cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:1dd06ef3f568d99f179cc4530e2d269a5fdc8460
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
...
compare: cnst:2ffc94161dfeabab82ca1a3a98a9d88bd2c653b5
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

2 Commits
1dd06ef3f5 ... 2ffc94161d

Author SHA1 Message Date
cnst
2ffc94161d chore(dead): remove obsolete code 2025-10-25 14:04:38 +02:00
cnst
ff5490194b feat(headscale): just an initial test 2025-10-25 14:03:34 +02:00
7 changed files with 276 additions and 143 deletions
Expand all files Collapse all files

318
flake.lock generated
View File

@@ -100,29 +100,26 @@
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": [
"flake-parts"
],
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs_3",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems_3",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1759322529,
"narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"lastModified": 1758177015,
"narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "version/2025.8.3",
"repo": "authentik-nix",
"type": "github"
}
@@ -130,16 +127,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1759190535,
"narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"lastModified": 1758035356,
"narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"rev": "680feaefa17934471a6b33ebc35caf5b64120404",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.8.4",
"ref": "version/2025.8.3",
"repo": "authentik",
"type": "github"
}
@@ -149,15 +146,15 @@
"flake-schemas": "flake-schemas",
"home-manager": "home-manager_2",
"jovian": "jovian",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1760986121,
"narHash": "sha256-ilwuwZDPh0pNPTUYKUQQarAnwJwsggr60lQyae5R1vc=",
"lastModified": 1761326352,
"narHash": "sha256-DoR4mHaStX6Dg2Gilc2Dqr/XaxXmQTOQS5cZ5xKPQJY=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "45286364d2570149037013a4fa098709776bdb41",
"rev": "6492dc810f2f250ef95096910a44f03eea6a594f",
"type": "github"
},
"original": {
@@ -212,11 +209,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1761201787,
"narHash": "sha256-RQG899vzsoRIMQ6ZR5bi1W9HOomUgID7tk3COQf/OaY=",
"lastModified": 1761374215,
"narHash": "sha256-YmnUYXjacFHa8fWCo8gBAHpqlcG8+P5+5YYFhy6hOkg=",
"owner": "nix-community",
"repo": "fenix",
"rev": "1ab39eca6ce37b1db23b595c2a754c81ebf49507",
"rev": "b0fa429fc946e6e716dff3bfb97ce6383eae9359",
"type": "github"
},
"original": {
@@ -326,6 +323,24 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
@@ -345,9 +360,9 @@
"type": "github"
}
},
"flake-parts_3": {
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1753121425,
@@ -363,7 +378,7 @@
"type": "github"
}
},
"flake-parts_4": {
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
@@ -384,7 +399,7 @@
"type": "github"
}
},
"flake-parts_5": {
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": [
"nvf",
@@ -405,7 +420,7 @@
"type": "github"
}
},
"flake-parts_6": {
"flake-parts_7": {
"inputs": {
"nixpkgs-lib": [
"tuirun",
@@ -463,8 +478,8 @@
},
"fonts": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4"
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1753431871,
@@ -586,7 +601,7 @@
},
"helix-flake": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"rust-overlay": "rust-overlay_2"
},
"locked": {
@@ -610,11 +625,11 @@
]
},
"locked": {
"lastModified": 1761235135,
"narHash": "sha256-cux9xeceLIER1lBxUa1gMafkz7gg5ntcUmJBynWdBWI=",
"lastModified": 1761344779,
"narHash": "sha256-6LNSptFYhiAd0M/maJoixJw7V0Kp5BSoMRtIahcfu3M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0adf9ba3f567da2d53af581a857aacf671aaa547",
"rev": "c644cb018f9fdec55f5ac2afb4713a8c7beb757c",
"type": "github"
},
"original": {
@@ -652,11 +667,11 @@
]
},
"locked": {
"lastModified": 1760929667,
"narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=",
"lastModified": 1761266473,
"narHash": "sha256-QxCyKWBmuzI+eMhYV1JmbZsiUnBNATRP1EW34OBt5Vg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "189c21cf879669008ccf06e78a553f17e88d8ef0",
"rev": "5c71d4a730bd3c972befff343bb074421e345937",
"type": "github"
},
"original": {
@@ -797,17 +812,17 @@
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_4",
"xdph": "xdph"
},
"locked": {
"lastModified": 1761129162,
"narHash": "sha256-vJYlThaqdSYRKn1HcaMbkHeB95bXQwgG1ugrlSKQjHg=",
"lastModified": 1761389866,
"narHash": "sha256-RupwqaJ3JF5dF9iuJX+y0EZslmIuRs7+n+wnngtBqak=",
"owner": "hyprwm",
"repo": "hyprland",
"rev": "057695bc3f7de5e8841c15252fc51029590895e4",
"rev": "b10b9660004b3dfaf9e11a305d78f24955b089a4",
"type": "github"
},
"original": {
@@ -1191,11 +1206,11 @@
]
},
"locked": {
"lastModified": 1760534924,
"narHash": "sha256-OIOCC86DxTxp1VG7xAiM+YABtVqp6vTkYIoAiGQMqso=",
