feat: init docs01

keys/default.nix

@@ -16,6 +16,7 @@ rec {
     router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
     roam01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXjzVxYs5v5+7N0tyqpBQERXKjXwTZUqVGkdye4S1LP" ];
     status01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQFCsn/8c46O7JLx0QYdbZsXnS+NYtsgUNHPd2Toksj" ];
+    docs01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeD4rvIsYU0CJ4TCObK5HoZ3ElRHnMVJb7VKppjBch1" ];
   };
 
   _vpnKeys =

machines/dns01/lab.dgnum.eu.nix

@@ -37,6 +37,8 @@ with dns.lib.combinators;
 
     voice = host "129.199.146.105" null;
 
+    docs = host "45.13.104.27" "2a0e:e701:1120:1000:ffff::45.13.104.27";
+
     # Nameservers
     ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
 

machines/docs01/_configuration.nix

@@ -0,0 +1,20 @@
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [
+    # List of modules to enable
+  ];
+
+  enabledServices = [
+    # List of services to enable
+    "docs"
+  ];
+
+  extraConfig = {
+    # TODO : retrieve this address from meta/network.nix
+    deployment.targetHost = "45.13.104.27";
+    deployment.tags = [ "ecoppens" ];
+  };
+
+  root = ./.;
+}

machines/docs01/_hardware-configuration.nix

@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ata_piix"
+        "uhci_hcd"
+        "virtio_pci"
+        "virtio_scsi"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/7578b47e-5782-4c0b-844b-ca9954aaa372";
+      fsType = "xfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/C23D-ABF9";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

machines/docs01/docs.nix

@@ -0,0 +1,88 @@
+{
+  sources,
+  config,
+  ...
+}:
+let
+  domain = "docs.lab.dgnum.eu";
+in
+{
+  imports = [ "${sources.docs}/nix/module.nix" ];
+
+  nixpkgs.overlays = [
+    (import "${sources.docs}/nix/overlay.nix")
+    (self: prev: {
+      docs-frontend = prev.docs-frontend.overrideAttrs {
+        src = self.fetchFromGitHub {
+          owner = "suitenumerique";
+          repo = "docs";
+          rev = "d150e4d7b8d3d37c8a0915a5c235706782e56949";
+          hash = "sha256-NniYe0wwxgh4biAWFGKEw8DQFq3ztxZkteJNwEyH2sI=";
+        };
+      };
+    })
+  ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.docs = {
+    enable = true;
+    enableNginx = true;
+    database.createLocally = true;
+    redis.createLocally = true;
+    s3 = {
+      url = "https://s3.dgnum.eu";
+      accessKeyIDPath = config.age.secrets."docs-s3_app_key".path;
+      secretAccessKeyPath = config.age.secrets."docs-s3_secret_key".path;
+    };
+    oidc.clientSecretPath = config.age.secrets."docs-oidc_secret_key".path;
+    collaborationServer = {
+      serverSecretPath = config.age.secrets."docs-collaboration_key".path;
+      yproviderApiKeyPath = config.age.secrets."docs-yprovider_key".path;
+    };
+    secretKeyPath = config.age.secrets."docs-key".path;
+
+    inherit domain;
+
+    config = {
+      DJANGO_ALLOWED_HOSTS = "127.0.0.1,localhost,${domain}";
+      OIDC_OP_JWKS_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/dgn_docs/public_key.jwk";
+      OIDC_OP_AUTHORIZATION_ENDPOINT = "https://sso.dgnum.eu/ui/oauth2";
+      OIDC_OP_TOKEN_ENDPOINT = "https://sso.dgnum.eu/oauth2/token";
+      OIDC_OP_USER_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/dgn_docs/userinfo";
+      OIDC_RP_CLIENT_ID = "dgn_docs";
+      OIDC_RP_SIGN_ALGO = "ES256";
+      OIDC_RP_SCOPES = "openid email profile";
+
+      LOGIN_REDIRECT_URL = "https://${domain}";
+      LOGIN_REDIRECT_URL_FAILURE = "https://${domain}";
+      LOGOUT_REDIRECT_URL = "https://${domain}";
+      LOGIN_URL = "https://sso.dgnum.eu";
+
+      AWS_S3_ENDPOINT_URL = "https://s3.dgnum.eu";
+      AWS_STORAGE_BUCKET_NAME = "docs";
+      MEDIA_BASE_URL = "https://${domain}";
+    };
+
+    collaborationServer.config = {
+      COLLABORATION_SERVER_ORIGIN = "https://${domain}";
+    };
+  };
+
+  age.secrets = {
+    "docs-s3_app_key".owner = "docs";
+    "docs-s3_secret_key".owner = "docs";
+    "docs-oidc_secret_key".owner = "docs";
+    "docs-collaboration_key".owner = "docs";
+    "docs-yprovider_key".owner = "docs";
+    "docs-key".owner = "docs";
+  };
+}

