clanService asterisk

clanService yggdrasil add vars yggdrasil/yggdrasil-subnet
clanService yggdrasil
2025-10-22 16:40:59 +07:00 · 2025-10-21 15:55:18 +07:00 · 2025-10-17 16:58:43 +07:00
13 changed files with 159 additions and 68 deletions
--- a/inventories/default.nix
+++ b/inventories/default.nix
@@ -5,7 +5,6 @@
      tags = {
        glom = [ "vega" ];
        b4l = [ "rigel" ];
-
        fax-bridge = [ ];
      };

@@ -56,7 +55,13 @@
            input = "self";
          };
          roles.default.tags."fax-bridge" = { };
-          roles.default.machines."rigel" = { };
+        };
+
+        asterisk = {
+          module = {
+            name = "asterisk";
+            input = "self";
+          };
        };

        pocket-id = {
@@ -64,54 +69,63 @@
            name = "pocket-id";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        nextcloud = {
          module = {
            name = "nextcloud";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        stirling-pdf = {
          module = {
            name = "stirling-pdf";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        actual-budget = {
          module = {
            name = "actual-budget";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        victoriametrics = {
          module = {
            name = "victoriametrics";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        vikunja = {
          module = {
            name = "vikunja";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        grafana = {
          module = {
            name = "grafana";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        pingvin = {
          module = {
            name = "pingvin";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
        paperless = {
          module = {
            name = "paperless";
            input = "self";
          };
+          roles.default.machines.b4l = { };
        };
      };
    };
--- a/machines/b4l/configuration.nix
+++ b/machines/b4l/configuration.nix
@@ -1,7 +1,7 @@
 { inputs, config, ... }:
 {
  imports = [
-    # (inputs.import-tree ./services)
+    (inputs.import-tree ./services)
  ];
  nixpkgs.hostPlatform = {
    system = "x86_64-linux";
--- a/modules/clan/asterisk/default.nix
+++ b/modules/clan/asterisk/default.nix
@@ -0,0 +1,69 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "asterisk";
+  manifest.description = "Asterisk PBX server";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+    perInstance.nixosModule =
+      {
+        lib,
+        ...
+      }:
+      {
+        services.asterisk = {
+          enable = lib.mkDefault true;
+          confFiles = {
+            # Dial plan config
+            "extensions.conf" = ''
+              exten => 1001,1,Dial(PJSIP/user1,20)
+              exten => 1002,1,Dial(PJSIP/user2,20)
+
+              exten => 100,1,Answer()
+              same  =>     n,Wait(1)
+              same  =>     n,Playback(hello-world)
+              same  =>     n,Hangup()
+            '';
+
+            "pjsip.conf" = ''
+              [transport-udp]
+              type=transport
+              protocol=udp
+              bind=0.0.0.0,[::]
+
+              [endpoint_internal](!)
+              type=endpoint
+              context=from-internal
+              disallow=all
+              allow=ulaw
+
+              [auth_userpass](!)
+              type=auth
+              auth_type=userpass
+
+              [aor_dynamic](!)
+              type=aor
+              max_contacts=1
+
+              [user1](endpoint_internal)
+              auth=user1
+              aors=user1
+              [user1](auth_userpass)
+              password=user1
+              username=user1
+              [user1](aor_dynamic)
+
+              [user2](endpoint_internal)
+              auth=user2
+              aors=user2
+              [user2](auth_userpass)
+              password=user2
+              username=user2
+              [user2](aor_dynamic)
+            '';
+          };
+        };
+      };
+  };
+}
--- a/modules/clan/asterisk/flake-module.nix
+++ b/modules/clan/asterisk/flake-module.nix
@@ -0,0 +1,18 @@
+{ lib, ... }:
+let
+  module = lib.modules.importApply ./default.nix { };
+in
+{
+  clan.modules = {
+    asterisk = module;
+  };
+  perSystem =
+    { ... }:
+    {
+      clan.nixosTests.asterisk = {
+        imports = [ ./tests/vm/default.nix ];
+
+        clan.modules."@clan/asterisk" = module;
+      };
+    };
+}
--- a/modules/clan/asterisk/tests/vm/default.nix
+++ b/modules/clan/asterisk/tests/vm/default.nix
@@ -0,0 +1,39 @@
+{
+  pkgs,
+  ...
