0_cropped.jpg

@@ -0,0 +1,15 @@
+let
+  username = "Sylveon";
+  description = "Sylveon SV";
+in {
+  zaphkiel.data.users = [username];
+  users.users.${username} = {
+    inherit description;
+    isNormalUser = true;
+    # extraGroups = ["networkmanager" "wheel" "multimedia"];
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlB7+ziR/1Wcvx/QvVGfI0x/84DjJQzgbUn0/SiGzyj sylveonsv@gmail.com"
+    ];
+  };
+}