machines/docs01/secrets/docs-key

@@ -0,0 +1,39 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA lcfyZLOO0ugPXaQfMg9hpUaHaxCM76fAu9iPpBK1Fn4
+c5gCsLbMzUL3Hz2IDZ3FyM6cfdIwPYTPVtGDtUK8Kgw
+-> ssh-ed25519 QlRB9Q fX/a2seKTGJcrK7SEZJpsl/AKiQKgeB3px1830FSs2A
+VmcX1ewAD6Bk3SjwPDjqEZ3tXF3p7/CEMlBiJamTNvE
+-> ssh-ed25519 r+nK/Q AZ0ekKowSV6KeOFQi1e9ylc5mq/xAf7VsC1gLPTU4lk
+zbYGF6a9DNQsIDLJsmlcyLRzLsFMO7YNroVOJpin6nc
+-> ssh-rsa krWCLQ
+rEDBVrZ4LbSLeulbwyXRlskGxRbHQbtAzIp6DxVXzhzpphQ042q2VxqMvIPqxFId
+iFRW1CegrVPQXuP6mQVUNFgaXuWPVPgIDHTZ6xoZEIUjumgV1i69mLrbicAj6tU4
+/i2SignzqV+kEQHh7VoLmW7DjH5bFIsn1QrcdiAgfzIdne7KVOV5w0cCZOlXdMu4
+zzg/jymh06fiYymmyAprzeCqEb66lmQck3i8z+Jtr0HwUhXibI5Yr9K6vxEe71m0
+zqNVy4LkIAGN4OlnaSbVNHc5cNPEWfagfFRXXmnKYOWo5WyW6iU+KiVyEI9rc/9o
+xAVMfu/ri1Gb3+T73WS7CQ
+-> ssh-ed25519 /vwQcQ Tmen21Uovss1TLRKfrAP9oNbd3TrslQz5a7njitqpD0
+Fd5//nBD8RbPU+uz3iEGzz1chYKtuLVUX4UpLktOPsM
+-> ssh-ed25519 0R97PA xsQ5lVmIv1UaM40CJFlXblI+Ff68F6PdlZXoFPu1/wg
+p1JrF8Vha8tw/vnX8tfgzD9ugW2+5t7ch8EmKzKhut0
+-> ssh-ed25519 JGx7Ng h8tAi1VPSmqHzI6rwobgDMBwqSrZmYZm+kwDnllJgBU
