update kernel

system-config/configuration/homebox/default.nix

@@ -18,10 +18,13 @@
       inputs.system.nixosModule
     ];
 
-  boot.loader = {
-    systemd-boot.enable = true;
-    efi.canTouchEfiVariables = true;
-  };
+    boot = {
+        kernelPackages = pkgs.linuxKernel.kernels.linux_6_11;
+        loader = {
+            systemd-boot.enable = true;
+            efi.canTouchEfiVariables = true;
+        };
+    };
 
   hardware = {
     opengl = {
@@ -105,7 +108,10 @@
     isNormalUser = true;
     initialPassword = "7567";
     #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ 
+        "wheel"
+        "podman"
+    ]; # Enable ‘sudo’ for the user.
     openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
     ];
@@ -118,6 +124,22 @@
         };
     };
 
+    virtualisation.docker.enable = false;
+
+    virtualisation.podman = {
+        enable = true;
+        dockerCompat = true;
+        defaultNetwork.settings.dns_enabled = true;
+    };
+
+    virtualisation.oci-containers.backend = "podman";
+
+    environment.systemPackages = with pkgs; [
+        dive
+        podman-tui
+        podman-compose
+    ];
+
   boot.initrd.postDeviceCommands = lib.mkAfter ''
     mkdir /btrfs_tmp
     mount /dev/root_vg/root /btrfs_tmp
@@ -227,7 +249,7 @@
       
             traefik.enable = true;
 
-            authentik.enable = true;
+            authentik.enable = false;
             
             gitlab.enable = false;
         };

system-config/services/containers/authentik-nix/default.nix

@@ -0,0 +1,50 @@
+{ config, lib, inputs, ... }: {
+
+    options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    imports = [
+        inputs.authentik-nix.nixosModules.default
+    ];
+
+    config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {
+
+        sops.templates."authentik.env" = {
+            content = ''
+                AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/pass"}
+                AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
+            '';
+
+            path = "/ssd1/Authentik/data/authentik.env";
+        };
+
+        containers.authentik = {
+
+            autoStart = true;
+            privateNetwork = true;
+            hostAddress = "192.168.100.10";
+            localAddress = "192.168.100.12";
+            bindMounts = {
+                "/root/data" = {
+                    hostPath = "/ssd1/Authentik/data";
+                    isReadOnly = false;
+                };
+            };
+            config = {
+                
+                services.authentik = {
+
+                    enable = true;
+                    environmentFile = "/root/data/authentik.env";
+                    settings = {
+                        disable_startup_analytics = false;
+                        avatars = "initials";
+                    };
+                };
+            };
+        };
+
+    };
+}

system-config/services/containers/authentik/default.nix

@@ -5,6 +5,10 @@
         default = false;
     };
 
+    imports = [
+        inputs.arion.nixosModules.arion
+    ];
+
     config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {
 
         sops.templates."authentik.env" = {
@@ -16,42 +20,12 @@
             path = "/ssd1/Authentik/data/authentik.env";
         };
 
-        containers.authentik = {
-            
-            autoStart = true;
-            privateNetwork = true;
-            hostAddress = "192.168.100.10";
-            localAddress = "192.168.100.13";
+        virtualisation.arion.projects.authentik = {
+            serviceName = "authentik";
 
-            bindMounts = {
-                "/root/data" = {
-                    hostPath = "/ssd1/Authentik/data";
-                };
-            };
-
-            config = {
-
-                imports = [
-                    inputs.authentik-nix.nixosModules.default
-                ];
+            settings = {
                 
-                services.authentik = {
-                    
-                    enable = true;
-                    environmentFile = "/root/data/authentik.env";
-
-                    settings = {
-                        #disable_startup_analytics = true;
-                        avatars = "initials";
-                    };
-
-                };
-
-                networking.firewall.enable = false;
-
-                system.stateVersion = "24.05";
             };
-            
         };
     };
 }

system-config/services/containers/default.nix

@@ -3,6 +3,6 @@
     imports = [
         ./gitlab
         ./traefik
-        ./authentik
+        ./authentik-nix
     ];
 }

system-config/services/containers/gitlab/default.nix

@@ -12,7 +12,7 @@
             autoStart = true;
             privateNetwork = true;
             hostAddress = "192.168.100.10";
-            localAddress = "192.168.100.12";
+            localAddress = "192.168.100.";
             bindMounts = {
                 "/etc/gitlab/data" = {
                     hostPath = "/ssd1/Gitlab/data";