From 340b58c5bb75edf3b3f47b9b6195940711bd9bda Mon Sep 17 00:00:00 2001 From: polsevev Date: Sun, 6 Apr 2025 20:39:50 +0200 Subject: [PATCH] WOrked some more --- nixos/hephaestus/configuration.nix | 8 +- nixos/hephaestus/flake.lock | 244 ++++++++++++++++++++++++++++- nixos/hephaestus/flake.nix | 2 + 3 files changed, 250 insertions(+), 4 deletions(-) diff --git a/nixos/hephaestus/configuration.nix b/nixos/hephaestus/configuration.nix index 0811b78..4e26758 100644 --- a/nixos/hephaestus/configuration.nix +++ b/nixos/hephaestus/configuration.nix @@ -52,11 +52,12 @@ }; users.users.ansible = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "sudo" ]; + extraGroups = [ "wheel" "networkmanager" "sudo" "docker"]; packages = with pkgs; [ ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGKOGZKJO31YZem1OTZtIg3fKaatbFmqmRNRD+K9GpX rgl002@student.uib.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlpPX7ogQo0dG0Ze4VSsAAJO+Z7w/wxGFZ+vuTHwDT9 forgejo-runner" + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBDpeouwzFZoYA7AYARaJ/qdQHORJB2h1V73PXQYEAI7sDrc3kYwgZPbrZ3pGkGKaHBl45kiV6SYsC7191OCwIl8AAAAEc3NoOg== A" + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBHlAtX4mBifZZ8u6sJckCgA6skwN7aamVK+lQuXLQ6kQWJy7GlEXEmoR9RW/0UIrQYLC+wd8Q5MROkYpn+cHLSoAAAAEc3NoOg== B" ]; }; security.sudo.wheelNeedsPassword = false; @@ -69,6 +70,7 @@ vim tailscale python3 + git ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. @@ -81,7 +83,7 @@ # }; # List services that you want to enable: - + virtualisation.docker.enable = true; services.tailscale.enable = true; # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/nixos/hephaestus/flake.lock b/nixos/hephaestus/flake.lock index 54438ff..416f8aa 100644 --- a/nixos/hephaestus/flake.lock +++ b/nixos/hephaestus/flake.lock @@ -1,6 +1,179 @@ { "nodes": { + "authentik-nix": { + "inputs": { + "authentik-src": "authentik-src", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": "nixpkgs", + "poetry2nix": "poetry2nix", + "systems": "systems" + }, + "locked": { + "lastModified": 1743172544, + "narHash": "sha256-I6//hyls5T6Y93IgwbWn5izeT29o+yza4yRgBcmNars=", + "owner": "nix-community", + "repo": "authentik-nix", + "rev": "b4916a86d4e650401e67dc03556eadb4a3cb248a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1743169792, + "narHash": "sha256-aaSAlFIc5Gn5PJPVuObi24Y86/3N3yFJVQTx1tV2i2A=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2025.2.3", + "repo": "authentik", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": [ + "authentik-nix", + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "napalm": { + "inputs": { + "flake-utils": [ + "authentik-nix", + "flake-utils" + ], + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725806412, + "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", + "owner": "willibutz", + "repo": "napalm", + "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", + "type": "github" + }, + "original": { + "owner": "willibutz", + "ref": "avoid-foldl-stack-overflow", + "repo": "napalm", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1740367490, + "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1739206421, "narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=", @@ -16,9 +189,78 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "authentik-nix", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ], + "systems": [ + "authentik-nix", + "systems" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1739883580, + "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "authentik-nix": "authentik-nix", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730120726, + "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" } } }, diff --git a/nixos/hephaestus/flake.nix b/nixos/hephaestus/flake.nix index b931b93..f289040 100644 --- a/nixos/hephaestus/flake.nix +++ b/nixos/hephaestus/flake.nix @@ -22,6 +22,8 @@ # so the old configuration file still takes effect ./configuration.nix ./nginx.nix + #./authentik.nix + #sops-nix.nixosModules.sops ]; }; };