+/CUva6ZBN0lFoGxv7RS23qgpwXq+JsV3Qy4Ap3au0o4
+-> ssh-ed25519 bUjjig O6oCGvN3Zqqvpavg/tLOUM5KLAzgdK+urfpY83pp1VA
+AXGDrecelPdgduooONnFaGGf6khKdsI9EUNyZ7ZTGdI
+-> ssh-ed25519 5SY7Kg DeSP9ffPX2Br2Tln1pO7owvI2uDu1oOJuglyzfkkykk
+QPe/OX0ujdT4RE9CG3Tlq9+rOvOVVQFW1mAWLtcRV6o
+-> ssh-ed25519 p/Mg4Q 5V9xEyjvb9W5IZZtrropTDsFeL2riVB6FX8V0nOE0UI
+chYl3ZrJWO/LUrIDlcacylua/f3MP1iO4sSohcweqUU
+-> ssh-ed25519 5rrg4g hDWUXz0OPA/g9QEZM6JBntmJevsovVitxYEsPdsktks
+iV9ui8FqxYXK/CpWd8iHQ7kagFWSTOhe/DGic2r6+5o
+-> ssh-ed25519 oRtTqQ l00UFfqLQf511a2mWu9vL5TXLttaUZ8usWWHjIJP/iE
+gUxbZX8t8DwBDXuVZTunfiR/ket/OBlb3+3uxCRG5cY
+-> ssh-ed25519 F2C+8w bI0d5qm25ulja0y6SIlUyIRGATbEoEbmvZgFyqNKmxo
+SAU9odv9R91u9W6z2JVQ6LF2pbN1cDFnPlGUoGMb7vs
+-> ssh-ed25519 39LASw DW6kj1SuFhCP4Uc4QIcfqzw71pWmBNnxZCGa7qC9Mzs
+QTUJbFKhhS2a4ktEaXw58UzNPsBsVlmfvmGX75ELSz8
+-> Y"y-grease 6k dy
+RGfoyCr2hIQcOeCPG/hE7L7xGyRdGI1J9HX1OSFUpJbN6/td34dmAuM29xOW+vuZ
+f+YofRhDK0jsBVa4AithX6H2ngT61VarfNyn8le9+f6J
+--- oEFfu0N7MkUxy5BAkukxrk8r2vrznXzsa5lAbeUrhw4
+~>åAÄâ…?ó—hïbÛŽX"Z·ñê%¾ŒD3BÔÄ,J.09>Ëðt%ƒÈ_z2=+~4<>·ùþ#ãKLçgÆ­

