feat(IP): migrate to traefik and authentik, remove dead code

2025-09-23 18:13:28 +02:00
parent b752781064
commit 86624f362d
37 changed files with 1202 additions and 803 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -4,113 +4,111 @@
  homeImports,
  self,
  ...
-}:
-{
-  flake.nixosConfigurations =
-    let
-      cLib = import ../lib inputs.nixpkgs.lib;
-      userConfig = "${self}/home";
-      systemConfig = "${self}/system";
-      hostConfig = "${self}/hosts";
+}: {
+  flake.nixosConfigurations = let
+    cLib = import ../lib inputs.nixpkgs.lib;
+    userConfig = "${self}/home";
+    systemConfig = "${self}/system";
+    hostConfig = "${self}/hosts";

-      cnstConfig = "${self}/users/cnst";
-      toothpickConfig = "${self}/users/toothpick";
+    cnstConfig = "${self}/users/cnst";
+    toothpickConfig = "${self}/users/toothpick";

-      umodPath = "${self}/modules/home";
-      smodPath = "${self}/modules/system";
+    umodPath = "${self}/modules/home";
+    smodPath = "${self}/modules/system";

-      inherit (inputs.nixpkgs.lib) nixosSystem;
-      inherit (self) outputs;
+    inherit (inputs.nixpkgs.lib) nixosSystem;
+    inherit (self) outputs;

-      specialArgs = {
-        inherit
-          cLib
-          inputs
-          outputs
-          self
-          userConfig
-          systemConfig
-          hostConfig
-          cnstConfig
-          toothpickConfig
-          umodPath
-          smodPath
-          ;
-      };
-    in
-    {
-      kima = nixosSystem {
-        inherit specialArgs;
-        modules = [
-          ./kima
-          "${self}/nix"
-          {
-            home-manager = {
-              users.cnst.imports = homeImports."cnst@kima";
-              extraSpecialArgs = specialArgs;
-            };
-          }
-          self.nixosModules.nixos
-          self.nixosModules.settings
-          inputs.chaotic.nixosModules.default
-          inputs.agenix.nixosModules.default
-        ];
-      };
-      bunk = nixosSystem {
-        inherit specialArgs;
-        modules = [
-          ./bunk
-          "${self}/nix"
-          {
-            home-manager = {
-              users.cnst.imports = homeImports."cnst@bunk";
-              extraSpecialArgs = specialArgs;
-            };
-          }
-          self.nixosModules.nixos
-          self.nixosModules.settings
-          inputs.chaotic.nixosModules.default
-          inputs.agenix.nixosModules.default
-        ];
-      };
-      sobotka = nixosSystem {
-        inherit specialArgs;
-        modules = [
-          ./sobotka
-          "${self}/nix"
-          self.nixosModules.nixos
-          self.nixosModules.settings
-          self.nixosModules.server
-          inputs.agenix.nixosModules.default
-        ];
-      };
-      ziggy = nixosSystem {
-        inherit specialArgs;
-        modules = [
-          ./ziggy
-          "${self}/nix"
-          self.nixosModules.nixos
-          self.nixosModules.settings
-          self.nixosModules.server
-          inputs.agenix.nixosModules.default
-        ];
-      };
-      toothpc = nixosSystem {
-        inherit specialArgs;
-        modules = [
-          ./toothpc
-          "${self}/nix"
-          {
-            home-manager = {
-              users.toothpick.imports = homeImports."toothpick@toothpc";
-              extraSpecialArgs = specialArgs;
-            };
-          }
-          self.nixosModules.nixos
-          self.nixosModules.settings
-          inputs.chaotic.nixosModules.default
-          inputs.agenix.nixosModules.default
-        ];
-      };
+    specialArgs = {
+      inherit
+        cLib
+        inputs
+        outputs
+        self
+        userConfig
+        systemConfig
+        hostConfig
+        cnstConfig
+        toothpickConfig
+        umodPath
+        smodPath
+        ;
    };
+  in {
+    kima = nixosSystem {
+      inherit specialArgs;
+      modules = [
+        ./kima
+        "${self}/nix"
+        {
+          home-manager = {
+            users.cnst.imports = homeImports."cnst@kima";
+            extraSpecialArgs = specialArgs;
+          };
+        }
+        self.nixosModules.nixos
+        self.nixosModules.settings
+        inputs.chaotic.nixosModules.default
+        inputs.agenix.nixosModules.default
+      ];
+    };
+    bunk = nixosSystem {
+      inherit specialArgs;
+      modules = [
+        ./bunk
+        "${self}/nix"
+        {
+          home-manager = {
+            users.cnst.imports = homeImports."cnst@bunk";
+            extraSpecialArgs = specialArgs;
+          };
+        }
+        self.nixosModules.nixos
+        self.nixosModules.settings
+        inputs.chaotic.nixosModules.default
+        inputs.agenix.nixosModules.default
+      ];
+    };
+    sobotka = nixosSystem {
+      inherit specialArgs;
+      modules = [
+        ./sobotka
+        "${self}/nix"
+        self.nixosModules.nixos
+        self.nixosModules.settings
+        self.nixosModules.server
+        inputs.agenix.nixosModules.default
+        inputs.authentik.nixosModules.default
+      ];
+    };
+    ziggy = nixosSystem {
+      inherit specialArgs;
+      modules = [
+        ./ziggy
+        "${self}/nix"
+        self.nixosModules.nixos
+        self.nixosModules.settings
+        self.nixosModules.server
+        inputs.agenix.nixosModules.default
+      ];
+    };
+    toothpc = nixosSystem {
+      inherit specialArgs;
+      modules = [
+        ./toothpc
+        "${self}/nix"
+        {
+          home-manager = {
+            users.toothpick.imports = homeImports."toothpick@toothpc";
+            extraSpecialArgs = specialArgs;
+          };
+        }
+        self.nixosModules.nixos
+        self.nixosModules.settings
+        inputs.chaotic.nixosModules.default
+        inputs.agenix.nixosModules.default
+      ];
+    };
+  };
 }
--- a/hosts/sobotka/output
+++ b/hosts/sobotka/output
--- a/hosts/sobotka/server.nix
+++ b/hosts/sobotka/server.nix
@@ -3,12 +3,21 @@
    enable = true;
    email = "adam@cnst.dev";
    domain = "cnix.dev";
-    domainPublic = "cnst.dev";
    user = "share";
    group = "share";
    uid = 994;
    gid = 993;

+    authentik = {
+      enable = true;
+    };
+    traefik = {
+      enable = true;
+    };
+    www = {
+      enable = true;
+      url = "cnst.dev";
+    };
    gitea = {
      enable = true;
    };
@@ -16,7 +25,7 @@
      enable = true;
    };
    acme = {
-      enable = true;
+      enable = false;
    };
    homepage-dashboard = {
      enable = true;
@@ -45,15 +54,6 @@
    uptime-kuma = {
      enable = true;
    };
-    keycloak = {
-      enable = true;
-      url = "login.cnst.dev";
-      dbPasswordFile = config.age.secrets.keycloakDbPasswordFile.path;
-      cloudflared = {
-        tunnelId = "590f60f8-baaa-4106-b2d1-43740c79531e";
-        credentialsFile = config.age.secrets.keycloakCloudflared.path;
-      };
-    };
    vaultwarden = {
      enable = true;
      url = "vault.cnst.dev";
@@ -71,9 +71,6 @@
      apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path;
      zoneId = "0027acdfb8bbe010f55b676ad8698dfb";
    };
-    syncthing = {
-      enable = false;
-    };
    keepalived = {
      enable = true;
      interface = "enp6s0";