rip home-hypervisor

It's an old laptop and he does good work all these years. Well, maybe I can fix it.

machines/NixOS-VPS/default.nix

@@ -20,6 +20,14 @@
     ./services/tor-bridge.nix
     ./services/wireguard.nix
     ./services/xtls.nix
+
+    customProfiles.authentik
+    customProfiles.hoyolab
+    customProfiles.radicale
+    customProfiles.vaultwarden
+    (import customProfiles.headscale {
+      headscale-list = [ ];
+    })
   ];
 
   # Impermanence
@@ -61,6 +69,7 @@
       directories = [
         "/var/lib/nixos"
         "/var/lib/systemd"
+        "/var/lib/postgresql"
       ];
     };
   };
@@ -253,6 +262,10 @@
   networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
   security.unprivilegedUsernsClone = true;
 
-  system.stateVersion = "23.11";
+  nixpkgs.overlays = [
+    inputs.ataraxiasjel-nur.overlays.default
+  ];
+
+  system.stateVersion = "24.05";
   nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
 }

profiles/servers/headscale.nix

@@ -1,4 +1,4 @@
-{ headscale-list ? {} }: { config, lib, inputs, ... }:
+{ headscale-list ? [] }: { config, lib, inputs, ... }:
 let
   domain = "wg.ataraxiadev.com";
 in {
@@ -42,11 +42,11 @@ in {
   };
   systemd.services.headscale = {
     serviceConfig.TimeoutStopSec = 10;
-      after = lib.mkIf config.services.authentik.enable [
+  #   after = lib.mkIf config.services.authentik.enable [
-      "authentik-server.service"
+  #     "authentik-server.service"
-      "authentik-worker.service"
+  #     "authentik-worker.service"
-      "nginx.service"
+  #     "nginx.service"
-    ];
+  #   ];
   };
 
   persist.state.directories = [ "/var/lib/headscale" ];