"lastModified": 1761202163,
"narHash": "sha256-6RySf5VQElrm7RYGWxlIkNttemDp4FF0aH+LX435G2Y=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "100b4e000032b865563a9754e5bca189bc544764",
"rev": "47976126007d9658ca4ac4dd933bea8846170fd9",
"type": "github"
},
"original": {
@@ -1208,8 +1223,8 @@
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_7",
"flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_8",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_3"
},
@@ -1278,11 +1293,11 @@
]
},
"locked": {
"lastModified": 1761184286,
"narHash": "sha256-yK/XQSwkOlgljcxNhlu08Zyp96DzF4eIU1leyWjyNZE=",
"lastModified": 1761356901,
"narHash": "sha256-YDySchURSJrS1P8zuzmFqypUS7shY6//0e0JiMZeLSI=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "8ac5469d67b8c197832575db87f6bde38032a947",
"rev": "a8635e459ff96acbd156a8de613b99d9d6b3676a",
"type": "github"
},
"original": {
@@ -1331,6 +1346,21 @@
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1751159883,
"narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
@@ -1345,6 +1375,22 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1759386674,
"narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "625ad6366178f03acd79f9e3822606dd7985b657",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1758690382,
@@ -1363,11 +1409,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"lastModified": 1757745802,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"type": "github"
},
"original": {
@@ -1378,70 +1424,6 @@
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1753250450,
"narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1754243818,
"narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1761114652,
"narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
@@ -1457,18 +1439,82 @@
"type": "github"
}
},
"nixpkgs_9": {
"nixpkgs_5": {
"locked": {
"lastModified": 1759386674,
"narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
"lastModified": 1753250450,
"narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "625ad6366178f03acd79f9e3822606dd7985b657",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1761114652,
"narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1754243818,
"narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1761114652,
"narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -1476,9 +1522,9 @@
"nvf": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_5",
"flake-parts": "flake-parts_6",
"mnw": "mnw",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_10",
"systems": "systems_5"
},
"locked": {
@@ -1602,7 +1648,7 @@
"chaotic": "chaotic",
"fenix": "fenix",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"fonts": "fonts",
"git-hooks": "git-hooks",
"hardware": "hardware",
@@ -1615,7 +1661,7 @@
"hyprpaper": "hyprpaper",
"lanzaboote": "lanzaboote",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"nvf": "nvf",
"systems": "systems_6",
"treefmt-nix": "treefmt-nix",
@@ -1626,11 +1672,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1761178311,
"narHash": "sha256-M5VeAtfip2zdqHKG9Su+5vlDG8AhtTk1ktxUGXdARc8=",
"lastModified": 1761322849,
"narHash": "sha256-KzRamhMnHTBEbYM0lZqozwc9BEYOTBMxVyAtDyiRq3s=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "f362735f822fe66ed2e357db53717b3db69dc6c9",
"rev": "51236f731456f305bac2b48682f8e1fa3032c989",
"type": "github"
},
"original": {
@@ -1648,11 +1694,11 @@
]
},
"locked": {
"lastModified": 1760927964,
"narHash": "sha256-+TjujgwBpeN0aaQ/lZQ8UPsWl9oEaihgbt6FvxTlpZk=",
"lastModified": 1761273263,
"narHash": "sha256-6d6ojnu6A6sVxIjig8OL6E1T8Ge9st3YGgVwg5MOY+Q=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6b1e691089a62d0852f9d3fd6693ee027bc98ac3",
"rev": "28405834d4fdd458d28e123fae4db148daecec6f",
"type": "github"
},
"original": {
@@ -1815,11 +1861,11 @@
]
},
"locked": {
"lastModified": 1760945191,
"narHash": "sha256-ZRVs8UqikBa4Ki3X4KCnMBtBW0ux1DaT35tgsnB1jM4=",
"lastModified": 1761311587,
"narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "f56b1934f5f8fcab8deb5d38d42fd692632b47c2",
"rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc",
"type": "github"
},
"original": {
@@ -1830,7 +1876,7 @@
},
"tuirun": {
"inputs": {
"flake-parts": "flake-parts_6",
"flake-parts": "flake-parts_7",
"nixpkgs": [
"nixpkgs"
],
@@ -1923,11 +1969,11 @@
]
},
"locked": {
"lastModified": 1761179366,
"narHash": "sha256-uH/qjlISL4oXjuFTMvOScsPBQPZG1wVEQCFyY3pNZNE=",
"lastModified": 1761276110,
"narHash": "sha256-k9HfFWBxM7DNGrahC+IZtB8DcZyBW2uUW0HktffX640=",
"ref": "refs/heads/main",
"rev": "772796d1e5d05e9f2f443f61eb0da70391788053",
"revCount": 139,
"rev": "f0b40ea6601bf74bdfb4bfeb2e969122b0115ea7",
"revCount": 140,
"type": "git",
"url": "https://git.sr.ht/~canasta/zen-browser-flake"
},

