From 9871d8c0db026cd9910803e69be611a56a3e0542 Mon Sep 17 00:00:00 2001
From: soyouzpanda <soyouzpanda@soyouzpanda.fr>
Date: Sun, 20 Apr 2025 18:55:37 +0200
Subject: [PATCH] feat: init docs01

---
 keys/default.nix                              |   1 +
 machines/dns01/lab.dgnum.eu.nix               |   2 +
 machines/docs01/_configuration.nix            |  20 ++++
 machines/docs01/_hardware-configuration.nix   |  57 ++++++++++++
 machines/docs01/docs.nix                      |  88 ++++++++++++++++++
 .../docs01/secrets/docs-collaboration_key     | Bin 0 -> 2062 bytes
 machines/docs01/secrets/docs-key              |  39 ++++++++
 machines/docs01/secrets/docs-oidc_secret_key  |  39 ++++++++
 machines/docs01/secrets/docs-s3_app_key       |  38 ++++++++
 machines/docs01/secrets/docs-s3_secret_key    | Bin 0 -> 2063 bytes
 machines/docs01/secrets/docs-yprovider_key    |  38 ++++++++
 machines/docs01/secrets/secrets.nix           |   9 ++
 meta/network.nix                              |  26 ++++++
 meta/nodes.nix                                |   9 ++
 npins/sources.json                            |  16 +++-
 15 files changed, 380 insertions(+), 2 deletions(-)
 create mode 100644 machines/docs01/_configuration.nix
 create mode 100644 machines/docs01/_hardware-configuration.nix
 create mode 100644 machines/docs01/docs.nix
 create mode 100644 machines/docs01/secrets/docs-collaboration_key
 create mode 100644 machines/docs01/secrets/docs-key
 create mode 100644 machines/docs01/secrets/docs-oidc_secret_key
 create mode 100644 machines/docs01/secrets/docs-s3_app_key
 create mode 100644 machines/docs01/secrets/docs-s3_secret_key
 create mode 100644 machines/docs01/secrets/docs-yprovider_key
 create mode 100644 machines/docs01/secrets/secrets.nix

diff --git a/keys/default.nix b/keys/default.nix
index 9ffdd6f..5607721 100644
--- a/keys/default.nix
+++ b/keys/default.nix
@@ -16,6 +16,7 @@ rec {
     router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
     roam01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXjzVxYs5v5+7N0tyqpBQERXKjXwTZUqVGkdye4S1LP" ];
     status01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQFCsn/8c46O7JLx0QYdbZsXnS+NYtsgUNHPd2Toksj" ];
+    docs01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeD4rvIsYU0CJ4TCObK5HoZ3ElRHnMVJb7VKppjBch1" ];
   };
 
   _vpnKeys =
diff --git a/machines/dns01/lab.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix
index 23b2f94..0a9d7e4 100644
--- a/machines/dns01/lab.dgnum.eu.nix
+++ b/machines/dns01/lab.dgnum.eu.nix
@@ -37,6 +37,8 @@ with dns.lib.combinators;
 
     voice = host "129.199.146.105" null;
 
+    docs = host "45.13.104.27" "2a0e:e701:1120:1000:ffff::45.13.104.27";
+
     # Nameservers
     ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
 
diff --git a/machines/docs01/_configuration.nix b/machines/docs01/_configuration.nix
new file mode 100644
index 0000000..ca548b2
--- /dev/null
+++ b/machines/docs01/_configuration.nix
@@ -0,0 +1,20 @@
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [
+    # List of modules to enable
+  ];
+
+  enabledServices = [
+    # List of services to enable
+    "docs"
+  ];
+
+  extraConfig = {
+    # TODO : retrieve this address from meta/network.nix
+    deployment.targetHost = "45.13.104.27";
+    deployment.tags = [ "ecoppens" ];
+  };
+
+  root = ./.;
+}
diff --git a/machines/docs01/_hardware-configuration.nix b/machines/docs01/_hardware-configuration.nix
new file mode 100644
index 0000000..876f3cf
--- /dev/null
+++ b/machines/docs01/_hardware-configuration.nix
@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by â€˜nixos-generate-configâ€™
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ata_piix"
+        "uhci_hcd"
+        "virtio_pci"
+        "virtio_scsi"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/7578b47e-5782-4c0b-844b-ca9954aaa372";
+      fsType = "xfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/C23D-ABF9";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/machines/docs01/docs.nix b/machines/docs01/docs.nix
new file mode 100644
index 0000000..0f0fec5
--- /dev/null
+++ b/machines/docs01/docs.nix
@@ -0,0 +1,88 @@
+{
+  sources,
+  config,
+  ...
+}:
+let
+  domain = "docs.lab.dgnum.eu";
+in
+{
+  imports = [ "${sources.docs}/nix/module.nix" ];
+
+  nixpkgs.overlays = [
+    (import "${sources.docs}/nix/overlay.nix")
+    (self: prev: {
+      docs-frontend = prev.docs-frontend.overrideAttrs {
+        src = self.fetchFromGitHub {
+          owner = "suitenumerique";
+          repo = "docs";
+          rev = "d150e4d7b8d3d37c8a0915a5c235706782e56949";
+          hash = "sha256-NniYe0wwxgh4biAWFGKEw8DQFq3ztxZkteJNwEyH2sI=";
+        };
+      };
+    })
+  ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.docs = {
+    enable = true;
+    enableNginx = true;
+    database.createLocally = true;
+    redis.createLocally = true;
+    s3 = {
+      url = "https://s3.dgnum.eu";
+      accessKeyIDPath = config.age.secrets."docs-s3_app_key".path;
+      secretAccessKeyPath = config.age.secrets."docs-s3_secret_key".path;
+    };
+    oidc.clientSecretPath = config.age.secrets."docs-oidc_secret_key".path;
+    collaborationServer = {
+      serverSecretPath = config.age.secrets."docs-collaboration_key".path;
+      yproviderApiKeyPath = config.age.secrets."docs-yprovider_key".path;
+    };
+    secretKeyPath = config.age.secrets."docs-key".path;
+
+    inherit domain;
+
+    config = {
+      DJANGO_ALLOWED_HOSTS = "127.0.0.1,localhost,${domain}";
+      OIDC_OP_JWKS_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/dgn_docs/public_key.jwk";
+      OIDC_OP_AUTHORIZATION_ENDPOINT = "https://sso.dgnum.eu/ui/oauth2";
+      OIDC_OP_TOKEN_ENDPOINT = "https://sso.dgnum.eu/oauth2/token";
+      OIDC_OP_USER_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/dgn_docs/userinfo";
+      OIDC_RP_CLIENT_ID = "dgn_docs";
+      OIDC_RP_SIGN_ALGO = "ES256";
+      OIDC_RP_SCOPES = "openid email profile";
+
+      LOGIN_REDIRECT_URL = "https://${domain}";
+      LOGIN_REDIRECT_URL_FAILURE = "https://${domain}";
+      LOGOUT_REDIRECT_URL = "https://${domain}";
+      LOGIN_URL = "https://sso.dgnum.eu";
+
+      AWS_S3_ENDPOINT_URL = "https://s3.dgnum.eu";
+      AWS_STORAGE_BUCKET_NAME = "docs";
+      MEDIA_BASE_URL = "https://${domain}";
+    };
+
+    collaborationServer.config = {
+      COLLABORATION_SERVER_ORIGIN = "https://${domain}";
+    };
+  };
+
+  age.secrets = {
+    "docs-s3_app_key".owner = "docs";
+    "docs-s3_secret_key".owner = "docs";
+    "docs-oidc_secret_key".owner = "docs";
+    "docs-collaboration_key".owner = "docs";
+    "docs-yprovider_key".owner = "docs";
+    "docs-key".owner = "docs";
+  };
+}
diff --git a/machines/docs01/secrets/docs-collaboration_key b/machines/docs01/secrets/docs-collaboration_key
new file mode 100644
index 0000000000000000000000000000000000000000..ae2bfdbe6c71cf14ff9f4765b18012641b364558
GIT binary patch
literal 2062
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7@{C9ea8$6UD)ZCU
