diff --git a/flake.lock b/flake.lock index 9f5ba56..24d146e 100644 --- a/flake.lock +++ b/flake.lock @@ -17,7 +17,7 @@ }, "ags_2": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_2" }, "locked": { @@ -124,14 +124,35 @@ "type": "github" } }, + "arion": { + "inputs": { + "flake-parts": "flake-parts", + "haskell-flake": "haskell-flake", + "hercules-ci-effects": "hercules-ci-effects", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1730775052, + "narHash": "sha256-YXbgfHYJaAXCxrAQzjd03GkSMGd3iGeTmhkMwpFhTPk=", + "owner": "hercules-ci", + "repo": "arion", + "rev": "38ea1d87421f1695743d5eca90b0c37ef3123fbb", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "arion", + "type": "github" + } + }, "authentik-nix": { "inputs": { "authentik-src": "authentik-src", "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_3", "flake-utils": "flake-utils", "napalm": "napalm", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "poetry2nix": "poetry2nix", "systems": "systems" }, @@ -248,7 +269,7 @@ "external": { "inputs": { "digital": "digital", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1, @@ -377,6 +398,48 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "hercules-ci-effects", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -394,7 +457,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -412,7 +475,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nathan", @@ -436,7 +499,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -454,7 +517,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -718,6 +781,44 @@ "type": "github" } }, + "haskell-flake": { + "locked": { + "lastModified": 1675296942, + "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.1.0", + "repo": "haskell-flake", + "type": "github" + } + }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730229744, + "narHash": "sha256-2W//PmgocN9lplDJ7WoiP9EcrfUxqvtxplCAqlwvquY=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "d70658494391994c7b32e8fe5610dae76737e4df", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -968,7 +1069,7 @@ "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems_3", "xdph": "xdph" @@ -1012,7 +1113,7 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "pre-commit-hooks": "pre-commit-hooks_2", "systems": "systems_6", "xdph": "xdph_2" @@ -1277,18 +1378,18 @@ "nathan": { "inputs": { "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "packages": "packages", "prgms": "prgms" }, "locked": { "lastModified": 1, "narHash": "sha256-GNix63XYPLopvFgOUHyouU0d/V9lvKN9h3h1juttDgg=", - "path": "/nix/store/ca47s7yk4zkxn0j6dyp7icb4nj6n20bb-source/home-manager", + "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/home-manager", "type": "path" }, "original": { - "path": "/nix/store/ca47s7yk4zkxn0j6dyp7icb4nj6n20bb-source/home-manager", + "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/home-manager", "type": "path" } }, @@ -1362,11 +1463,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726937504, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { @@ -1493,6 +1594,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1729691686, + "narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1729307008, "narHash": "sha256-QUvb6epgKi9pCu9CttRQW4y5NqJ+snKr1FZpG/x3Wtc=", @@ -1508,7 +1625,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1727802920, "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", @@ -1524,7 +1641,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1727634051, "narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=", @@ -1540,7 +1657,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1728888510, "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", @@ -1558,16 +1675,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1729449015, - "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", - "owner": "nixos", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "89172919243df199fe237ba0f776c3e3e3d72367", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.05", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -1589,6 +1706,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1729449015, + "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "89172919243df199fe237ba0f776c3e3e3d72367", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1725634671, "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", @@ -1604,7 +1737,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1728888510, "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", @@ -1620,7 +1753,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1727802920, "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", @@ -1636,7 +1769,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1727634051, "narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=", @@ -1652,22 +1785,6 @@ "type": "github" } }, - "nixpkgs_8": { - "locked": { - "lastModified": 1729691686, - "narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_9": { "locked": { "lastModified": 1729691686, @@ -1678,7 +1795,7 @@ "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -1686,8 +1803,8 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6", + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim_2" }, "locked": { @@ -1707,11 +1824,11 @@ "inputs": { "devshell": "devshell", "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_5", "git-hooks": "git-hooks", "home-manager": "home-manager_3", "nix-darwin": "nix-darwin", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nuschtosSearch": "nuschtosSearch", "treefmt-nix": "treefmt-nix_2" }, @@ -1731,8 +1848,8 @@ }, "nixvim_3": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_11", + "flake-parts": "flake-parts_6", + "nixpkgs": "nixpkgs_12", "nixvim": "nixvim_4" }, "locked": { @@ -1752,11 +1869,11 @@ "inputs": { "devshell": "devshell_2", "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_7", "git-hooks": "git-hooks_2", "home-manager": "home-manager_4", "nix-darwin": "nix-darwin_2", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "nuschtosSearch": "nuschtosSearch_2", "treefmt-nix": "treefmt-nix_3" }, @@ -1950,11 +2067,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=", - "path": "/nix/store/xxwirbgz8pwxh9fvkcnmda0h8794k80i-source/programs", + "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/programs", "type": "path" }, "original": { - "path": "/nix/store/xxwirbgz8pwxh9fvkcnmda0h8794k80i-source/programs", + "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/programs", "type": "path" } }, @@ -2006,13 +2123,14 @@ }, "root": { "inputs": { + "arion": "arion", "authentik-nix": "authentik-nix", "disko": "disko", "firefox-addons": "firefox-addons", "home-manager": "home-manager", "impermanence": "impermanence", "nathan": "nathan", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nixvim": "nixvim_3", "sops-nix": "sops-nix", "system": "system" @@ -2037,11 +2155,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", - "path": "/nix/store/xxwirbgz8pwxh9fvkcnmda0h8794k80i-source/services/sddm", + "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/services/sddm", "type": "path" }, "original": { - "path": "/nix/store/xxwirbgz8pwxh9fvkcnmda0h8794k80i-source/services/sddm", + "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/services/sddm", "type": "path" } }, @@ -2085,7 +2203,7 @@ "spicetify-nix": { "inputs": { "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1729570661, @@ -2108,12 +2226,12 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-C6bh1lwx3TvqL9lgiNXbLtXbXS+v4Q0wFkoyyA6EIRU=", - "path": "/nix/store/ca47s7yk4zkxn0j6dyp7icb4nj6n20bb-source/system-config", + "narHash": "sha256-d2cED6HwQD1a5sWYGKTkrXSYqvDecyIioUT5U2W4xds=", + "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/system-config", "type": "path" }, "original": { - "path": "/nix/store/ca47s7yk4zkxn0j6dyp7icb4nj6n20bb-source/system-config", + "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/system-config", "type": "path" } }, @@ -2224,7 +2342,7 @@ }, "themecord": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1729423029, diff --git a/flake.nix b/flake.nix index ad14487..52326d5 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + arion.url = "github:hercules-ci/arion"; + authentik-nix.url = "github:nix-community/authentik-nix"; home-manager = { diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix index 0be802c..bfa8ad1 100644 --- a/system-config/configuration/homebox/default.nix +++ b/system-config/configuration/homebox/default.nix @@ -18,10 +18,13 @@ inputs.system.nixosModule ]; - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; + boot = { + kernelPackages = pkgs.linuxKernel.kernels.linux_6_11; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; hardware = { opengl = { @@ -105,7 +108,10 @@ isNormalUser = true; initialPassword = "7567"; #hashedPasswordFile = config.sops.secrets."nathan/pass".path; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + extraGroups = [ + "wheel" + "podman" + ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" ]; @@ -118,6 +124,22 @@ }; }; + virtualisation.docker.enable = false; + + virtualisation.podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + + virtualisation.oci-containers.backend = "podman"; + + environment.systemPackages = with pkgs; [ + dive + podman-tui + podman-compose + ]; + boot.initrd.postDeviceCommands = lib.mkAfter '' mkdir /btrfs_tmp mount /dev/root_vg/root /btrfs_tmp @@ -227,7 +249,7 @@ traefik.enable = true; - authentik.enable = true; + authentik.enable = false; gitlab.enable = false; }; diff --git a/system-config/services/containers/authentik-nix/default.nix b/system-config/services/containers/authentik-nix/default.nix new file mode 100644 index 0000000..19a735b --- /dev/null +++ b/system-config/services/containers/authentik-nix/default.nix @@ -0,0 +1,50 @@ +{ config, lib, inputs, ... }: { + + options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + + imports = [ + inputs.authentik-nix.nixosModules.default + ]; + + config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable { + + sops.templates."authentik.env" = { + content = '' + AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/pass"} + AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} + ''; + + path = "/ssd1/Authentik/data/authentik.env"; + }; + + containers.authentik = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.12"; + bindMounts = { + "/root/data" = { + hostPath = "/ssd1/Authentik/data"; + isReadOnly = false; + }; + }; + config = { + + services.authentik = { + + enable = true; + environmentFile = "/root/data/authentik.env"; + settings = { + disable_startup_analytics = false; + avatars = "initials"; + }; + }; + }; + }; + + }; +} diff --git a/system-config/services/containers/authentik/default.nix b/system-config/services/containers/authentik/default.nix index d2f8b66..f3d8317 100644 --- a/system-config/services/containers/authentik/default.nix +++ b/system-config/services/containers/authentik/default.nix @@ -5,6 +5,10 @@ default = false; }; + imports = [ + inputs.arion.nixosModules.arion + ]; + config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable { sops.templates."authentik.env" = { @@ -16,42 +20,12 @@ path = "/ssd1/Authentik/data/authentik.env"; }; - containers.authentik = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.13"; + virtualisation.arion.projects.authentik = { + serviceName = "authentik"; - bindMounts = { - "/root/data" = { - hostPath = "/ssd1/Authentik/data"; - }; - }; - - config = { - - imports = [ - inputs.authentik-nix.nixosModules.default - ]; + settings = { - services.authentik = { - - enable = true; - environmentFile = "/root/data/authentik.env"; - - settings = { - #disable_startup_analytics = true; - avatars = "initials"; - }; - - }; - - networking.firewall.enable = false; - - system.stateVersion = "24.05"; }; - }; }; } diff --git a/system-config/services/containers/default.nix b/system-config/services/containers/default.nix index 0816a74..bb616eb 100644 --- a/system-config/services/containers/default.nix +++ b/system-config/services/containers/default.nix @@ -3,6 +3,6 @@ imports = [ ./gitlab ./traefik - ./authentik + ./authentik-nix ]; } diff --git a/system-config/services/containers/gitlab/default.nix b/system-config/services/containers/gitlab/default.nix index 18daa72..2b5d18e 100644 --- a/system-config/services/containers/gitlab/default.nix +++ b/system-config/services/containers/gitlab/default.nix @@ -12,7 +12,7 @@ autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; - localAddress = "192.168.100.12"; + localAddress = "192.168.100."; bindMounts = { "/etc/gitlab/data" = { hostPath = "/ssd1/Gitlab/data"; diff --git a/system-config/services/containers/httpd/default.nix b/system-config/services/containers/httpd/default.nix new file mode 100644 index 0000000..e69de29 diff --git a/system-config/services/containers/jellyfin/default.nix b/system-config/services/containers/jellyfin/default.nix new file mode 100644 index 0000000..e69de29 diff --git a/system-config/services/containers/pihole/default.nix b/system-config/services/containers/pihole/default.nix new file mode 100644 index 0000000..e69de29