The podman integration was pretty janky because it relied on running a
pod and the NixOS integration with pods are essentially non-existent.
This led to issues with the port being improperly forwarded when
partially restarted.
Now instead I use a flake dedicated to running authentik. This allows me
to specify some of the config in the module directly and some in
secrets, which is really nice. I've additionally added some changes to
the listen address so that the service isn't exposed over public IP
addresses.
At this point the new Nocix server is working (I'm writing this commit
on that machine) so I can clean up the various experiments and commit to
the more generalized configuration as it stands
This is...a big change. If I run this on the old corp server it will
break a lot, LOT of stuff. So don't do that. This is also the first time
I'm attempting to use disko to fully define a server in a single step
rather than as a bootstrapping step.
This involves renaming the disks because when I rebooted the VM the disk
names changed. I also made the root disk just 50G and put the rest in
/var, as well as formatting and mounting the big rust disk.
This is based on a discussion here:
https://github.com/nix-community/disko/issues/889
Had to do it since the last one didn't even build and was based on a
cobbling of LLM (Claude) assistance, reading example files, and reading
the disko module definition file.
I'm not sure if this will work - I'm running it now - but I want to
commit it so I can see what changes I ended up needing after
establishing a baseline reading through the nixos-anywhere getting
started instructions.
I believe this is caused by having a number of virtual interfaces from
OCI containers and the system wants to see them all online before
considering networkd online
All of this is redundant and defined in other modules, as it should be.
From here we can start building up what makes sync unique rather than
copy-pasting.
