ok

Makefile

@@ -1,16 +1,33 @@
 SHELL:=/usr/bin/env bash
 
 MAKEFLAGS += --no-builtin-rules --no-builtin-variables
-# Consider adding a valid email in an environment variable 
+# Consider adding a valid email in an environment variable TF_VAR_cert_manager_email
 # of your shell profile
-CERT_MANAGER_EMAIL?[email protected]
+TF_VAR_cert_manager_email?[email protected]
+
+UNAME_S := $(shell uname -s)
+
+BUILDER_EXEC:=
+ADD_CERT_CMD:=cp /tmp/pebble-ca.pem /etc/ssl/certs/pebble-ca.pem
+ifeq ($(UNAME_S),Darwin)
+   # set variable for Darwin
+   BUILDER_EXEC:=nix develop .\#builder --extra-experimental-features flakes --extra-experimental-features nix-command --command
+   ADD_CERT_CMD:=sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/pebble-ca.pem
+endif
+
+start:
+	@$(BUILDER_EXEC) echo 'Started required daemons'
 
 init:
 	@echo "Initializing"
 	@terraform -chdir=libvirt init -upgrade
 	@terraform init -upgrade
 
-vm:
+build:
+	@echo "Building VM"
+	@$(BUILDER_EXEC) nix build .#nixosConfigurations.aarch64-darwin.default --system aarch64-linux
+
+vm: start
 	@echo "Creating VM"
 	@terraform -chdir=libvirt apply -auto-approve
 	@ssh zizou@localhost -p 2222 'sudo cat /etc/rancher/k3s/k3s.yaml' > ~/.kube/config
@@ -31,4 +48,4 @@ infra-destroy:
 
 trust-ca:
 	@curl -k https://localhost:15000/intermediates/0 > /tmp/pebble-ca.pem
-	@sudo security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /tmp/pebble-ca.pem
+	@$(ADD_CERT_CMD)

docs/images/archi.mdj

@@ -242,7 +242,7 @@
 											"top": 625,
 											"width": 60.68359375,
 											"height": 13,
-											"text": "ory hydra"
+											"text": "Dex"
 										},
 										{
 											"_type": "LabelView",
@@ -4010,8 +4010,7 @@
 											},
 											"visible": false,
 											"font": "Arial;13;0",
-											"left": -48,
-											"top": 32,
+											"top": -16,
 											"height": 13
 										},
 										{
@@ -4021,8 +4020,8 @@
 												"$ref": "AAAAAAGHR0G4b/iwwNA="
 											},
 											"font": "Arial;13;1",
-											"left": 765,
-											"top": 737,
+											"left": 789,
+											"top": 713,
 											"width": 51.314453125,
 											"height": 13,
 											"text": "tailscale"
@@ -4035,8 +4034,7 @@
 											},
 											"visible": false,
 											"font": "Arial;13;0",
-											"left": -48,
-											"top": 32,
+											"top": -16,
 											"width": 73.67724609375,
 											"height": 13,
 											"text": "(from Model)"
@@ -4049,15 +4047,14 @@
 											},
 											"visible": false,
 											"font": "Arial;13;0",
-											"left": -48,
-											"top": 32,
+											"top": -16,
 											"height": 13,
 											"horizontalAlignment": 1
 										}
 									],
 									"font": "Arial;13;0",
-									"left": 760,
-									"top": 730,
+									"left": 784,
+									"top": 706,
 									"width": 61.314453125,
 									"height": 25,
 									"stereotypeLabel": {
@@ -4084,8 +4081,7 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": -24,
-									"top": 16,
+									"top": -8,
 									"width": 10,
 									"height": 10
 								},
@@ -4100,8 +4096,7 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": -24,
-									"top": 16,
+									"top": -8,
 									"width": 10,
 									"height": 10
 								},
@@ -4116,8 +4111,7 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": -24,
-									"top": 16,
+									"top": -8,
 									"width": 10,
 									"height": 10
 								},
@@ -4132,16 +4126,15 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": -24,
-									"top": 16,
+									"top": -8,
 									"width": 10,
 									"height": 10
 								}
 							],
 							"font": "Arial;13;0",
 							"containerChangeable": true,
-							"left": 760,
-							"top": 720,
+							"left": 784,
+							"top": 696,
 							"width": 71.314453125,
 							"height": 45,
 							"nameCompartment": {
@@ -4981,8 +4974,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 820,
-									"top": 775,
+									"left": 832,
+									"top": 767,
 									"height": 13,
 									"alpha": 1.5707963267948966,
 									"distance": 15,
@@ -5002,8 +4995,8 @@
 									},
 									"visible": null,
 									"font": "Arial;13;0",
-									"left": 834,
-									"top": 771,
+									"left": 847,
+									"top": 767,
 									"height": 13,
 									"alpha": 1.5707963267948966,
 									"distance": 30,
@@ -5023,8 +5016,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 791,
-									"top": 784,
+									"left": 803,
+									"top": 768,
 									"height": 13,
 									"alpha": -1.5707963267948966,
 									"distance": 15,
@@ -5044,8 +5037,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 822,
-									"top": 780,
+									"left": 833,
+									"top": 761,
 									"height": 13,
 									"alpha": 0.5235987755982988,
 									"distance": 30,
@@ -5065,8 +5058,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 835,
-									"top": 779,
+									"left": 846,
+									"top": 763,
 									"height": 13,
 									"alpha": 0.7853981633974483,
 									"distance": 40,
@@ -5086,8 +5079,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 794,
-									"top": 783,
+									"left": 806,
+									"top": 756,
 									"height": 13,
 									"alpha": -0.5235987755982988,
 									"distance": 25,
@@ -5107,8 +5100,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 819,
-									"top": 772,
+									"left": 833,
+									"top": 775,
 									"height": 13,
 									"alpha": -0.5235987755982988,
 									"distance": 30,
@@ -5127,8 +5120,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 832,
-									"top": 766,
+									"left": 846,
+									"top": 773,
 									"height": 13,
 									"alpha": -0.7853981633974483,
 									"distance": 40,
@@ -5147,8 +5140,8 @@
 									},
 									"visible": false,
 									"font": "Arial;13;0",
-									"left": 794,
-									"top": 783,
+									"left": 805,
+									"top": 779,
 									"height": 13,
 									"alpha": 0.5235987755982988,
 									"distance": 25,
@@ -5195,7 +5188,7 @@
 								"$ref": "AAAAAAGHR0G4b/ivmr0="
 							},
 							"lineStyle": 1,
-							"points": "801:765;812:807",
+							"points": "819:741;818:807",
 							"showVisibility": true,
 							"nameLabel": {
 								"$ref": "AAAAAAGHR0wlnOrQ03k="
@@ -6173,7 +6166,7 @@
 					"_parent": {
 						"$ref": "AAAAAAFF+qBWK6M3Z8Y="
 					},
-					"name": "ory hydra",
+					"name": "Dex",
 					"ownedElements": [
 						{
 							"_type": "UMLCommunicationPath",

