diff --git a/.sops.yaml b/.sops.yaml index e1991ef..9bb3323 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,6 +12,7 @@ keys: - &host_age_forgejo_actions_runner age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t - &host_age_matrix age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk - &host_age_public_web_static age19s7r8sf7j6zk24x9vumawgxpd2q8epyv7p9qsjntw7v9s3v045mqhmsfp0 + - &host_age_yate age1kxzl00cfa5v926cvtcp0l3fncwh6fgmk8jvpf4swkl4vh3hv9e5qyqsrnt - &host_age_woodpecker age1klxtcr23hers0lh4f5zdd53tyrtg0jud35rhydstyjq9fjymf9hsn2a8ch - &host_age_penpot age10ku5rphtsf2lcxg78za7f2dad5cx5x9urgkce0d7tyqwq2enva9sqf7g8r creation_rules: @@ -93,6 +94,19 @@ creation_rules: age: - *admin_age_lilly - *host_age_penpot + - path_regex: config/hosts/yate/.* + key_groups: + - pgp: + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_c6ristian + age: + - *admin_age_lilly + - *host_age_yate - key_groups: - pgp: - *admin_gpg_jtbx diff --git a/config/hosts/yate/configuration.nix b/config/hosts/yate/configuration.nix new file mode 100644 index 0000000..6b1fa99 --- /dev/null +++ b/config/hosts/yate/configuration.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + networking = { + hostName = "yate"; + domain = "z9.ccchh.net"; + }; + + system.stateVersion = "23.11"; +} diff --git a/config/hosts/yate/default.nix b/config/hosts/yate/default.nix new file mode 100644 index 0000000..66738e8 --- /dev/null +++ b/config/hosts/yate/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + imports = [ + ./configuration.nix + ./networking.nix + ./yate.nix + ./sops.nix + ]; +} diff --git a/config/hosts/yate/networking.nix b/config/hosts/yate/networking.nix new file mode 100644 index 0000000..a06a019 --- /dev/null +++ b/config/hosts/yate/networking.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + networking = { + interfaces.net0 = { + ipv4.addresses = [ + { + address = "10.31.208.12"; + prefixLength = 23; + } + ]; + }; + defaultGateway = "10.31.208.1"; + nameservers = [ + "10.31.210.1" + ]; + }; + + systemd.network.links."10-net0" = { + matchConfig.MACAddress = "BC:24:11:73:3E:F7"; + linkConfig.Name = "net0"; + }; +} diff --git a/config/hosts/yate/secrets.yaml b/config/hosts/yate/secrets.yaml new file mode 100644 index 0000000..d3cb216 --- /dev/null +++ b/config/hosts/yate/secrets.yaml @@ -0,0 +1,148 @@ +git_clone_key: ENC[AES256_GCM,data:Wss8NtyYXOmQ8fYbqKfbGQ+5l+ifNznis9OJ4p2HRPsExOFvgHH60t+D/gsOPTiwL0fEQKQn008Zo7VpIEhKIQM0fW3cd3ED3Tk8QX4hDRxyLl/lql5MlhTm4UMY58rNMBXgA88oR1lozgAa39KMH0MRUoSzrhvecwnAHO+RjZGXBN5zYIorqBVEk5h+1wUGSlV1TroZX9u0cWt11eH59AgKY/oP5mOrgA++E623Oc/DnTxlLbR//lFHW1JPiBSUFMP1ck6fg4PwnADYITgr1B1zdJz1J6jNC+n6S9bKDPnH5bvqmpvJIRmimxR4/R182RkIC+TBhD850cD1y9KSZa0Lh3DZ3LPrqGtZ6MHvpCgY/wPiTUANv6CJPcOAoskaaW57EiFl0ev3Jc3A+XFM6yqQOmmvNXx0hYz6ltlvtsltOcmz5TWooijwTaPS5UEwltYalrT9RNmC/ODkBRkSvuLEBWYwnu8aeo2f/+IxciG0PldDJED2ud6HSkDEXHcPCwodScpnk032Jrc+0qtI,iv:tCo4f5u/y/ZrAfT1N+eUNLy5pKAg/U0xa3cNQmzUgFs=,tag:03HK65hWjYnVzz+7C+HmsA==,type:str] +sops: + age: + - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTeklHTk8wRXZUWDE2bHdV + LzJSVkJMMStpMmlud1VZWjVLUVdLejNXWDFNClM2UjhMaWl5cmxjRHdpakowV2hZ + aVVxMUtoSmdJU2p0MzZORC9XV2U4QTgKLS0tIEM0RUhRTTFBcjNsOVR2Q1A3bEFE + cWNJR1kyQkVMbElBdTkvQlkwWk8yTDgKK8XqGA2Gy7b7dIS4Zas/t8aK8d2qCx5p + cDHyRqqAfMIn9fRmiRGL0VRXCTZcPZ8FcaDx5/CuOgxe4hvNXp9U3Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1kxzl00cfa5v926cvtcp0l3fncwh6fgmk8jvpf4swkl4vh3hv9e5qyqsrnt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd1ZQNytmcTQ0bC8xMlAz + QXlibmhQZGNQQnV3QktoVGtxOHA1eEtnaHdzCnRiMVl0Nll1V2ZibWdkTnBoYnFq + ZXNqUHI3eXMwYkZvZkVEVm1Ld3RFdkkKLS0tIEx5RVc5WGEvdlhUcHVQMXdXcUhS + Y2t3K3Vhckp4VnBwOHQwVjVpYjkxU1kKuvtNN9eHFvBBjZmh/L5yxeU6rRtz7KMy + q/5pLyRVAg/LjXKnFH9SZLbvWyffpfG7U8CUQdBmVIzYhrj/WEKwcQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-08T18:35:07Z" + mac: ENC[AES256_GCM,data:tyrfhBaTKnp1lqSPfkErk1UFoI7v/1az+zl9g3XoZ5Apo3CRixdLUldM9sYXqQT5WNrgO2NyZHqvyQOnFZiJuNhlYFSQbgwFFm3gz45BV8Do7QAhAG7+Q6q/Gz9VAqePQJlmzbfeL5iqJC2jhrcGIutO2cI22QULLkBzVVDg1/w=,iv:ayLonGC1F3vp6bh4pcAps6BvMzrG/yT2rPGAcUQ1Geg=,tag:1fIaRIFrzDTSP+oIUHABgQ==,type:str] + pgp: + - created_at: "2026-02-17T22:22:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAg1t+aqAh+rbcjhyNZha1ovJbcM6FoNr55nmdFZQnqwi5 + sCIct2zE/lQzz770bbkplJaEAM2mQnPEGYJ6hQApF4M8x4HKVWaA68qM/dP2ZQQs + oXysCouuUvypfU+EeZhN6Lke8PapFls+iLidcb8fFh+FHAEe3qOKHfwFamjkxz0T + N7/hCInKHFNeOOq9QpH+2dtpo3+wL0ImwSO/hfnhLc8f9eCgXYQZEArT9mhm4eFp + AWkkN34dZJcRa/n0NcZhMWhEDgepXO86h3vuXSfGRzuj3QEChSgm1paVOv5IWtCP + e9H66PcpBC0v8lnf6sk3uwTORH09rAuSDgEFcFHzdfZAL6c2O0oleMTVXDEQ23Ci + 8/X6N/qZjIJNBQogcRSCQijaYgSeUuMStvizzOK6hRKS/DSMK6Zbw2eM5SHXen0h + GVf8XvenfZF0U4MvzTDYzYnDh/1HA7NvfhRcvHo4TjkCyzuekGaE8WC1JtWA3DQD + IQf2q/7p6Qka+duMeirJcM+c71c7so6EDrlbFPI6A15F/vqtD4VyfmwLJm2YZZ4S + DfKKJHIQDzXh0bqiyNtAQyyo1H9UhJehXOod70Nz6EZkYz3F67Xo2fO/5mCrkRJH + tJEbSz43IHaT1AkB80mEy59+WCrT02mpuwsdsoLvhLokiCNFPHUR/YaWqjwJ5Y7S + XAGF4ku196vpnW9Ce+9rYE1UZ/Uh9xHBqPdc3tnufhKIwAE0UyF+fqFY89iwcMrb + WLcN+Pt7KhWIe2lJ3R8jKbzceTLIpxoHUtXGLutu8XM7tWN/obE61a9iWSTK + =s5xj + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2026-02-17T22:22:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAApGc0RVQyE+NzUrw0yVctMi53dHT0fSC48WhVFuX77r97 + oLcw2/gzVhOGXHfuyPgkis16QBcMaHX4BNfrTonk6sXC/WOPBsRCAZ/h2YazK3Nt + fv/Ve8oNC2kDmCOIn4RwmXVS+QXPp9pgZA2b9wuAlU0SLbYq+t0lgCTZZb3lfL8m + DM5Y1xbXrwGNEqjkxEdU1Secd0oUgTWVwZlmjhnH+1e5tZe5sDLkUP28XBQB0b1j + BgV6dEERl0lxgTPYlcC0LHI+gD7gG3rmzMudJJBZzVomQK/VfKWqV7UuaT4x+ejQ + tVbkGZcjOAmb8A4xXQwkRgCBBS8CmiRGhx/BwJlabEMHW1QBOJB9+PYWD78rgiyY + CdjX4xFE80Wpdh8PDZXAe93m/4DlGKntLR5GVtZrk9VHuDL1CAc40tJkCuvl3Nig + bwapAGdGQnRRLMg0mPLI/isc7PmmBs2M+3m38mhdqjttbFpBrvD6wFPmhWmOw0YR + fiI7QOMOcihoX937S6jVTrUGVLFtR9Esl5LadYQp93le3GjZw6uiANepIwkeaX81 + ZanuDJGJXhvtgLfBByxWiuJxKRkZ1jyOVcbq9BEv/FjgFbxPEKq8vevuEAcSoM0K + PyRrav59UciQ6BUGy8jM7caIu9hZhon9BZA3bWFekXAjWWyfL/2SkIkjyo+B0hvS + XAGvaOrp3aF7mF6XyyxxNC7IjVifnlElFzv594o2fPQdRKGfcLIETADMUaMskrD5 + RSEe4ldP8KQOlmKn2yG/fhQw04D+RdhatWIfszGjQwo84g4SIBOzI8Ut8fsd + =W/jm + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2026-02-17T22:22:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAUr63BpqUMMezyhp+cq1nWfUixaQPB2XZm2ZM6/OfHi4w + 583JukURVqiCDGyMmuMvx1c+7txy3BImR+ZcX54CyLi41pAJYM+t0GCYUX+N1iUh + 0lwBGLwkDC83Go28mRIVf2VJex6MaW9F6scWat/FDn8QLzsL/MpWpTTbOvCM9eF3 + p1MMmqV2s4NkdGaXKhMWoc84CQZgEfvNyzmObPSj558ZIcvdmuu+gxBbm2jJUg== + =pwG7 + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2026-02-17T22:22:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//UrQNdx+LIIf+GLfmG5wCjpa2CSBPRta1AT6JUFSaImwm + d0qDFyTSf96SqnyPFh2GlHuR/s2OZjF92a6EJidq8FDGJWCwlhJIDOD5B5veCPsF + kGB8CqXod7ZD1z19p1h5WiWdSLxYoseDEsnb2SDeONaZjOklNgpWT3dhTjVD2ca0 + 92pp3xHfMHNOMyTzC9f2cLPdfUr7/2sHk5h84wH+4IOoXyACQmbCDQjrDg0FoxUh + KR3Tc4oxrAEhSkipuFjqZceihLx9tb2peZmBUMzLh/N71hAQ6aNav3EIBEKcyy3k + W7M9BS3yX6pBD1FWDdp0l7YlJTNXPDRF/c9Q5CgR7S7Td6/zL/Mm0k6Va6kvjBN8 + slRTiqsjT/W6h6scnihFEcPTKUdmZKx2f/Hj5EE+cM6WfULeIAawJxoWBOoSi6cq + RdlJzpkCqridarADKMy226Isj9QH1qmspL5HIJQ/lBHO7lRx17MvB2JkojYsHxix + LiEEQUdAkmVmV0APLNV4Uh9fkyi9FfDgtzhKBmF/4Hue2ZUCQcsuTzzy2TyF2YZi + pYLJ8dlsSUFIr1ZmzDzf/x/v87GLJuuHjOGVPiA26ipIeR8w3u0yFjf2EFQd7KXm + 3viDYhGBdVfntgfJL5o5VVGeIv95x0ZXlyi2/6r1NL+KZJhiZ4drE5DfrQ9Z6BrS + XAEhAjt4mAGphYPQnygGYxrcGDW18akLE2BXjqnQZlxyt5I3cqubSciz85mlcvXJ + KLaxFI/A8jl+eDlNqhrNvR5E8vPOBi1253IDHLMzsYtAgZ51A3UPN6BBCmSL + =+sro + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2026-02-17T22:22:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//V5CtyaEMACLYe8t4AWFkPOfKnZ6nLDSzYc+AgDdzk0Nn + 8EK6KOT+m0d65Sbqg1D2U+n1/8dyqFB0cnUmSUZzL5iYfQF/Zry2sqncmX5dO4ne + k8ZSc+s1QL7ed5fq0MykOPhopxwF8UWHRMTggPXm1JZ1+QrNXrGveaZq4IS0hjbj + k2TgvFd1svf/xqlWN31wdIuNVtpMaI01gTW0XX4ECVOc7gJz9xTJtzB6imBb3yHN + cRB60rhtbeIx24wJ9yro9HWEaOLaqXyMWFCrH0J4pXFvtKa3iPxZCJpE3YNUnX48 + pGE6ZUleHhAagsDZMabwqsfLZdmJCc+C8fJEIhC+uBS9vtmALGUeKxnkvWbfPAVP + sj6QbVmiyVnK/X4wNguMK+AdTGElvu5yB2ejypD/kCKI1RbVPXqTYS/gY0Vm+OKL + kYKuz7gC72O72pC577usHYeUkptqjYIKD66+N0OkqymkLmdTFsISqmVodmp4WD1I + r1gDGFt2BkHziG2FbnUbYv187q87yvHf61f+P0NWcPV3XnGvd2eHURPhhrhQtOzl + DaPwoTZ4EY042mIC4PoScxs39eSBSFYeO5lXyh+5Vvtcb0lt6aLmXWNkVbq+JEft + tLt9WnBGcdF/gbMWMG+OnFPnzt9YH9ydOXFoP//TbmubNV6rUCd99aKLcPdg7LrS + XAHR9cSMAaq74ZebTw/gt3oBD4Yewwpnna0X8i9xy6VGJz2ja/hWI+gYdlsvyNT4 + bwbmdFbgJtV9NtMP7c5CxlOBbwjmqpy9/syjgieNfMVI7BMbkVm4Tp9P/X87 + =+JD1 + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2026-02-17T22:22:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//Y35T5AgDswhpSVOMPoAToapHzH9rZan5nzqDhfJrVe/A + xxCHoJY1YTRKjG9cAtmYm22oJqWZqmoXUS43KW0jzwNcfKBE06u+3VjVgnkkn+Q9 + ceDUycbqbYsiwBdiYC/2mKjgg4xvbz55ZmOLvjLljlcNXQOHb9XO0ggqX2t50GEh + 4RaieL7d8/MwgC9RLz2i+K6Bqf+W4kjGtBiQF7D4cI+mZbguCZ5AptMKXCFBHQrV + Lu+WKzPTVFmpRnnK0nIrlHa9WV7h5gYnu+qK4O7Jgs8HYiNOtLQJMhuUnos+psDG + y9GzHU7VoGAqYth9Nn8IQE2bdQOde+bTTaPxvLA3coCqTNjw12FyPQ7cppWwn+iK + NuTxdDPj2GIRd32nBONbpFpjdFv0FINOXKJB2HnbjiHz1vBT2sL530TuTuDl4G6n + 3vz0rRb1lOZHiSPNsinz/hkSEQMfwV6AhC/AW/Y6Zsoh89WJMCBSlyc6VmHBHq+y + r0ZWfbGjBciPXbDA2SXgrGN01txTkps4NP6rxaLIgJZpPtmYNhe1JCMvMJcLvVNe + wtChGFj2Hyn6eDkh/JKkvw0RZ9ktWUY448+DYuOpO+KtkO9kQZw0853opVivcmHT + CF/GWzcoSP18HIaCvYmdNyvsQDPgs5g9m5nXp+3AK6oUwmPAbUp4lR81CpxWFh/S + XAErwhIXCJFhsS2C47V4kjy/5wGi6LrcquNGTtYxbVIRzZv+LyCSXNeRHbxlbniD + fUD0Rjr6EDxEe9Apsz01Ko92GRxs3ihRtUBwyNHqJxX6nqX2icpDsEsY8U5o + =t63I + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2026-02-17T22:22:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAU9KcQp4hcBjhmB52+zjDjkNyrzF+vj4B+yWYAwj6dnIw + xp2nTCQJHck8AJgvQbnm79kMvDjWmZ+BKga5Djudq9y0h8pedsWA7F3SC/Pd2bsA + 0lwBmJgvzUo9+lkCVVByyfPOPYgvd3SYFFTvLrYLiuHsoYLsLBKMtURqeDwSGCRJ + eqbE5Ebio0ag+tKKKLtfnvfTZKuyB7kDOu0hdbhQ6+bNHL+Q76c++z1zZl5MTA== + =5Gin + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/config/hosts/yate/sops.nix b/config/hosts/yate/sops.nix new file mode 100644 index 0000000..38b06f9 --- /dev/null +++ b/config/hosts/yate/sops.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + sops = { + defaultSopsFile = ./secrets.yaml; + }; +} \ No newline at end of file diff --git a/config/hosts/yate/yate.nix b/config/hosts/yate/yate.nix new file mode 100644 index 0000000..236e1f0 --- /dev/null +++ b/config/hosts/yate/yate.nix @@ -0,0 +1,78 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = [ + pkgs.yate + pkgs.git + pkgs.tcpdump + pkgs.tmux + ]; + + # Just disable it for now. + networking.firewall.enable = false; + + users = { + users.yate = { + description = "yate service user"; + group = "yate-config"; + isNormalUser = true; + }; + + groups.yate-config = { + members = [ "colmema-deploy" "chaos" "root" "yate"]; + }; + }; + + environment.etc.yate = { + user = "yate"; + group = "yate-config"; + mode = "symlink"; + source = "/var/lib/yate"; + }; + + sops.secrets."git_clone_key" = { + mode = "0600"; + owner = "yate"; + group = "yate-config"; + restartUnits = [ "yate.service" ]; + }; + + systemd.services.yate = { + enable = true; + description = "Yate telehony engine"; + unitConfig = { + After= "network-online.target"; + }; + serviceConfig = { + ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share"; + Type="simple"; + Restart="always"; + User="yate"; + Group="yate-config"; + StateDirectory = "yate"; + StateDirectoryMode = "0775"; + }; + wantedBy = [ "default.target" ]; + requires = [ "network-online.target" ]; + preStart = '' + echo "\n" >> /run/secrets/git_clone_key + sleep 5 + id + echo "$(stat -c '%U' /var/lib/yate/.git) owns /var/lib/yate/.git" + SSH_SUCCESS=1 + ${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0 + if [[ $SSH_SUCCESS = 1 && $(stat -c '%U' /var/lib/yate/.git) == *yate* ]]; then + rm -rf /var/lib/yate/* + rm -rf /var/lib/yate/.* + env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate + ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory "/var/lib/yate" + fi + ''; + reload= '' + id + ${pkgs.git}/bin/git config --global --add safe.directory /var/lib/yate + /usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all + /usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate reset --hard origin/master + ''; + }; +} diff --git a/flake.lock b/flake.lock index 5492a5c..3230d75 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "authorizedKeysRepo": { "flake": false, "locked": { - "lastModified": 1772825482, - "narHash": "sha256-GrmWFDo+lMxzrw85qHAUGQeQl9F/NBWILRWbxJfAtDE=", + "lastModified": 1761076425, + "narHash": "sha256-EMUF17MVENJoX8bmxvWLB0TUPhFqlq0szXT0M7mkwWU=", "ref": "trunk", - "rev": "8b7662703635ff7e80b2ee72ce052201fa86010a", - "revCount": 21, + "rev": "7d9c3a683a50d109ed8fd3f75d090d5403967f7f", + "revCount": 20, "type": "git", "url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys" }, @@ -19,11 +19,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1772822230, - "narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", + "lastModified": 1768621446, + "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", + "rev": "72ac591e737060deab2b86d6952babd1f896d7c5", "type": "github" }, "original": { @@ -35,11 +35,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1772956932, - "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "608d0cadfed240589a7eea422407a547ad626a14", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1772944399, - "narHash": "sha256-xTzsSd3r5HBeufSZ3fszAn0ldfKctvsYG7tT2YJg5gY=", + "lastModified": 1768709255, + "narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c8e69670b316d6788e435a3aa0bda74eb1b82cc0", + "rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3b28ef2..fe0cbdc 100644 --- a/flake.nix +++ b/flake.nix @@ -150,6 +150,16 @@ ]; }; + yate = nixpkgs.lib.nixosSystem { + inherit system specialArgs; + modules = [ + self.nixosModules.common + self.nixosModules.proxmox-vm + sops-nix.nixosModules.sops + ./config/hosts/yate + ]; + }; + mqtt = nixpkgs.lib.nixosSystem { inherit system specialArgs; modules = [