authentik: init

hosts/cloud/secrets.nix

@@ -7,5 +7,8 @@
     "wg/0xa-mgmt" = {
       owner = config.users.users.systemd-network.name;
     };
+    "wg/0xa-proxy" = {
+      owner = config.users.users.systemd-network.name;
+    };
   };
 }

hosts/minime/hardware-configuration.nix

@@ -65,6 +65,12 @@
     options = [ "zfsutil" ];
   };
 
+  fileSystems."/var/lib/microvms" = {
+    device = "zpool/data/var/lib/microvms";
+    fsType = "zfs";
+    options = [ "zfsutil" ];
+  };
+
   swapDevices = [
     {
       device = "/dev/disk/by-partuuid/7e7d0e0b-90b7-465c-a022-089b38e0f16d";

hosts/minime/networking/default.nix

@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   imports = [
     ./uplink.nix
     ./uvm.nix

hosts/minime/networking/uvm.nix

@@ -1,8 +1,10 @@
-{ ... }: {
+{ ... }:
+{
+  # TODO: make a module
   systemd.network = {
     netdevs."10-uvm-br" = {
       netdevConfig = {
-        Kind = bridge;
+        Kind = "bridge";
         Name = "uvm-br";
       };
     };
@@ -13,7 +15,31 @@
         DHCPServer = false;
         IPv6SendRA = true;
       };
-      Address = [ ];
+      addresses = [
+        {
+          Address = "10.99.99.1/24";
+        }
+        {
+          Address = "fd12:3456:789a::1/64";
+        }
+      ];
+      ipv6Prefixes = [
+        {
+          Prefix = "fd12:3456:789a::/64";
+        }
+      ];
     };
+
+    networks."11-uvm-br" = {
+      matchConfig.Name = "uvm-*";
+      networkConfig.Bridge = "uvm-br";
+    };
+
+  };
+  networking.nat = {
+    enable = true;
+    enableIPv6 = true;
+    externalInterface = "enp90s0";
+    internalInterfaces = [ "uvm-br" ];
   };
 }

hosts/minime/uvm.nix

@@ -0,0 +1,10 @@
+{ inputs, ... }:
+{
+  microvm.stateDir = "/var/lib/microvms";
+  microvm.vms = {
+    authentik = {
+      flake = inputs.self;
+      updateFlake = "github:gshipunov/nix-config/master";
+    };
+  };
+}