flake.nix

@@ -117,10 +117,6 @@
       linux = builtins.replaceStrings ["darwin"] ["linux"] system;
       legacyPackages = import inputs.nixpkgs-srvos (nixpkgsDefaults // { inherit system; });
       stableLegacyPackages = import inputs.nixpkgs-stable (nixpkgsDefaults // { inherit system; });
-      # letsEncrypt = import ./nixos/letsencrypt.nix { 
-      #   pkgs = stableLegacyPackages;
-      #   config = import ./nixos/k3s-paas.nix;
-      # };
     in {
       # Re-export `nixpkgs-stable` with overlays.
       # This is handy in combination with setting `nix.registry.my.flake = inputs.self`.
@@ -135,9 +131,6 @@
           system = linux;
           modules = attrValues self.nixosModules;
           format = "qcow";
-          # specialArgs = {
-          #   inherit letsEncrypt;
-          # };
         };
 
         contabo = self.nixosConfigurations.${system}.qcow.override {

k8s/waypoint/main.tf

@@ -37,7 +37,6 @@ resource "kubernetes_manifest" "cert" {
   }
 }
 
-# Install the Helm chart
 resource "helm_release" "waypoint" {
   name       = "waypoint"
   repository = "https://helm.releases.hashicorp.com"

nixos/configuration.nix

@@ -8,8 +8,7 @@
 let dex_hostname = "${config.k3s-paas.dex.http_scheme}://dex.${config.k3s-paas.dns.name}";
   k3sTokenFile = pkgs.writeText "token" config.k3s-paas.k3s.token;
   certManagerYaml = pkgs.writeText "cert-manager" (builtins.readFile ./cert-manager.yaml);
-  letsEncryptCa = with config.k3s-paas.letsencrypt; (if crt != "" then
-    [pkgs.writeText "ca" (builtins.readFile crt)] else []);
+  letsEncryptCa = with config.k3s-paas.letsencrypt; if crt != "" then [crt] else [];
 in {
   imports = [ ./k3s-paas.nix ];
 
@@ -152,7 +151,7 @@ in {
     wait-online.anyInterface = true;
     networks = {
       "10-dhcp" = {
-        matchConfig.Name = "enp*";
+        matchConfig.Name = "eth*";
         networkConfig = {
           DHCP = "ipv4";
           IPv6AcceptRA = true;

nixos/darwin.nix

@@ -24,7 +24,7 @@
       KeepAlive = true;
       RunAtLoad = true;
       ProgramArguments = [ 
-        "${pkgs.libvirt}/bin/libvirtd" "-f" "/etc/libvirt/libvirtd.conf" 
+        "${pkgs.libvirt}/bin/libvirtd" "-f" "/etc/libvirt/libvirtd.conf" "-v"
       ];
       StandardOutPath = "/var/log/libvirt.log";
       StandardErrorPath = "/var/log/libvirt-error.log";
@@ -78,8 +78,7 @@
       externalAccountBindingRequired = false;
     };
   };
-
-  environment.etc.${config.k3s-paas.dns.name}.text = "nameserver ${config.k3s-paas.dns.dest-ip}";
+  environment.etc."resolver/${config.k3s-paas.dns.name}".text = "nameserver ${config.k3s-paas.dns.dest-ip}";
   nix.settings = {
     trusted-users = [ "staff" "admin" "nixbld"];
     keep-derivations = true;

nixos/k3s-paas.nix

@@ -4,8 +4,8 @@
   options.k3s-paas = {
 
     letsencrypt.crt = lib.mkOption {
-      default = "./certs/local.pem";
-      type = lib.types.str;
+      default = ./certs/local.pem;
+      type = lib.types.path;
       description = "Lets encrypt root ca";
     };