zE-TBbv@kO9D@xLLa!E;XD|Yd9anB2j3@x|NE-<e24=uKEGT`#?bn-C@OEot4GfB^I
z4vjR(56=uJ_e(9v&&;lL3^nm6%C4x)sHk$U$VRs<Fek{#GEkv3*TStN(%m>DtkN~a
zIVCNp#MnP0C%3%B&0jk>N<X7AIK?uz$UoTFEs!h2)YUV;!l%mLBcv=P%E{3;F(foS
zyCBCSrMTF%Fhjd6AkC-JJGjy;BN^ScBJDhH{Xm7t#5AW24|BsjZJ+Rh{7PS+d>4}x
z1ILmKvj9V1UqiEyimF5>r_=(E^mHy$)1X}6R4<>P3iGUTuhPUQ&wz~LB9D@?w7im(
zs1V=EO8q>2$K>3=ELWIqMa78<*+t>bK7m{z>CP@5g#oE~;pxSu-i1z;nI-O(6>fpq
zdD_VqDTYp2h2ACkRTj>P=DvOz>4v7BW$yZADefMAzMdflp{b@^!C_wR+C~2UC6T^v
z&N;@VrXk_}fmyCDhMoobS?OiLRR;bBo`K~qPNjvJKG{*J<(B^0CKhSt=_RS2RUttY
zT-ljH=|z>n+Qns2!Fhfa!7gsjhM|rjo{6r3`9^L*`oZa5<yGN6#(}|p0U4<!{^rI>
z<v!Z_mc^CDzP@2O5nLAGL0+yADVF6K=7FKbB^Jivnff6au2E*?nPF8SCguTNA=-uh
ze!dYA<tFZthQ`Us$<AipnPmYXZi(i8=A~RoX{o_xjwuBxX6`<r=1%S*f#F7B1yxaH
zE{<85h91R1Wri7!#Q~n?CIz{Lg?>31IVq7&PLZY_-no8-+HQedrO9qlg}%W~Wl?6v
zQNc-35#<&kmgTU}hNWBmvhu*>K!yC05>KPF49}AM%o6v)vb4aUvdR({|CGprwA`#v
zSJQxOZ}ZIjTu)EuaxQImH+Sz0xA5e&q9S)+FLS3fUnhg2l&k`u$im>T;>r}Cs*(cd
z;PfcBVszUKf-KDg92H7E3bI}ODvUx>$}Q8h9W&F7vQvV5O3R&ty#p$WlS@mJGXjmP
zq8yzJ(z)Ezi_Ib<JuNKV3KBE(0xi=cbD~UBT@0gqLj%gpD?`moiY*hpBAt^9BhhX1
za<4G=OIOfNO3TeHuP}FVb$3pw^!E#MbI#5)3NFena5N7x3HLEe4Au`wtSE7gFyQhv
zPmMD2wDk702=s6Y^A4;mPxtjIFwHK@a}PK5C~=D{^fQbKEp$ou#>kUNp;=j(=?WE&
z?p1-wB}KlKK0ZMu7TV@sDV~8ruDL-W*}hr98IhscQ8~%J$pP6p>0GJK?yga}-g&7e
zr2+0iRemY@SvijGrGXXxzWSx!A%?*|p}rZBNv7H%Cg^@M4URPTPFHX<DlI7wG07=(
zH%>P4GRiAWGKvT^NK6aUPR}s*O)rit3h@gsHnEJzjpTASDlZB0F*A-za@Eg{N=z!R
zN-C%*aLh9@vJ6i#a?Q_j&hpnz@yLww#E7>7ecyDGK!voFsFL9F+)$$=ZNI?0LjRI5
zOBX{Y*Blq;><DkmVxOD>M_<Fx5(C$AM=qlPqfmpu^z7pDJmVrG4|juXL$~Zi=akHX
zituD}7k_`ld=vkoV&f!pPYk~m6{VY`E9jS|1cq9;xTLyx<yA(cJ5_mvm%4|$6{h5x
zlxCYamwH;d7-twIW%`FEb9tA0<Y&8EmIs=r8m0tRCgz8Sm^)<|q-7>m`Gy#I8~9k3
zIeM2QrI}dxqT7}qR1#7cs1T)X=xJDy?c`+X?By3^VeaPWnx^eoo|#%!P?~S)5t1Ka
ztnXBmo|{@3%9ZMsq8(+NS?*bql#`re<QouRZWI}sl3khY>|Sc=qi^BjW#pBb6=_rz
zh;Eykk+Zf%xk8zVuSu?_pSF92QKYYLah{=fXk=wxZd7<)aZzqsm~*OUkh8O&UutD~
zGFPEtYKdWTgjY_HXJTq%cCeFcabT`-iAhv&l2M>zikV+{W@K89zrMQ{hHb`{K90fV
z3Pnj?UP)dhW=U20!Oj8N?kQy%iM~k%1x|+9#TBMinW>>cmMN7HMUe){T&Wf&=23Z$
z+DV}~sijeQfsWY~CMAiE!HyngA!XT-Srq}<#idT>j@sV&Aip^}gzBajr6v}qDyU_1
zIhSR4dX@wfN1CRGXPFe}XLvYOcsm9chGx1K6}u%DnTC0lSEeP0S(>?|M&uNxl!XO2
zITx22R7O<f2S)nlaz&X0WO`_q<)!C1TLv2yX8Pv3MdkTd7PuSa==*wxWCvJS1Ulvw
zn_B9Z6`Ol&r*Y}(>MBI|7UesZX_utCI~Jum2Ds+AdzMD|_*SImh7{*!8)f<gXNQ{Q
zxfJ?)lym+0I{kf5@^po5KkS59`+HfUlx6>~J+<e+vr}nnvz@1LXG92vSiYJ(|HuNt
brJ4Jj7%KH8Zi*P`HT<;HG>Co79;F5VRL7wb

literal 0
HcmV?d00001

diff --git a/machines/docs01/secrets/docs-key b/machines/docs01/secrets/docs-key
new file mode 100644
index 0000000..313384b
--- /dev/null
+++ b/machines/docs01/secrets/docs-key
@@ -0,0 +1,39 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA lcfyZLOO0ugPXaQfMg9hpUaHaxCM76fAu9iPpBK1Fn4
+c5gCsLbMzUL3Hz2IDZ3FyM6cfdIwPYTPVtGDtUK8Kgw
+-> ssh-ed25519 QlRB9Q fX/a2seKTGJcrK7SEZJpsl/AKiQKgeB3px1830FSs2A
+VmcX1ewAD6Bk3SjwPDjqEZ3tXF3p7/CEMlBiJamTNvE
