some work

2025-01-12 13:45:55 +01:00 · 2025-01-12 13:45:55 +01:00 · 9107892589
commit 9107892589
parent 2c6f0762ea
8 changed files with 74 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@ -22,7 +22,13 @@
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.1";
-      inputs.nixpkgs.follows = "nixpkgs-stable";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
    authentik-nix = {
      url = "github:nix-community/authentik-nix";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
      # inputs.flake-parts.follows
    };
    tmux-yank = {
@ -34,6 +40,7 @@
  outputs =
    inputs@{
      self,
      authentik-nix,
      flake-utils,
      lanzaboote,
      microvm,
@ -90,6 +97,7 @@
          specialArgs = { inherit inputs; };
          modules = [
            sops-nix.nixosModules.sops
            microvm.nixosModules.host
            ./hosts/minime
            ./modules/basic-tools
@ -98,7 +106,20 @@
            ./modules/wg
          ];
        };
        authentik = nixpkgs-stable.lib.nixosSystem {
          system = "x84_64-linux";
          specialArgs = { inherit inputs; };
          modules = [
            sops-nix.nixosModules.sops
            microvm.nixosModules.microvm
            authentik-nix.nixosModules.default
            ./microvms/authentik
            ./modules/server
      };
      hydraJobs =
        let
          get-toplevel = (
--- a/hosts/minime/default.nix
+++ b/hosts/minime/default.nix
@ -3,7 +3,7 @@
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
-    ./networking.nix
+    ./networking
    ./secrets.nix
    ./zfs.nix
  ];
--- a/hosts/minime/networking/default.nix
+++ b/hosts/minime/networking/default.nix
@ -0,0 +1,24 @@
 { ... }: {
  imports = [
    ./uplink.nix
    ./uvm.nix
  ];
  networking.hostName = "minime"; # Define your hostname.
  networking.useNetworkd = true;
  networking.firewall.enable = true;
  services.resolved = {
    enable = true;
    dnssec = "false";
    fallbackDns = [
      "9.9.9.9"
      "2620:fe::fe"
      "149.112.112.112"
      "2620:fe::9"
    ];
  };
  systemd.network.enable = true;
 }
--- a/hosts/minime/networking/uplink.nix
+++ b/hosts/minime/networking/uplink.nix
--- a/hosts/minime/networking/uvm.nix
+++ b/hosts/minime/networking/uvm.nix
@ -0,0 +1,19 @@
 { ... }: {
  systemd.network = {
    netdevs."10-uvm-br" = {
      netdevConfig = {
        Kind = bridge;
        Name = "uvm-br";
      };
    };
    networks."10-uvm-br" = {
      matchConfig.Name = "uvm-br";
      networkConfig = {
        DHCPServer = false;
        IPv6SendRA = true;
      };
      Address = [ ];
    };
  };
 }
--- a/microvms/authentik/default.nix
+++ b/microvms/authentik/default.nix
--- a/modules/wg/module.nix
+++ b/modules/wg/module.nix
@ -1,8 +1,6 @@
 {
  lib,
  config,
  self,
  registry,
  ...
 }:
 {
--- a/modules/wg/proxy.nix
+++ b/modules/wg/proxy.nix
@ -23,6 +23,14 @@
            publicIface = "enp1s0";
          };
        };
        "authentik" = {
          address = [
            "10.89.88.2/24"
            "fd31:185d:722f::2/48"
          ];
          publicKey = "";
          privateKeyFile = config.sops.secrets."wg/0xa-proxy".path;
        };
      };
    }
  ];