machines/docs01/secrets/docs-oidc_secret_key

@@ -0,0 +1,39 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA qVle6nO6pj7h9Mz5M2IBRsvi7ie1Mk6kc2WvVeXohQY
+SelP6Dw3kb0htatC7rbOgW0Qbd7xKJdFNj8xJDM3APM
+-> ssh-ed25519 QlRB9Q IbLzbyEbV3pq6WA/WNVdotutZO/BfhpyPXAYHzvTNT8
+ajW8rovXvWXXQprHf6ErbHUOtZG5CGDUNJYngGBa8Ig
+-> ssh-ed25519 r+nK/Q AdYFWo1G+v9C9a8KiKYVai0PntlCmLU2u7S5Vn2dolQ
+qyPRCBq3rOi1P4/wmf6Rlwzl/PlHE0+jnF0PPt5/9UE
+-> ssh-rsa krWCLQ
+S1Gxl8ztv+qsZPedToLjOGamNfDEfqD8uTf5yXefiJ9aPJnoHVfpFPjaElAJQ8ab
+1VH4SfjAXDvflcD2bVefRYP5GStZ77C20Fn1mv3sWTgwXL4t7gKtAMGeE4RS2sR2
+oCrGuiRMiOrYGwnmPhIZgX7JNAPHSOt1VTgEUl7euSUsp5YuV68Iud24UHvv7MQq
+tOfWoKz/5FiDWZihiW2sH/y8oU28iWVr0shMA/Gam45S3ya5jwjk1Z+SkP9Z+fC/
+KztEHiJkQdkZWNA7w6A3qywrOJaBDVpR0GBn2pf+UfyiQa3C2g3sZSzEqfOqaeWm
+UD0E+esEBs+rhxGjBTwixw
+-> ssh-ed25519 /vwQcQ 1Kk+k3ND8sKUr/u4twF7Jsu2AZ46NGoshyUDD5I7RSc
+LkJ98rL5QxFl7tfDS84U4eIB88Qf+KTuZVR4w/I+HrY
+-> ssh-ed25519 0R97PA 9dgd0Jgq6WbeZypUSwtnb4deHZwktXwk55TlegSDIwU
+waGv3xizKT9kYNc/GO7AgpncdbrrKi1q+er1p/uTVDM
+-> ssh-ed25519 JGx7Ng BCzEyoYC32jE25m5PJTopWhCfK1aroCrlZBT7t7aOls
+Aw4e0CBk7UarfN86HMYm3VMItONFrGH+XKo3a79DpC4
+-> ssh-ed25519 bUjjig 0RrGm8Jb38OEfVCPLvCRP1ViFxRVcQekdj6vXCvffkM
+ub7PHjeQWD/uLbskYUr2kwFeUyrSuyfiWUgq3ruZsrg
+-> ssh-ed25519 5SY7Kg VKVTlQS6XjX9KVi9Xl9LxoGZinqxA1Pq92qi79lrtwA
+CE8HYG0pRMV76CJh3bGRrDBIQSrJ2/AzKodpsTN14Lo
+-> ssh-ed25519 p/Mg4Q lZBTxAYaUuoHigs89FWdA6T1ZdzrbG4KgZO6fybx83Q
+KuOHLV+sJNxEGA7aM8H58EJy4w1lnBTrUdQMO5ZPxI8
+-> ssh-ed25519 5rrg4g gys8zm63qSCBscuq0b9CCHEuKh8Kj6PCOkxDJpKh8mw
+5VBuCeG2NlIwpuK1wgj6ry3ej0k3jVfTSAYBoQy828o
+-> ssh-ed25519 oRtTqQ irjqciaK/QCTPTVQl41M7GB9W885PTnyfKbppvm/3FU
+h3x0H/J7pMsHA+iHLTBbD5co0NgqVCCNP+gfZ/XVcFY
+-> ssh-ed25519 F2C+8w KiO9m/HI4Y4JVXLSofxeayl4Cqcrb3LsCN4vgDNcHQY
+59cRixpciR5nxjbM0mmd1yBLoWX91GgbN3ZWKFwrHdY
+-> ssh-ed25519 39LASw 3RomaUCbDssT3ADv/iOO0qMLBfKhOeI3WKvbSk6D1gQ
+KVk9qgnp2+iC9uG+R9HaXA3y486NeSG2M0RD2xm+DOM
+-> b.T8T"G-grease
+0Iiypk5El1YE6hdWraRHxS1NlZRO9uCEOgekZas2/l+RxwWDA5gcL+pMQBh19v8
+--- A7nxW0wIfI5PLXSfcFMQo89WFAEvPs7aPGWWYZOwMOI
+p¹
+ePÅø6_ÕÄ…å)ÖÄ5ñŠ7#ÔÔ-98Ó§¤xa
[¸\tòó†ÛÈr%õ×ûúi[}”<>Ø8NØ?èË®Ÿ„"Ó}²ÚŒ<aÊ<61>