+-> ssh-ed25519 r+nK/Q AZ0ekKowSV6KeOFQi1e9ylc5mq/xAf7VsC1gLPTU4lk
+zbYGF6a9DNQsIDLJsmlcyLRzLsFMO7YNroVOJpin6nc
+-> ssh-rsa krWCLQ
+rEDBVrZ4LbSLeulbwyXRlskGxRbHQbtAzIp6DxVXzhzpphQ042q2VxqMvIPqxFId
+iFRW1CegrVPQXuP6mQVUNFgaXuWPVPgIDHTZ6xoZEIUjumgV1i69mLrbicAj6tU4
+/i2SignzqV+kEQHh7VoLmW7DjH5bFIsn1QrcdiAgfzIdne7KVOV5w0cCZOlXdMu4
+zzg/jymh06fiYymmyAprzeCqEb66lmQck3i8z+Jtr0HwUhXibI5Yr9K6vxEe71m0
+zqNVy4LkIAGN4OlnaSbVNHc5cNPEWfagfFRXXmnKYOWo5WyW6iU+KiVyEI9rc/9o
+xAVMfu/ri1Gb3+T73WS7CQ
+-> ssh-ed25519 /vwQcQ Tmen21Uovss1TLRKfrAP9oNbd3TrslQz5a7njitqpD0
+Fd5//nBD8RbPU+uz3iEGzz1chYKtuLVUX4UpLktOPsM
+-> ssh-ed25519 0R97PA xsQ5lVmIv1UaM40CJFlXblI+Ff68F6PdlZXoFPu1/wg
+p1JrF8Vha8tw/vnX8tfgzD9ugW2+5t7ch8EmKzKhut0
+-> ssh-ed25519 JGx7Ng h8tAi1VPSmqHzI6rwobgDMBwqSrZmYZm+kwDnllJgBU
+/CUva6ZBN0lFoGxv7RS23qgpwXq+JsV3Qy4Ap3au0o4
+-> ssh-ed25519 bUjjig O6oCGvN3Zqqvpavg/tLOUM5KLAzgdK+urfpY83pp1VA
+AXGDrecelPdgduooONnFaGGf6khKdsI9EUNyZ7ZTGdI
+-> ssh-ed25519 5SY7Kg DeSP9ffPX2Br2Tln1pO7owvI2uDu1oOJuglyzfkkykk
+QPe/OX0ujdT4RE9CG3Tlq9+rOvOVVQFW1mAWLtcRV6o
+-> ssh-ed25519 p/Mg4Q 5V9xEyjvb9W5IZZtrropTDsFeL2riVB6FX8V0nOE0UI
+chYl3ZrJWO/LUrIDlcacylua/f3MP1iO4sSohcweqUU
+-> ssh-ed25519 5rrg4g hDWUXz0OPA/g9QEZM6JBntmJevsovVitxYEsPdsktks
+iV9ui8FqxYXK/CpWd8iHQ7kagFWSTOhe/DGic2r6+5o
+-> ssh-ed25519 oRtTqQ l00UFfqLQf511a2mWu9vL5TXLttaUZ8usWWHjIJP/iE
+gUxbZX8t8DwBDXuVZTunfiR/ket/OBlb3+3uxCRG5cY
+-> ssh-ed25519 F2C+8w bI0d5qm25ulja0y6SIlUyIRGATbEoEbmvZgFyqNKmxo
+SAU9odv9R91u9W6z2JVQ6LF2pbN1cDFnPlGUoGMb7vs
+-> ssh-ed25519 39LASw DW6kj1SuFhCP4Uc4QIcfqzw71pWmBNnxZCGa7qC9Mzs
+QTUJbFKhhS2a4ktEaXw58UzNPsBsVlmfvmGX75ELSz8
+-> Y"y-grease 6k dy
+RGfoyCr2hIQcOeCPG/hE7L7xGyRdGI1J9HX1OSFUpJbN6/td34dmAuM29xOW+vuZ
+f+YofRhDK0jsBVa4AithX6H2ngT61VarfNyn8le9+f6J
+--- oEFfu0N7MkUxy5BAkukxrk8r2vrznXzsa5lAbeUrhw4
+~>åAÄâ…?ó—hïbÛŽX"Z·ñê%¾ŒD3BÔÄ,J.09>Ëðt%ƒÈ_z2=+~4·ùþ#ãKLçgÆ­
\ No newline at end of file
diff --git a/machines/docs01/secrets/docs-oidc_secret_key b/machines/docs01/secrets/docs-oidc_secret_key
new file mode 100644
index 0000000..ecbfda4
--- /dev/null
+++ b/machines/docs01/secrets/docs-oidc_secret_key
@@ -0,0 +1,39 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA qVle6nO6pj7h9Mz5M2IBRsvi7ie1Mk6kc2WvVeXohQY
+SelP6Dw3kb0htatC7rbOgW0Qbd7xKJdFNj8xJDM3APM
+-> ssh-ed25519 QlRB9Q IbLzbyEbV3pq6WA/WNVdotutZO/BfhpyPXAYHzvTNT8
+ajW8rovXvWXXQprHf6ErbHUOtZG5CGDUNJYngGBa8Ig
+-> ssh-ed25519 r+nK/Q AdYFWo1G+v9C9a8KiKYVai0PntlCmLU2u7S5Vn2dolQ
+qyPRCBq3rOi1P4/wmf6Rlwzl/PlHE0+jnF0PPt5/9UE
+-> ssh-rsa krWCLQ
+S1Gxl8ztv+qsZPedToLjOGamNfDEfqD8uTf5yXefiJ9aPJnoHVfpFPjaElAJQ8ab
+1VH4SfjAXDvflcD2bVefRYP5GStZ77C20Fn1mv3sWTgwXL4t7gKtAMGeE4RS2sR2
+oCrGuiRMiOrYGwnmPhIZgX7JNAPHSOt1VTgEUl7euSUsp5YuV68Iud24UHvv7MQq
+tOfWoKz/5FiDWZihiW2sH/y8oU28iWVr0shMA/Gam45S3ya5jwjk1Z+SkP9Z+fC/
+KztEHiJkQdkZWNA7w6A3qywrOJaBDVpR0GBn2pf+UfyiQa3C2g3sZSzEqfOqaeWm
+UD0E+esEBs+rhxGjBTwixw