+}:
+{
+  name = "service-asterisk";
+
+  clan = {
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+
+      instances = {
+        asterisk-test = {
+          module.name = "@clan/asterisk";
+          module.input = "self";
+          roles.default.machines."server".settings = { };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = {
+      services.asterisk = {
+      };
+    };
+  };
+
+  testScript = ''
+    start_all()
+
+    server.wait_for_unit("asterisk")
+
+    # Check that garage is running
+    server.succeed("systemctl status asterisk")
+
+  '';
+}
--- a/modules/clan/yggdrasil/default.nix
+++ b/modules/clan/yggdrasil/default.nix
@@ -13,16 +13,16 @@
        pkgs,
        ...
      }:
-      let
-        user = "yggdrasil";
-      in
      {
        clan.core.vars.generators.yggdrasil = {
          files = {
            yggdrasil-secret = {
              secret = true;
            };
-            yggdrasil-ip.secret = false;
+            yggdrasil-ip = {
+              secret = false;
+            };
+            yggdrasil-subnet.secret = false;
          };
          runtimeInputs = with pkgs; [
            yggdrasil
@@ -31,6 +31,7 @@
          script = ''
            yggdrasil -genconf -json | jq {PrivateKey} > $out/yggdrasil-secret
            cat $out/yggdrasil-secret | yggdrasil -useconf -address | tr -d "\n" > $out/yggdrasil-ip
+            yggdrasil -useconffile $out/yggdrasil-secret -subnet | tr -d "\n" > $out/yggdrasil-subnet
          '';
        };

--- a/modules/clan/yggdrasil/flake-module.nix
+++ b/modules/clan/yggdrasil/flake-module.nix
@@ -1,4 +1,9 @@
-{ lib, ... }:
+{
+  lib,
+  inputs,
+  self,
+  ...
+}:
 let
  module = lib.modules.importApply ./default.nix { };
 in
@@ -9,10 +14,10 @@ in
  perSystem =
    { ... }:
    {
-      clan.nixosTests.yggdrasil = {
-        imports = [ ./tests/vm/default.nix ];
-
-        clan.modules."@clan/yggdrasil" = module;
-      };
+      # clan.nixosTests.yggdrasil = {
+      #   imports = [ ./tests/vm/default.nix ];
+      #
+      #   clan.modules."@clan/yggdrasil" = module;
+      # };
    };
 }
--- a/modules/clan/yggdrasil/tests/vm/default.nix
+++ b/modules/clan/yggdrasil/tests/vm/default.nix
@@ -1,5 +1,4 @@
 {
-  pkgs,
  ...
