mob next [ci-skip] [ci skip] [skip ci]

lastFile:inventories/default.nix

inventories/default.nix

@@ -5,6 +5,8 @@
       tags = {
         glom = [ "vega" ];
         b4l = [ "rigel" ];
+
+        fax-bridge = [];
       };
 
       instances = {
@@ -48,68 +50,68 @@
           roles.peer.tags.b4l = { };
         };
 
+        yggdrasil = {
+          module = {
+            name = "yggdrasil";
+            input = "self";
+          };
+          roles.default.tags."fax-bridge" = { };
+          roles.default.machines."b4l" = {};
+        };
+
         pocket-id = {
           module = {
             name = "pocket-id";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         nextcloud = {
           module = {
             name = "nextcloud";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         stirling-pdf = {
           module = {
             name = "stirling-pdf";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         actual-budget = {
           module = {
             name = "actual-budget";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         victoriametrics = {
           module = {
             name = "victoriametrics";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         vikunja = {
           module = {
             name = "vikunja";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         grafana = {
           module = {
             name = "grafana";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         pingvin = {
           module = {
             name = "pingvin";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
         paperless = {
           module = {
             name = "paperless";
             input = "self";
           };
-          roles.default.machines.b4l = { };
         };
       };
     };

machines/b4l/configuration.nix

@@ -1,7 +1,7 @@
 { inputs, config, ... }:
 {
   imports = [
-    (inputs.import-tree ./services)
+    # (inputs.import-tree ./services)
   ];
   nixpkgs.hostPlatform = {
     system = "x86_64-linux";

modules/clan/yggdrasil/default.nix

@@ -0,0 +1,52 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "yggdrasil";
+  manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+    perInstance.nixosModule =
+      {
+        lib,
+        config,
+        pkgs,
+        ...
+      }:
+      let
+        user = "yggdrasil";
+      in
+      {
+        clan.core.vars.generators.yggdrasil = {
+          files.yggdrasil-secret = {
+            secret = true;
+            owner = user;
+            group = user;
+          };
+          files.yggdrasil-ip.secret = false;
+          runtimeInputs = with pkgs; [
+            yggdrasil
+            jq
+          ];
+          script = ''
+            yggdrasil -genconf -json | jq {PrivateKey} > $out/yggdrasil-secret
+            cat $out/yggdrasil-secret | yggdrasil -useconf -address > $out/yggdrasil-ip
+          '';
+        };
+
+        services.yggdrasil = {
+          enable = lib.mkDefault true;
+          configFile = config.clan.core.vars.generators.yggdrasil.files.yggdrasil-secret.path;
+          settings = {
+            Peers = [
+              # US Peers
+              "tls://ygg.jjolly.dev:3443"
+              "tls://[2602:fc24:18:7a42::1]:993"
+              "tcp://leo.node.3dt.net:9002"
+              "tcp://ygg-kcmo.incognet.io:8883"
+            ];
+          };
+        };
+      };
+  };
+}

modules/clan/yggdrasil/flake-module.nix

@@ -0,0 +1,18 @@
+{ lib, ... }:
+let
+  module = lib.modules.importApply ./default.nix { };
+in
+{
+  clan.modules = {
+    yggdrasil = module;
+  };
+  perSystem =
+    { ... }:
+    {
+      clan.nixosTests.yggdrasil = {
+        imports = [ ./tests/vm/default.nix ];
+
+        clan.modules."@clan/yggdrasil" = module;
+      };
+    };
+}

modules/clan/yggdrasil/tests/vm/default.nix

@@ -0,0 +1,39 @@
+{
+  pkgs,
+  ...
+}:
+{
+  name = "service-yggdrasil";
+
+  clan = {
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+
+      instances = {
+        yggdrasil-test = {
+          module.name = "@clan/yggdrasil";
+          module.input = "self";
+          roles.default.machines."server".settings = { };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = {
+      services.yggdrasil = {
+      };
+    };
+  };
+
+  testScript = ''
+    start_all()
+
+    server.wait_for_unit("yggdrasil")
+
+    # Check that garage is running
+    server.succeed("systemctl status yggdrasil")
+
+  '';
+}