machines/docs01/secrets/docs-s3_app_key

@@ -0,0 +1,38 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA pNqj5O/WB/7YqKcp2CyziqKJTzQYeIGJvBr3KjPmTDY
+iRng4atiVJ1mPIl9JI3ZF8F/SJSwa1C9x0oW17w4v/Q
+-> ssh-ed25519 QlRB9Q wH5VIY0LQEliXlc5iZLyDCxOa5XhIHtcUilsq0Bjvkk
+6lpVqr8p1Aq8QtS92vlJzdZNXrz2aKPnjVkWOVc+p6M
+-> ssh-ed25519 r+nK/Q 8ByPv0yVqzDOK5PIKOszouTl8E5ongJ++MdNDn9cYFc
+wlbB1l0GxGOZTzePHZO5ANkhuMxcz5ylxvJJU5uoOzo
+-> ssh-rsa krWCLQ
+E5R2tum+2IDngx/XCnebuulQ/8UWEMTTAGvE6w7w/uJou+5ZVk2t5vHoL0Zt3ChV
+DJ7DEfQbXN59G01JiyzJY83DvrqwPuRwvpSiHqPLmCKY6a68rm1ouKwMKX8gfDZf
+vrY5tSvwIZcPHVxY3IQe+fmCyyczCApGO33ZbwgldInw2gzB8cvAt2rOwUjXWg5F
+L1MPqeyano59GdzigL04K66mmIq1Lo8BEOg7EnhlcVCjGEd+JDM1tTMKTH2aOESR
+C0YhIbC+n09uI8ubYGKTwTn9DPsh3OYQAhFQWHBfUq3halCwmt8lDM6qlQWWQT4z
+YJ1mP92aMRxEfOEzW4saIg
+-> ssh-ed25519 /vwQcQ NgmzU9+SvwiFgBFf4Cx9KN1b4pqlNAwQCIzolvanMj8
+Cu4mHTJAOlmYe11cMuO74Yiz+ppWajGXzr//aS1mTRI
+-> ssh-ed25519 0R97PA CLIgE651LdRKi+RI3EPSYb4qiD2uaCmjlL7pftJDI3k
+cQu+pudlBSYXPeDFxxRgoU0qYnKF4ZDfAgjxYqL7jak
+-> ssh-ed25519 JGx7Ng RCpBt8xVv9irvbi+58MTHsO0JFq0dr4JuY5DgAhclRo
+LbZaRFLrU6avwZtzWBv4sJQWmKEce5TcqEXzl1JS7rA
+-> ssh-ed25519 bUjjig CbX2WuGWCng3wS8D7XZH3LoV1XcKLaWqGXuETTAWK3w
+/lMtrZZIrNSJeHunTZUlXMSQ3BlgE30OWbUQSU56tPs
+-> ssh-ed25519 5SY7Kg PWMr9/GY9M3DPj9HErmishPF+GuDt2auHXKFeIUQ60Y
+eCUYgBtGEM/i0GigD5LVHEmBEpk5lpVXeHuHr4Z12zM
+-> ssh-ed25519 p/Mg4Q TqXsYMic40Z2YQwwBpcaCTgVPb3cNNOZ9sihPYm67Bg
+nnLg8INQAyjYKCzn+B8kTE5T3f8cNOHi7wzjuP2m07M
+-> ssh-ed25519 5rrg4g d1v83Pm5E9nQ8P8HkisBLJ0hYGYofgUQLTdRHBpPxRQ
+TaKYR8iACHoGV8XVXh2NS581ezd/C/6aEzANAL3peAs
+-> ssh-ed25519 oRtTqQ qja3pJBRoNuZd4y+NECrwS4oBU+JU8AvnDnAJIqxZhU
+FwFAc62nXxauL4/UcPqplBAgfumJmE42y157vJUku74
+-> ssh-ed25519 F2C+8w nVeenbcPfzxCA8YVFt1n1ivB2IfkPl3gkmfoojRT3zQ
+InUPBhsAukEtIWHpjBclT6sLMuzDSKnHd841qKsg5aI
+-> ssh-ed25519 39LASw TuZEDrHcrxd+AwhEawj6tadil3H715hWhlldzvhwA2s
+q0kqUujaQ4FdEn4EZ9WkTWaptTwPCNvHQQEPsNJQy2o
+-> cnq>|K"#-grease b)F `5_xUWh @}r>+Uj \D5I
+QB+LEjzEpJhkKTVygUFekQm3o36BKKOrpmEmrJR4QG/hX9okOCtbr4s
+--- tb4txDlj++z+Axkw4FBuBX1ZQY8T1jmm2T076/djS+s
+öလÁò£ë)W©ºê’;üF™˜xH"§‹­*2Ðßž¿]F=êS	—¤{·4H^S÷úsH.Øx

