From 0f2922dffd7956eea0202361e3704ab979069d65 Mon Sep 17 00:00:00 2001
From: goeranh <goeranh@goeranh.de>
Date: Fri, 7 Nov 2025 18:04:54 +0100
Subject: [PATCH] fix update script fqdn

---
 flake.nix                                     | 50 +++++++------------
 hosts/{authentik => auth}/authentik.nix       |  7 +++
 hosts/{authentik => auth}/default.nix         |  0
 .../hardware-configuration.nix                |  0
 hosts/{authentik => auth}/hetzner-disk.nix    |  0
 5 files changed, 24 insertions(+), 33 deletions(-)
 rename hosts/{authentik => auth}/authentik.nix (83%)
 rename hosts/{authentik => auth}/default.nix (100%)
 rename hosts/{authentik => auth}/hardware-configuration.nix (100%)
 rename hosts/{authentik => auth}/hetzner-disk.nix (100%)

diff --git a/flake.nix b/flake.nix
index 950fdd9..74abba9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,8 +41,23 @@
             result: name:
             result
             // {
-              "${name}-iso" = nixosConfigurations."${name}-installer".config.system.build.isoImage;
-              "${name}-container" = nixosConfigurations."${name}-container".config.system.build.tarball;
+              "${name}-iso" = (nixosConfigurations."${name}".extendModules {
+                modules = [
+                  "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
+                  {
+                    users.users.administration.password = "test";
+                    users.users.root.password = "test";
+                  }
+                ];
+              }).config.system.build.isoImage;
+              "${name}-container" = (nixosConfigurations."${name}".extendModules {
+                modules = [
+                  "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
+                  {
+                    networking.defaultGateway.interface = "enp1s0";
+                  }
+                ];
+              }).config.system.build.tarball;
               "${name}-update" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "update" ''
               nixos-rebuild switch --flake .#${name} --target-host root@${name}.test.htw.stura-dresden.de
               '';
@@ -79,37 +94,6 @@
               mailserver.nixosModules.mailserver
             ];
           };
-
-          # build iso image vor every config
-          "${input}-installer" = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
-            modules = [
-              ./hosts/${input}
-              ./default.nix
-              disko.nixosModules.disko
-              authentik.nixosModules.default
-              mailserver.nixosModules.mailserver
-              "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
-              {
-                users.users.administration.password = "test";
-                users.users.root.password = "test";
-              }
-            ];
-          };
-          "${input}-container" = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
-            modules = [
-              ./hosts/${input}
-              ./default.nix
-              disko.nixosModules.disko
-              authentik.nixosModules.default
-              mailserver.nixosModules.mailserver
-              "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
-              {
-                networking.defaultGateway.interface = "enp1s0";
-              }
-            ];
-          };
         }
       ) { } (builtins.attrNames (builtins.readDir ./hosts));
     };
diff --git a/hosts/authentik/authentik.nix b/hosts/auth/authentik.nix
similarity index 83%
rename from hosts/authentik/authentik.nix
rename to hosts/auth/authentik.nix
index 5891b18..fa390e4 100644
--- a/hosts/authentik/authentik.nix
+++ b/hosts/auth/authentik.nix
@@ -42,6 +42,13 @@
     };
   };
 
+  systemd.services.authentik-secrets-generator = {
+    enable = true;
+    requiredBy = [ "authentik-secrets-setup.service" "authentik-worker.service" ];
+    script = ''
+      echo "AUTHENTIK_SECRET_KEY=$(${pkgs.openssl}/bin/openssl rand -hex 32)" > /var/lib/authentik_secret
+    '';
+  };
 
   services.nginx = {
     enable = true;
diff --git a/hosts/authentik/default.nix b/hosts/auth/default.nix
similarity index 100%
rename from hosts/authentik/default.nix
rename to hosts/auth/default.nix
diff --git a/hosts/authentik/hardware-configuration.nix b/hosts/auth/hardware-configuration.nix
similarity index 100%
rename from hosts/authentik/hardware-configuration.nix
rename to hosts/auth/hardware-configuration.nix
diff --git a/hosts/authentik/hetzner-disk.nix b/hosts/auth/hetzner-disk.nix
similarity index 100%
rename from hosts/authentik/hetzner-disk.nix
rename to hosts/auth/hetzner-disk.nix