 }:
 {
@@ -34,8 +33,5 @@

    # Check that garage is running
    server.succeed("systemctl status yggdrasil")
-
-
-
  '';
 }
--- a/vars/per-machine/rigel/yggdrasil/yggdrasil-ip/value
+++ b/vars/per-machine/rigel/yggdrasil/yggdrasil-ip/value
@@ -1 +0,0 @@
-202:60a9:1f96:5bb2:eab4:c3da:5aff:92c7
--- a/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/groups/admins
+++ b/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/groups/admins
@@ -1 +0,0 @@
-../../../../../../sops/groups/admins
--- a/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/machines/rigel
+++ b/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/machines/rigel
@@ -1 +0,0 @@
-../../../../../../sops/machines/rigel
--- a/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/secret
+++ b/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/secret
@@ -1,47 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:R5YmL3FF6OR9ZsZ8Fx4/+jE4PUiWt24Fcc/FRWx4A88A+kNjtEFToc3TIien79W0VS5keQSf2IvtRe2Tnm9M0gvueNtmzP/d5vzM/jlCzxZX3ezkDwvow+hi/Y2znDTDlD36d5EENwLxKa6rBtGorbR6N3imPPfLNLo5NoVeC6hREArEq1WioXJ7aXa/zknitp8RKmyYBg==,iv:N3VUiOvp+sLC17PznFJKoXwCbBwjztzypUMBVt0TFko=,tag:x5D/i3M+J955+Pi0WDvOVQ==,type:str]",
-	"sops": {
-		"age": [
-			{
-				"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQXlQWlNmL1ZaQzVPNWE2\nUGo1L3JQeFAwT3ZiMDAvbytUelZaUllBRHo0CmRrNTBxWHUrMzFWbnM4dVdyRkE1\nQStlekxxazNHNk5sYXk0TnYrajE0OFEKLS0tIGFIMXM3bzJpZklVYy9NbkJYRlVt\nY21CVGdmZENURXczanNsaGcvbTZSSHcKkf4JMXSV6Amwxd9YnR6r9eOCImGCpFkw\n+pBd07js65CV3fXqA43LMC3Pf++xxRZT3dGN1Pn12GI4cVxh6r/8kw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbWI4ZWw4endHY3VQSUFJ\nQUh0SlVZa3F5TmxpaERkcnJiZ1o5eDNhalZjCmhRRnUvTHdRd2pMVXRKcHpYZTAr\nSzNEY3d3RFFnWDR4WEN5cVlRcVI0dWMKLS0tIGhnTGFja3pHZHpwN1JQd1FqeU1S\nclNOSnZGUzhpTmNLaHlpZXBoTVZTMEkK98bDXxnwE1x7VRSCAiLTPJwltk/GwJz6\nHfvmCzqekVewiJLqLYD26vaWXwRdSNhT/8/7VWR5u26cRJiRkDFjXA==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEtnN1ljelAr\nMnhOQWxrUm1pSDEwS0VNa21XVUZERWZ5dHZmZ2U5am1ReW8gQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpwTVBiNExZaDMyaXVXQXBIZ0dmdTZa\nR0ZZUFlZMjF1ck15TXVVWjlZbjFzCi0tLSBvSzVtWFNRWHBzamZEcDJvTmh3N2pi\nUmRzYjM1YU45eHZWZm1QMzhqRVRjClFPLW6KaDlW930hyYeyHco1+Z4bLikIMMJJ\n8m3vhEq3jbQMK868s87BEg1eAXKZj2KjCNRdmG1//rcLpE2RUbM=\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGZlUHVxbWNN\nc3ppMEorOGVGVjV6dC8vTlZNdGV3Ulp6SHlmNTNWdkJXVG8gQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwp6VjdrWVlBOSsyTlY2NFVrY0JEUjhU\nc29ZVkNhOGY3UHpYVkVGTXlLWlU4Ci0tLSAzOGdXaXNpNyt1SW1LSjJ5UVMwUW15\nbEU5cll1ZjFyeDlsMEdxcmxmZ3NnCreTvq/BHDvDv2EgIP/o4ImJXCPVWwzOwGBh\nokideQnekxfmnTBlO+Qxf3qJyfmOkm8wc8LKPjyTql7RIH3pxtM=\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGVZd2d2NXJ3\nSWRORkZtYnc5NGFuZXlzclVrZllvemJzNnVBWE1vcWxXSHMgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpmUjA0NzRHYS9NRDRsSk5kZmFkRng0\nRGNxSzk5bG1ObXFCbW85by9nZ0pVCi0tLSBQL3hZdTVnd1Y4VDh6TG1Ob2FnRDlv\nTGtpd1pJZGtjVStOOVZVZStiQmFRCjMholH1qx2RdjKFPV6uo1LL+95tJlRChI7a\nsME4SiFTgOgeBC0YMMfHYaBwsgQR6bXuyI1aTaQUoRkA3dD9JwI=\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWmNtdkNYdHpKcGZxazIz\nREJ5eTN6c2lTeGduZkQ2SnJOeldmUDNWNlE4ClBmekxXbTQ0VloyOEd4NlMxYWZt\ndCtma0t0RW5leU5OeTRGclU5ZkNVL00KLS0tIFZCRStZd2s4VWpKcUVVMGdQWDAr\nQzNBd3hHRzRBY2NpdEJwYytDZ2hqemMKIwFxroSEKs043UUL1MY6bkFOzmCC6rdr\nKxRNMvq92obFYcVerBjtrybfpHW7/3uqIJ/9o+mu1OFbyOD6oZjdlg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcDA3U08wMFc4bUZ5QWYw\nMUUwWldSRHhOajkySURFSzlzM3FRV2txelIwCm94QTJhSkIrbjJUczZDUElPRmFY\nVVQ1L1g0c28vMjJsZGNlajRLTmliL0EKLS0tIFdRR3M0c0lPTjZlSzFkMmJCaklp\nMmdleUpkNXlHNHphbmdaYUYrbktCVGcKC5spbM+n2Wzi36PrCzt2YBlo78oFGPup\nXltCVIBodvum53I8YNH35JoJAt3OE0iCOTz/pNeu7k2+Hpc4Gmyc4w==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMV0VPcmEwS3QraW1qWitZ\nSEZEd285aENVTE85b1UrQ2J4M3BmNms5UkJRCktob1hCMEkwZDZ4SHFLZkpnWEpU\naFhnMHVmMXNNVEtVUFY0UHJrL2hnSFkKLS0tIDBQbUJjN1dyd0dOZmhOV2FMWXpT\nT0tVdkh2WXRmMGRXcnE4emFUWE9ManMKTVUmQV50M1GR3+ZRZqeteL1ewpzltTGh\np5tSERDoo2PRJqJ5zY3qZAONHt2pICkvBcrhvTwvyUeMZg1Pz7+70A==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsblBZQ3hjaE5kMDBGZlpr\nZDErV2trR1FlNVc2OEhWS3h4Z1F1VFBDSEI0Ckx0V0cwaXVSVlhyN3hsbURoZjA0\nNWUyamE4TDhFdXJhVjZKeFZueTJJUEkKLS0tIDI1ZU5hQ3Nod21pSG5lOFZSeWdL\nbyt6cXpHYTFBS0JKUm1rQy84WTJ1b1UKeVX4NdBCYRupxqqH+IFQOHaV9V1XYOUN\nMegQdueJ2ijEk68uk6D9UmsEoVamc4UJFBM0TBEuNrhBkjs3qyp2Cw==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2025-10-17T07:30:05Z",
-		"mac": "ENC[AES256_GCM,data:ibi2ADO3Rmg89TfxM/2gPWFv0gFDlzHZpJN9l0vGeHShX+nS3jtTGwYBVBt4lqIa5cwDVCY5CUdTDnmP9dvD8Dv6OHvBsfmx8KeqBDj77dmJzePqYj/tdRUCJAoWdpGEuZm4VIBrNfjEQswoy7I//YkjiTiC91wyxpLNS980IqM=,iv:Uq3Mv+4OBk+McPruVhVQDJclgOyJnDWKuVjpfU7lcK0=,tag:i+LaWD/1FnC4jyJqx6v7RA==,type:str]",
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.10.2"
-	}
-}
--- a/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/users/kurogeek
+++ b/vars/per-machine/rigel/yggdrasil/yggdrasil-secret/users/kurogeek
@@ -1 +0,0 @@
-../../../../../../sops/users/kurogeek
Author	SHA1	Message	Date
kurogeek	7115a93a0b	clanService asterisk	2025-10-22 16:40:59 +07:00
kurogeek	b5f3adacd8	clanService yggdrasil add vars yggdrasil/yggdrasil-subnet	2025-10-21 15:55:18 +07:00
kurogeek	2eb52251cc	clanService yggdrasil	2025-10-17 16:58:43 +07:00