machines/docs01/secrets/docs-yprovider_key

@@ -0,0 +1,38 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA aw2E2T+81akmpuX7/TxIxoh3SwculA/kdbY2Ei2Pc0E
+Lv+2pfmhtIX4ZBOidprSgdKQY19RhsMOF7YUiygof4w
+-> ssh-ed25519 QlRB9Q ZHcVUz6jgvw8yEAk/h7rOvnzPuEgLzhwfevKIfIqYDM
+uY3SmchVTunHOETsT0iz58EdPyPB8UnQykA5IIRuPQU
+-> ssh-ed25519 r+nK/Q HVwS3ZBv1kS7r4KDPzvtOVAjd1FivnALq4PALkO0w28
+hj71WIc5FWdaUqgOT1ztHDc1K4d27kk6lB6tamGqptc
+-> ssh-rsa krWCLQ
+2ia2/rnbF0gkBDh9TXzFLYbphiurRHr/D0sEhzXsP2RNe9j6plQUQbKlJOU7G+vs
+mqoR4UbAh27RpERVtCRL9X3Xd/CZBQdG2EdlUWUpefyusJKas8xP2PUP5R0M+Lao
+Oa/6MKJCVZ++6KQ+4020CKwjZFP50gR3+nWPnvNSuPCYoYlnZl1s58O4WxtrXa//
+N+giPpc/83dFL3dfj71RtLy7Ka3aC2ng+uTOrL7tSLUfogTjEQdLT8n+MUqDRai4
+YbrePEJyzdoPeaBB7DnRZYPzcC0Iz6/RFf/fasF2c8g/LZpMNV9IviYT+asOg5sn
+WPZtIX77m46fpR1k0mUpbQ
+-> ssh-ed25519 /vwQcQ JDgg/d1Z+QEKKq5kwzEiIcFE7bL9bx+mlMS+AcrzrCw
+2MlZF8/SuuGKnCnO3GHSSjOC2hU/ZeQvmbR75gu6doQ
+-> ssh-ed25519 0R97PA ee2V4Krhzj3WxAV7Cqw9AjYB2cVWhyxcdcTITfiETVA
+zoEkEthLeDhs0cgS10JcKiUbvdj8yTCMx/CKGhMe2wQ
+-> ssh-ed25519 JGx7Ng MeyzKfgEfBrtfWKMjeJXdr571X9MUkDz2UOcH/OYTFQ
+fXm+ZdlbruIWhOodaYQf3YJKVlPIccUqDHNrRQfn9no
+-> ssh-ed25519 bUjjig 8D+vMNjVg6tYwHpWR9fPmU7Gwet2d3ecxYKNu5Bb1k8
+kuT3ibWp7FEWE47zby4ktU9NovKb8hfYKsiCfgqaM0w
+-> ssh-ed25519 5SY7Kg +ZmSRAhV4DlLNgswfip1KuWmt2gS+yV6jDeptOiGWjU
+httmnqnHRWhvVNE1Zu9RjnUlX/hp+LhcUr7OqY909pM
+-> ssh-ed25519 p/Mg4Q 8fcpH5oOlTGXXCoUvBqgQ7xeM4dHsLyPcHwpXZjFy3M
++4vBisBhfD0Bt1XnBcwEWM5OsEXRol1pzBSYE0UZmao
+-> ssh-ed25519 5rrg4g zCjPRmNa8N6dkL3sBGOZjF0sf3dP2hTrN8rQ0Z8XRFc
+iMxAZd76Tb+ry6zdBg9fgyNYkWE1Iynb8cSi0qS1CJU
+-> ssh-ed25519 oRtTqQ C2bii0Giq1JrdYG6ev/PqHJUgPPgE6oc4/LU8E6ocT8
++e7OIHmIpa+oa/YTbJhxEZw3u3lPjRxer/RiV6/kU0c
+-> ssh-ed25519 F2C+8w 1ZLEAvStkna8gWu1c5n0WGoEM6XuhIb7ikyflaIn9lQ
+tfgKGB8s5PgPlwpC/R708nLigLE0gNnzGgJnAE1N10U
+-> ssh-ed25519 39LASw 9XiJkHy8EoBtfBNPF5gx7P7N+PBcjHM9IpVgEVW6gSY
+dpR3k7srsJ63DY/EdFKCe5pujccPAyg/x4epMOMqTdA
+-> *$$T-grease V Mr8p-a tNm[x+S B
+faM6Ks37YJ9yp2lGmgk1zfZAq4H19Q8vT/jLqcWzlz1y
+--- e2g6vYNY8cxYyHTsEyismqzsZNtIHZvEvKYjUS8ekoo
+pŠì1©’Rƒ
èá"¾&LÏ‹Æì°“XΊÕ]|d¢‡uBì*jö‘¬›µ!øXóÓ(¿*hyµþðFc%ró´ë

