some work

2025-01-12 13:45:55 +01:00 · 2025-01-12 13:45:55 +01:00 · 9107892589
commit 9107892589
parent 2c6f0762ea
8 changed files with 74 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@ -22,7 +22,13 @@

    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.1";
-      inputs.nixpkgs.follows = "nixpkgs-stable";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+    };
+
+    authentik-nix = {
+      url = "github:nix-community/authentik-nix";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+      # inputs.flake-parts.follows
    };

    tmux-yank = {
@ -34,6 +40,7 @@
  outputs =
    inputs@{
      self,
+      authentik-nix,
      flake-utils,
      lanzaboote,
      microvm,
@ -90,6 +97,7 @@
          specialArgs = { inherit inputs; };
          modules = [
            sops-nix.nixosModules.sops
+            microvm.nixosModules.host

            ./hosts/minime
            ./modules/basic-tools
@ -98,7 +106,20 @@
            ./modules/wg
          ];
        };
+
+        authentik = nixpkgs-stable.lib.nixosSystem {
+          system = "x84_64-linux";
+          specialArgs = { inherit inputs; };
+          modules = [
+            sops-nix.nixosModules.sops
+            microvm.nixosModules.microvm
+            authentik-nix.nixosModules.default
+
+            ./microvms/authentik
+            ./modules/server
      };
+
+
      hydraJobs =
        let
          get-toplevel = (
--- a/hosts/minime/default.nix
+++ b/hosts/minime/default.nix
@ -3,7 +3,7 @@
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
-    ./networking.nix
+    ./networking
    ./secrets.nix
    ./zfs.nix
  ];
--- a/hosts/minime/networking/default.nix
+++ b/hosts/minime/networking/default.nix
@ -0,0 +1,24 @@
+{ ... }: {
+  imports = [
+    ./uplink.nix
+    ./uvm.nix
+  ];
+
+  networking.hostName = "minime"; # Define your hostname.
+  networking.useNetworkd = true;
+  networking.firewall.enable = true;
+
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+    fallbackDns = [
+      "9.9.9.9"
+      "2620:fe::fe"
+      "149.112.112.112"
+      "2620:fe::9"
+    ];
+  };
+
+  systemd.network.enable = true;
+
+}
--- a/hosts/minime/networking/uplink.nix
+++ b/hosts/minime/networking/uplink.nix
--- a/hosts/minime/networking/uvm.nix
+++ b/hosts/minime/networking/uvm.nix
@ -0,0 +1,19 @@
+{ ... }: {
+  systemd.network = {
+    netdevs."10-uvm-br" = {
+      netdevConfig = {
+        Kind = bridge;
+        Name = "uvm-br";
+      };
+    };
+
+    networks."10-uvm-br" = {
+      matchConfig.Name = "uvm-br";
+      networkConfig = {
+        DHCPServer = false;
+        IPv6SendRA = true;
+      };
+      Address = [ ];
+    };
+  };
+}
--- a/microvms/authentik/default.nix
+++ b/microvms/authentik/default.nix
--- a/modules/wg/module.nix
+++ b/modules/wg/module.nix
@ -1,8 +1,6 @@
 {
  lib,
  config,
-  self,
-  registry,
  ...
 }:
 {
--- a/modules/wg/proxy.nix
+++ b/modules/wg/proxy.nix
@ -23,6 +23,14 @@
            publicIface = "enp1s0";
          };
        };
+        "authentik" = {
+          address = [
+            "10.89.88.2/24"
+            "fd31:185d:722f::2/48"
+          ];
+          publicKey = "";
+          privateKeyFile = config.sops.secrets."wg/0xa-proxy".path;
+        };
      };
    }
  ];