+-> ssh-ed25519 /vwQcQ 1Kk+k3ND8sKUr/u4twF7Jsu2AZ46NGoshyUDD5I7RSc
+LkJ98rL5QxFl7tfDS84U4eIB88Qf+KTuZVR4w/I+HrY
+-> ssh-ed25519 0R97PA 9dgd0Jgq6WbeZypUSwtnb4deHZwktXwk55TlegSDIwU
+waGv3xizKT9kYNc/GO7AgpncdbrrKi1q+er1p/uTVDM
+-> ssh-ed25519 JGx7Ng BCzEyoYC32jE25m5PJTopWhCfK1aroCrlZBT7t7aOls
+Aw4e0CBk7UarfN86HMYm3VMItONFrGH+XKo3a79DpC4
+-> ssh-ed25519 bUjjig 0RrGm8Jb38OEfVCPLvCRP1ViFxRVcQekdj6vXCvffkM
+ub7PHjeQWD/uLbskYUr2kwFeUyrSuyfiWUgq3ruZsrg
+-> ssh-ed25519 5SY7Kg VKVTlQS6XjX9KVi9Xl9LxoGZinqxA1Pq92qi79lrtwA
+CE8HYG0pRMV76CJh3bGRrDBIQSrJ2/AzKodpsTN14Lo
+-> ssh-ed25519 p/Mg4Q lZBTxAYaUuoHigs89FWdA6T1ZdzrbG4KgZO6fybx83Q
+KuOHLV+sJNxEGA7aM8H58EJy4w1lnBTrUdQMO5ZPxI8
+-> ssh-ed25519 5rrg4g gys8zm63qSCBscuq0b9CCHEuKh8Kj6PCOkxDJpKh8mw
+5VBuCeG2NlIwpuK1wgj6ry3ej0k3jVfTSAYBoQy828o
+-> ssh-ed25519 oRtTqQ irjqciaK/QCTPTVQl41M7GB9W885PTnyfKbppvm/3FU
+h3x0H/J7pMsHA+iHLTBbD5co0NgqVCCNP+gfZ/XVcFY
+-> ssh-ed25519 F2C+8w KiO9m/HI4Y4JVXLSofxeayl4Cqcrb3LsCN4vgDNcHQY
+59cRixpciR5nxjbM0mmd1yBLoWX91GgbN3ZWKFwrHdY
+-> ssh-ed25519 39LASw 3RomaUCbDssT3ADv/iOO0qMLBfKhOeI3WKvbSk6D1gQ
+KVk9qgnp2+iC9uG+R9HaXA3y486NeSG2M0RD2xm+DOM
+-> b.T8T"G-grease
+0Iiypk5El1YE6hdWraRHxS1NlZRO9uCEOgekZas2/l+RxwWDA5gcL+pMQBh19v8
+--- A7nxW0wIfI5PLXSfcFMQo89WFAEvPs7aPGWWYZOwMOI
+p¹
+ePÅø6_ÕÄ…å)ÖÄ5ñŠ7#ÔÔ-98Ó§¤xa[¸\tòó†ÛÈr%õ×ûúi[}”Ø8NØ?èË®Ÿ„"Ó}²ÚŒ<aÊ
\ No newline at end of file
diff --git a/machines/docs01/secrets/docs-s3_app_key b/machines/docs01/secrets/docs-s3_app_key
new file mode 100644
index 0000000..2457a16
--- /dev/null
+++ b/machines/docs01/secrets/docs-s3_app_key
@@ -0,0 +1,38 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA pNqj5O/WB/7YqKcp2CyziqKJTzQYeIGJvBr3KjPmTDY
+iRng4atiVJ1mPIl9JI3ZF8F/SJSwa1C9x0oW17w4v/Q
+-> ssh-ed25519 QlRB9Q wH5VIY0LQEliXlc5iZLyDCxOa5XhIHtcUilsq0Bjvkk
+6lpVqr8p1Aq8QtS92vlJzdZNXrz2aKPnjVkWOVc+p6M
+-> ssh-ed25519 r+nK/Q 8ByPv0yVqzDOK5PIKOszouTl8E5ongJ++MdNDn9cYFc
+wlbB1l0GxGOZTzePHZO5ANkhuMxcz5ylxvJJU5uoOzo
+-> ssh-rsa krWCLQ
+E5R2tum+2IDngx/XCnebuulQ/8UWEMTTAGvE6w7w/uJou+5ZVk2t5vHoL0Zt3ChV
+DJ7DEfQbXN59G01JiyzJY83DvrqwPuRwvpSiHqPLmCKY6a68rm1ouKwMKX8gfDZf
+vrY5tSvwIZcPHVxY3IQe+fmCyyczCApGO33ZbwgldInw2gzB8cvAt2rOwUjXWg5F
+L1MPqeyano59GdzigL04K66mmIq1Lo8BEOg7EnhlcVCjGEd+JDM1tTMKTH2aOESR
+C0YhIbC+n09uI8ubYGKTwTn9DPsh3OYQAhFQWHBfUq3halCwmt8lDM6qlQWWQT4z
+YJ1mP92aMRxEfOEzW4saIg
+-> ssh-ed25519 /vwQcQ NgmzU9+SvwiFgBFf4Cx9KN1b4pqlNAwQCIzolvanMj8
+Cu4mHTJAOlmYe11cMuO74Yiz+ppWajGXzr//aS1mTRI
+-> ssh-ed25519 0R97PA CLIgE651LdRKi+RI3EPSYb4qiD2uaCmjlL7pftJDI3k
+cQu+pudlBSYXPeDFxxRgoU0qYnKF4ZDfAgjxYqL7jak
+-> ssh-ed25519 JGx7Ng RCpBt8xVv9irvbi+58MTHsO0JFq0dr4JuY5DgAhclRo
+LbZaRFLrU6avwZtzWBv4sJQWmKEce5TcqEXzl1JS7rA
+-> ssh-ed25519 bUjjig CbX2WuGWCng3wS8D7XZH3LoV1XcKLaWqGXuETTAWK3w
+/lMtrZZIrNSJeHunTZUlXMSQ3BlgE30OWbUQSU56tPs
+-> ssh-ed25519 5SY7Kg PWMr9/GY9M3DPj9HErmishPF+GuDt2auHXKFeIUQ60Y
+eCUYgBtGEM/i0GigD5LVHEmBEpk5lpVXeHuHr4Z12zM