machines/docs01/secrets/secrets.nix

@@ -0,0 +1,9 @@
+(import ../../../keys).mkSecrets [ "docs01" ] [
+  # List of secrets for docs01
+  "docs-key"
+  "docs-collaboration_key"
+  "docs-oidc_secret_key"
+  "docs-s3_app_key"
+  "docs-s3_secret_key"
+  "docs-yprovider_key"
+]

meta/network.nix

@@ -51,6 +51,32 @@ in
 
     hostId = "1758233d";
   };
+
+  docs01 = {
+    interfaces = {
+      ens18 = {
+        ipv6 = [
+          {
+            address = "2a0e:e701:1120:1000:ffff::45.13.104.27";
+            prefixLength = 64;
+          }
+        ];
+
+        ipv4 = [
+          {
+            address = "45.13.104.27";
+            prefixLength = 32;
+          }
+        ];
+
+        gateways = [ "2a0e:e701:1120:1000::1" ];
+        dns = [ "2a0e:e701:1120:1000::f:1" ];
+      };
+    };
+
+    hostId = "d7f81314";
+  };
+
   homebox01 = {
     interfaces = {
       ens18 = {

meta/nodes.nix

@@ -48,6 +48,15 @@ in
     stateVersion = "24.05";
     nixpkgs = "24.05";
   };
+  docs01 = {
+    site = "pav01";
+
+    # TODO:
+    hashedPassword = "$y$j9T$7GuBXxLj.5cx830lyi6oa1$Cj1XMWNPW4GYEVy6RE2r3DsYjSMC/Njsk5VrnZfDw90";
+
+    stateVersion = "24.11";
+    nixpkgs = "unstable";
+  };
   krz01 = {
     site = "pav01";
 

npins/sources.json

@@ -45,6 +45,18 @@
       "url": "https://api.github.com/repos/nix-community/dns.nix/tarball/v1.2.0",
       "hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90"
     },
+    "docs": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "soyouzpanda",
+        "repo": "docs"
+      },
+      "branch": "feat/add-nix-package",
+      "revision": "6e4ab6935e151262b4117fb0ffb446551e4aa045",
+      "url": "https://github.com/soyouzpanda/docs/archive/6e4ab6935e151262b4117fb0ffb446551e4aa045.tar.gz",
+      "hash": "1j5v88zb1haxim64f03whvk8wc5sx2lx3bi65d1lpk26avbnxpki"
+    },
     "git-hooks": {
       "type": "Git",
       "repository": {
@@ -183,8 +195,8 @@
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre709559.5083ec887760/nixexprs.tar.xz",
-      "hash": "1z912j1lmrg8zp2hpmmi69dls9zlpvqfvdkvh5xc3x6iqkqwn0cd"
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre785333.ebe4301cbd8f/nixexprs.tar.xz",
+      "hash": "16z7hjabd181i08hgg82y7777v5iv87g3y4md6zvx4i4c49ph4hw"
     },
     "proxmox-nixos": {
       "type": "Git",