diff --git a/flake.lock b/flake.lock index cf95eb9f..81780dc1 100644 --- a/flake.lock +++ b/flake.lock @@ -110,16 +110,16 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1758177015, - "narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=", + "lastModified": 1759322529, + "narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75", + "rev": "69fac057b2e553ee17c9a09b822d735823d65a6c", "type": "github" }, "original": { "owner": "nix-community", - "ref": "version/2025.8.3", + "ref": "version/2025.8.4", "repo": "authentik-nix", "type": "github" } @@ -127,16 +127,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1758035356, - "narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=", + "lastModified": 1759190535, + "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=", "owner": "goauthentik", "repo": "authentik", - "rev": "680feaefa17934471a6b33ebc35caf5b64120404", + "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.8.3", + "ref": "version/2025.8.4", "repo": "authentik", "type": "github" } diff --git a/flake.nix b/flake.nix index ae83c1f4..9436fa0d 100644 --- a/flake.nix +++ b/flake.nix @@ -53,7 +53,7 @@ }; authentik = { - url = "github:nix-community/authentik-nix/version/2025.8.3"; + url = "github:nix-community/authentik-nix/version/2025.8.4"; }; flake-compat.url = "github:edolstra/flake-compat"; diff --git a/hosts/sobotka/server.nix b/hosts/sobotka/server.nix index 37c7c3dc..3a430012 100644 --- a/hosts/sobotka/server.nix +++ b/hosts/sobotka/server.nix @@ -22,10 +22,6 @@ traefik = { enable = true; }; - headscale = { - enable = true; - port = 8581; - }; tailscale = { enable = true; }; diff --git a/modules/server/infra/default.nix b/modules/server/infra/default.nix index 12574580..797096f4 100644 --- a/modules/server/infra/default.nix +++ b/modules/server/infra/default.nix @@ -2,7 +2,6 @@ imports = [ ./authentik ./fail2ban - ./headscale ./keepalived ./podman ./postgres diff --git a/modules/server/infra/headscale/default.nix b/modules/server/infra/headscale/default.nix deleted file mode 100644 index 84d26ca2..00000000 --- a/modules/server/infra/headscale/default.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - self, - ... -}: -with lib; let - cfg = config.server.infra.headscale; - srv = config.server.infra; -in { - options.server.infra.headscale = { - enable = mkEnableOption "Enable headscale server configuration"; - url = lib.mkOption { - type = lib.types.str; - default = "hs.${srv.www.url}"; - }; - port = lib.mkOption { - type = lib.types.port; - description = "The local port the service runs on"; - }; - }; - config = mkIf cfg.enable { - # age.secrets.sobotkaHsAuth.file = "${self}/secrets/sobotkaHsAuth.age"; - - services = { - headscale = { - enable = true; - port = cfg.port; - settings = { - server_url = "http://${cfg.url}"; - - prefixes = { - v4 = "100.64.0.0/10"; - v6 = "fd7a:115c:a1e0::/48"; - allocation = "random"; - }; - - dns = { - magic_dns = true; - base_domain = "ts.cnst.dev"; - override_local_dns = true; - nameservers = { - global = [ - "192.168.88.1" - "192.168.88.69" - ]; - split = { - }; - }; - - # oidc = { - # issuer = "https://auth.cnst.dev/oauth2/openid/headscale"; - # client_id = "headscale"; - # client_secret_path = config.age.secrets.headscaleSecret.path; - # }; - }; - }; - }; - traefik = { - dynamicConfigOptions = { - http = { - services = { - auth.loadBalancer.servers = [ - { - url = "http://localhost:8581"; - } - ]; - }; - - routers = { - headscale = { - entryPoints = ["websecure"]; - rule = "Host(`${cfg.url}`)"; - service = "headscale"; - tls.certResolver = "letsencrypt"; - }; - }; - }; - }; - }; - }; - }; -}