+-> ssh-ed25519 p/Mg4Q TqXsYMic40Z2YQwwBpcaCTgVPb3cNNOZ9sihPYm67Bg
+nnLg8INQAyjYKCzn+B8kTE5T3f8cNOHi7wzjuP2m07M
+-> ssh-ed25519 5rrg4g d1v83Pm5E9nQ8P8HkisBLJ0hYGYofgUQLTdRHBpPxRQ
+TaKYR8iACHoGV8XVXh2NS581ezd/C/6aEzANAL3peAs
+-> ssh-ed25519 oRtTqQ qja3pJBRoNuZd4y+NECrwS4oBU+JU8AvnDnAJIqxZhU
+FwFAc62nXxauL4/UcPqplBAgfumJmE42y157vJUku74
+-> ssh-ed25519 F2C+8w nVeenbcPfzxCA8YVFt1n1ivB2IfkPl3gkmfoojRT3zQ
+InUPBhsAukEtIWHpjBclT6sLMuzDSKnHd841qKsg5aI
+-> ssh-ed25519 39LASw TuZEDrHcrxd+AwhEawj6tadil3H715hWhlldzvhwA2s
+q0kqUujaQ4FdEn4EZ9WkTWaptTwPCNvHQQEPsNJQy2o
+-> cnq>|K"#-grease b)F `5_xUWh @}r>+Uj \D5I
+QB+LEjzEpJhkKTVygUFekQm3o36BKKOrpmEmrJR4QG/hX9okOCtbr4s
+--- tb4txDlj++z+Axkw4FBuBX1ZQY8T1jmm2T076/djS+s
+öá€œÁò£ë)W©ºê’;üF™˜xH"§‹­*2ÐßžÂ¿]F=êS	—¤{·4H^S÷úsH.Øx
\ No newline at end of file
diff --git a/machines/docs01/secrets/docs-s3_secret_key b/machines/docs01/secrets/docs-s3_secret_key
new file mode 100644
index 0000000000000000000000000000000000000000..9cd9f8faa7b73c54d1af5e7695c16d225a0cb418
GIT binary patch
literal 2063
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7@{C9ea8%IFGcYLe
zGbt|4@`-Y?3=FQ)4#@Cw@h;1a%FijTbaD!Cb1&D=Nb+^7bmY<wt@O352+(&5(NFeG
zGD{Ar@+`9`&-G2ROs=TN4+u6iHp}(RaPcrKOGdXXFek{#GEl+5yg0<oFgedJtE$L2
zBseJFJUOE%(6h+Y#V^Y_yr|ebJlw+ED8n(;DUi#^+&tAQJh8ASII|*G-!r@@GtJ03
zIoK~XGQ}_1G~7QVSvxVwuPQ&=uo&I8BJDhH{Xm6CgMt+A#E7ht4D%fAf+`c2Tt{<r
z%ap84Peb1j_w20jLf^E!f|Mlx+-$BOmw+Ode3x{SQ0=sQi^|9hi^yz!k07ryldQ;4
zqsWYM$CMnu>;TU~^KzJNMa78<*+t>bK7m}G$vIit{;4LZX0B!0=DtQjA$iFaUP&qG
zM!8<)#ueImp%zA&DIuk<LBT0emToDIA%2ws?wQ%%`dN-fQMsX9k)dft#ja^?sTCeR
zQQp3$QND)eZhqPxITfbm;iiU}#Z_faUOtgQ;fWq024TsjrEYl!Ua6_h2BuN@{$|0!
zT;*l%1y0#c7S2Uwfrb`YSx$+0eyPFvVZnx$W@*_);URf`-o_;sPL`3yrD@(J*#Rzj
zp@kXQSz#9XUX=#ksayg2xxw0gWd)wemPHoE{+X^NK2C0#;TBo>9xkDYS&>!QA(n2Q
zxn*9)g`vSo#ZjqVjzMYeNoA$lZbm+N0ft-!UPYPt2B8&^S;gLl29d6LRZ+zjmTtab
z=~=<XS!TY5Zo!^Went5yMG+weNiN>bq1oR0p&8o7L1_hLLH=o6iNVPRWmTDxCPiMZ
zmPzHQCFQAse(A8#hNWBmvhu*>K!s3kXG_n(^oV?Y?KBgk6eCxUz)GVu*OI8D@W7~C
z|Bzy*5=+m>jQqshbS|Gn#~hCU%fK9W=i(q!k1~tovMS%uT!Y|<kYIzzpt7=T@0^I7
z{KWh~jC5-dWN9AYsE}(CVVb9(92Oc@7*VR7TN)N_S&^R_nV0G5UzBZ8P?YN%>FOQq
z@9v*t!WEPjlIl`i7MPapWR&S!?&zPF>uyr+<PjWfR+Z%zX=d!?VUQFUoR*Oti0(Hp
z_X=~rbOpbH;9|2>$3%U1x3s)MZ+}apLhr1!^4v17>?kMid?SneY>%Syz<ej?K(4?l
z)4T{{=fX4}-%zKDLf=duSC_OvOV{#L=djZBlJwFlQ~we(L$54vjF3zU&C1G5S1@(W
zcMi17HmoXkFG)=+3eGGv$%;ye%q%zYO7%6!&`xwu4b#`xcXusM<}x<PEKD!b_A55@
zH%@g8%W@AjwJdbX@{P1K*7gVu3Qx22$Tux1H8*uNK=+$zaHP3+x`LTuMoNZfN?N{K
zil0YBWL8#5M1YsOo12kGMukO5fP0m<S(K4~MtF9f1(#2GK}AG>bEda%s6l#Yc7BD4
zL7tbJe~M$2cDPGuW^q=QS4u=uwzr#SKDuoM`o8HVfeI16NhaFm>7H&miT?VAdHQ~3
z7WvthB{{womWhcTr5OdT!7jeR8R?d8zFgY*hB;Y=CIwZF?xlV~27X~_<!MDu!37?E
zxxx9NiD5?Od9J2LK5oT6p6Irj78RwNq$}iwSR@yC2Y8hlxm4tbMkRS9J9+t4m6(_0
zX6L&b1_n6lTShthIC+_d8gN-e1UVU|dYTqwnuey7CMTr_8n_1OCtI4Am4)gD=%<<&
zlmzAlmlPHoW7w7-R1#7cs9+LomX%?kpYQMO6YOYM7M5h7pHrAyk>q5MWEA3T7UoiA