6
flake.nix
View File

@@ -53,11 +53,7 @@
};
authentik = {
url = "github:nix-community/authentik-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
url = "github:nix-community/authentik-nix/version/2025.8.3";
};
flake-compat.url = "github:edolstra/flake-compat";

4
hosts/sobotka/server.nix
View File

@@ -22,6 +22,10 @@
traefik = {
enable = true;
};
headscale = {
enable = true;
port = 8581;
};
tailscale = {
enable = true;
};

4
modules/server/infra/authentik/default.nix
View File

@@ -6,7 +6,7 @@
}: let
unit = "authentik";
cfg = config.server.infra.${unit};
srv = config.server.infra.www.domain;
srv = config.server.infra;
in {
options.server.infra.${unit} = {
enable = lib.mkEnableOption {
@@ -14,7 +14,7 @@ in {
};
url = lib.mkOption {
type = lib.types.str;
default = "auth.${srv.www.domain}";
default = "auth.${srv.www.url}";
};
port = lib.mkOption {
type = lib.types.port;

1
modules/server/infra/default.nix
View File

@@ -2,6 +2,7 @@
imports = [
./authentik
./fail2ban
./headscale
./keepalived
./podman
./postgres

83
modules/server/infra/headscale/default.nix Normal file
View File

@@ -0,0 +1,83 @@
{
config,
lib,
self,
...
}:
with lib; let
cfg = config.server.infra.headscale;
srv = config.server.infra;
in {
options.server.infra.headscale = {
enable = mkEnableOption "Enable headscale server configuration";
url = lib.mkOption {
type = lib.types.str;
default = "hs.${srv.www.url}";
};
port = lib.mkOption {
type = lib.types.port;
description = "The local port the service runs on";
};
};
config = mkIf cfg.enable {
# age.secrets.sobotkaHsAuth.file = "${self}/secrets/sobotkaHsAuth.age";
services = {
headscale = {
enable = true;
port = cfg.port;
settings = {
server_url = "http://${cfg.url}";
prefixes = {
v4 = "100.64.0.0/10";
v6 = "fd7a:115c:a1e0::/48";
allocation = "random";
};
dns = {
magic_dns = true;
base_domain = "ts.cnst.dev";
override_local_dns = true;
nameservers = {
global = [
"192.168.88.1"
"192.168.88.69"
];
split = {
};
};
# oidc = {
# issuer = "https://auth.cnst.dev/oauth2/openid/headscale";
# client_id = "headscale";
# client_secret_path = config.age.secrets.headscaleSecret.path;
# };
};
};
};
traefik = {
dynamicConfigOptions = {
http = {
services = {
auth.loadBalancer.servers = [
{
url = "http://localhost:8581";
}
];
};
routers = {
headscale = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "headscale";
tls.certResolver = "letsencrypt";
};
};
};
};
};
};
};
}

3
nix/nixpkgs/default.nix
View File

@@ -4,5 +4,8 @@
allowUnfree = true;
input-fonts.acceptLicense = true;
};
overlays = [
];
};
}