z8J_7_oEhq2!IkV>VParZ7OI~dYT@nclphtGT$tfi>SFFw;1nDf7?|VZu3Zx4>y>1L
zQI@(HIcr;#D+Gju1seqz6eLHulskEcMwl6gr@A>NmHL!Br$suK7r1D9cqJ8t2Ycq2
zaFtdCrW&LMyBCxg1iKiygqXRyIlGl4nPz7>8kKl?rx)jCyF>;jJNx8g<N#w!AIIQw
z1z(@AU?=@Rv)nKPe;<7}Q|&BApDZIMlkzglbi+XH;{04!FN0jeWE1y5uJWwVGRFWz
zeV-^pLv635^3<f#P^YlaD&Gvx9KWI@Z}0So?8Kbl;-YYHnzZ-T@p8~Bi_lFkN=+<I
z<#H}6EXyb@OK~eo@=f#9_NYqpG|(>$axBQns0go0k4y?kHmpiF^)^j4^zu(~361gy
zHVI6%NYhU)bSkXUFW~YEC`z*^aZ1h&^(sqCE$7nJ)m3ozDl^YZu_&xCN^?m!@zk$y
zEOL!X3QWyO3-tD>bkferardn9$jmHoE$8Ae?+H%t<YnKm<H@DW2MnA1cC|lQvVBuV
zd4<WL8%-X()^nPU917|w>pFk6_fx{^CnEmq&*b_2DcOHB^YfHvN7t^XdLZ+6=X1A<
e*;Ymeg<CIOSf9G*ahu1C<3@=|RcYH#odW=SN2lii

literal 0
HcmV?d00001

diff --git a/machines/docs01/secrets/docs-yprovider_key b/machines/docs01/secrets/docs-yprovider_key
new file mode 100644
index 0000000..5fb6e0c
--- /dev/null
+++ b/machines/docs01/secrets/docs-yprovider_key
@@ -0,0 +1,38 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA aw2E2T+81akmpuX7/TxIxoh3SwculA/kdbY2Ei2Pc0E
+Lv+2pfmhtIX4ZBOidprSgdKQY19RhsMOF7YUiygof4w
+-> ssh-ed25519 QlRB9Q ZHcVUz6jgvw8yEAk/h7rOvnzPuEgLzhwfevKIfIqYDM
+uY3SmchVTunHOETsT0iz58EdPyPB8UnQykA5IIRuPQU
+-> ssh-ed25519 r+nK/Q HVwS3ZBv1kS7r4KDPzvtOVAjd1FivnALq4PALkO0w28
+hj71WIc5FWdaUqgOT1ztHDc1K4d27kk6lB6tamGqptc
+-> ssh-rsa krWCLQ
+2ia2/rnbF0gkBDh9TXzFLYbphiurRHr/D0sEhzXsP2RNe9j6plQUQbKlJOU7G+vs
+mqoR4UbAh27RpERVtCRL9X3Xd/CZBQdG2EdlUWUpefyusJKas8xP2PUP5R0M+Lao
+Oa/6MKJCVZ++6KQ+4020CKwjZFP50gR3+nWPnvNSuPCYoYlnZl1s58O4WxtrXa//
+N+giPpc/83dFL3dfj71RtLy7Ka3aC2ng+uTOrL7tSLUfogTjEQdLT8n+MUqDRai4
+YbrePEJyzdoPeaBB7DnRZYPzcC0Iz6/RFf/fasF2c8g/LZpMNV9IviYT+asOg5sn
+WPZtIX77m46fpR1k0mUpbQ
+-> ssh-ed25519 /vwQcQ JDgg/d1Z+QEKKq5kwzEiIcFE7bL9bx+mlMS+AcrzrCw
+2MlZF8/SuuGKnCnO3GHSSjOC2hU/ZeQvmbR75gu6doQ
+-> ssh-ed25519 0R97PA ee2V4Krhzj3WxAV7Cqw9AjYB2cVWhyxcdcTITfiETVA
+zoEkEthLeDhs0cgS10JcKiUbvdj8yTCMx/CKGhMe2wQ
+-> ssh-ed25519 JGx7Ng MeyzKfgEfBrtfWKMjeJXdr571X9MUkDz2UOcH/OYTFQ
+fXm+ZdlbruIWhOodaYQf3YJKVlPIccUqDHNrRQfn9no
+-> ssh-ed25519 bUjjig 8D+vMNjVg6tYwHpWR9fPmU7Gwet2d3ecxYKNu5Bb1k8
+kuT3ibWp7FEWE47zby4ktU9NovKb8hfYKsiCfgqaM0w
+-> ssh-ed25519 5SY7Kg +ZmSRAhV4DlLNgswfip1KuWmt2gS+yV6jDeptOiGWjU
+httmnqnHRWhvVNE1Zu9RjnUlX/hp+LhcUr7OqY909pM
+-> ssh-ed25519 p/Mg4Q 8fcpH5oOlTGXXCoUvBqgQ7xeM4dHsLyPcHwpXZjFy3M
++4vBisBhfD0Bt1XnBcwEWM5OsEXRol1pzBSYE0UZmao
+-> ssh-ed25519 5rrg4g zCjPRmNa8N6dkL3sBGOZjF0sf3dP2hTrN8rQ0Z8XRFc
+iMxAZd76Tb+ry6zdBg9fgyNYkWE1Iynb8cSi0qS1CJU
+-> ssh-ed25519 oRtTqQ C2bii0Giq1JrdYG6ev/PqHJUgPPgE6oc4/LU8E6ocT8
++e7OIHmIpa+oa/YTbJhxEZw3u3lPjRxer/RiV6/kU0c
+-> ssh-ed25519 F2C+8w 1ZLEAvStkna8gWu1c5n0WGoEM6XuhIb7ikyflaIn9lQ
+tfgKGB8s5PgPlwpC/R708nLigLE0gNnzGgJnAE1N10U
+-> ssh-ed25519 39LASw 9XiJkHy8EoBtfBNPF5gx7P7N+PBcjHM9IpVgEVW6gSY
+dpR3k7srsJ63DY/EdFKCe5pujccPAyg/x4epMOMqTdA
+-> *$$T-grease V Mr8p-a tNm[x+S B
+faM6Ks37YJ9yp2lGmgk1zfZAq4H19Q8vT/jLqcWzlz1y
+--- e2g6vYNY8cxYyHTsEyismqzsZNtIHZvEvKYjUS8ekoo
+pŠì1©’Rƒèá"¾&LÏ‹Æì°“XÎŠÕ]|d¢‡uBì*jö‘¬›µ!øXóÓ(¿*hyµþðFc%ró´ë
\ No newline at end of file
diff --git a/machines/docs01/secrets/secrets.nix b/machines/docs01/secrets/secrets.nix
new file mode 100644
index 0000000..a057973
--- /dev/null
+++ b/machines/docs01/secrets/secrets.nix
@@ -0,0 +1,9 @@
+(import ../../../keys).mkSecrets [ "docs01" ] [
+  # List of secrets for docs01
+  "docs-key"
+  "docs-collaboration_key"
+  "docs-oidc_secret_key"
+  "docs-s3_app_key"
+  "docs-s3_secret_key"
+  "docs-yprovider_key"
+]
diff --git a/meta/network.nix b/meta/network.nix
index 4e69662..5e272ca 100644
--- a/meta/network.nix
+++ b/meta/network.nix
@@ -51,6 +51,32 @@ in
 
     hostId = "1758233d";
   };
+
+  docs01 = {
+    interfaces = {
+      ens18 = {
+        ipv6 = [
+          {
+            address = "2a0e:e701:1120:1000:ffff::45.13.104.27";
+            prefixLength = 64;
+          }
+        ];
+
+        ipv4 = [
+          {
+            address = "45.13.104.27";
+            prefixLength = 32;
+          }
+        ];
+
+        gateways = [ "2a0e:e701:1120:1000::1" ];
+        dns = [ "2a0e:e701:1120:1000::f:1" ];
+      };
+    };
+
+    hostId = "d7f81314";
+  };
+
   homebox01 = {
     interfaces = {
       ens18 = {
diff --git a/meta/nodes.nix b/meta/nodes.nix
index bdb9857..93feeef 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -48,6 +48,15 @@ in
     stateVersion = "24.05";
     nixpkgs = "24.05";
   };
+  docs01 = {
+    site = "pav01";
+
+    # TODO:
+    hashedPassword = "$y$j9T$7GuBXxLj.5cx830lyi6oa1$Cj1XMWNPW4GYEVy6RE2r3DsYjSMC/Njsk5VrnZfDw90";
+
+    stateVersion = "24.11";
+    nixpkgs = "unstable";
+  };
   krz01 = {
     site = "pav01";
 
diff --git a/npins/sources.json b/npins/sources.json
index 375bcaf..70e6765 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -45,6 +45,18 @@
       "url": "https://api.github.com/repos/nix-community/dns.nix/tarball/v1.2.0",
       "hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90"
     },
+    "docs": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "soyouzpanda",
+        "repo": "docs"
+      },
+      "branch": "feat/add-nix-package",
+      "revision": "6e4ab6935e151262b4117fb0ffb446551e4aa045",
+      "url": "https://github.com/soyouzpanda/docs/archive/6e4ab6935e151262b4117fb0ffb446551e4aa045.tar.gz",
+      "hash": "1j5v88zb1haxim64f03whvk8wc5sx2lx3bi65d1lpk26avbnxpki"
+    },
     "git-hooks": {
       "type": "Git",
       "repository": {
@@ -183,8 +195,8 @@
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre709559.5083ec887760/nixexprs.tar.xz",
-      "hash": "1z912j1lmrg8zp2hpmmi69dls9zlpvqfvdkvh5xc3x6iqkqwn0cd"
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre785333.ebe4301cbd8f/nixexprs.tar.xz",
+      "hash": "16z7hjabd181i08hgg82y7777v5iv87g3y4md6zvx4i4c49ph4hw"
     },
     "proxmox-nixos": {
       "type": "Git",