vars/per-machine/b4l/yggdrasil/yggdrasil-ip/value

@@ -0,0 +1 @@
+203:fd53:b905:ea17:519c:e415:709f:9ad8

vars/per-machine/b4l/yggdrasil/yggdrasil-secret/groups/admins

@@ -0,0 +1 @@
+../../../../../../sops/groups/admins

vars/per-machine/b4l/yggdrasil/yggdrasil-secret/machines/b4l

@@ -0,0 +1 @@
+../../../../../../sops/machines/b4l

vars/per-machine/b4l/yggdrasil/yggdrasil-secret/secret

@@ -0,0 +1,47 @@
+{
+	"data": "ENC[AES256_GCM,data:MeSmw+LrbtuxGVQ33hgEwG3wUVa/AahAfPb/E2Qh3xxEkeSy5nUwgGLE2MxqiR37zViuin/CUqEH5fO5j7d7wOidn5k+mtKChAWIO65BUjcAWzhy9LyC9p90NT11xStkJQl+DJghl/f0hLuxPX5XQMvQzj3BjzKz03IKqMnZak25pWdKw+uoiuEItl5pz3srIPmofQr5VA==,iv:FNoJl/oIsBgbieB+B0ChmHszoj893B9fVypoJoWSEsk=,tag:CnhWE25rxT9qJIv6EtD0lQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UlJNcU5ueklqaXEwQmFJ\nNU5SQ1J3M1ViZWF2VWU0OFFNekN1UDF4T2xrCmtsR05uNzZUMmZZVUhNa2grZC9J\nWTZrZnJmdG5GQytTR0RxQktuVERwK28KLS0tIHM3YXV6SVhhbnYvM3YvbDl2WjVh\nRVp2VVFPbmllWWdNYkwvdWlyVE5FancKYNu7sW02LXN3QSb1QiJy54TNgG1ePGzl\nXxvo3fEkXN+NtfK+m5dBVza1ZeGeqa2y4nfv4+UeYhUF2tW0YVP2pg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZi95WFV4NXhxakZwT1Zw\nU2x3N0Y4VU9EK1NzYkkzQmhqZmYvaFVtT3dRCjdjN0FNV1p0bkdmWUY0WVY0VjN3\nYisyT095Z09RWW1GUkJuUEpFUFNSSkkKLS0tIDFKc1pTY2FacXQydnlKWENBTFJ1\nYWh3c1Z4c3Rha1l1Znh6Y0J2cmhvckkK6JtSrCRKEZozbeyyIIgvRfOo83eaQZSk\nXUmaiy3GxHD9hGOnxm5uIYK+Jdugl+OtQsvW+Kn0HXWSFIRK49IlFg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGNncFVvQmQ0\nVWlSdjRPTjlvdU12WElPdG8zU3BnaEovQ0JpQXYralpaQ1UgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQp6Y21FdXdGV0dFR2d1WXBkdmxQaDZ6\nVm12bnQwUUlOYmlhOFJnaEk3Y2NVCi0tLSBWVlJiQ1lJcFlWR2tvemRQQUdwNlhM\nWlZEekhVdnVkSklIc1JYT1FUWlljCjku0ljp7akJdfVmY3t9KQ8VRnG4H4AINPKf\nN3C2NB7Y1gVuhaD8BRZX9chTVOlntpYcQxf0apDEvEG+CWfTa3o=\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEw4d1Z2T0Fn\nOWlDOE45b1pURTJHK1hiOHU4djlYdlQxbUpQR3BYbXFEWGcgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpJcnN0UlRnVUphYmIwNjB0WU1XM09Z\nWHJLSWM5TGpJK2swMW5xcGMvRjRzCi0tLSB5eVZudDlOSGZabW1SZm1HRk9aUXV1\nYXJWVCtwWUVmN2JLRXRLd1I2OWs4Cp8xVbJ7VFbXbWyRzt3Lhw/gZ6pAbN2lpwlX\nfbE0BTYYTYD+w9LZfJsTLdUv2DP+9zugcePyJGxL0FJu40UkcPA=\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIElMZWhxa3o4\nR20yR0RaQTlxTzE1d3ZMOXgvUjhXbEYzS0JiYUV2RDJ2aEEgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpUVVB4YnNRT1RpOWVMMGZmQkt6TnpR\nc1ZQRWFNTDVVN01xUlVTWUllVHRJCi0tLSBBVWNZa3NEbFRwVnhvbEdsbEVYRGRI\nd1RlTm9UbkJnODlkVGdhYmVPREc4CjI3dqGOKfw7Fr/f0dup0ZyJ4+IGKI2BUmIe\n4jj9+nGbzgRh+2KYlZh/UlOTbrEWrWsrXjZsLcFeYRadJc3Qmbg=\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcFozN1ZpaXh3Q05UWnR6\ndk9NMDhyd0M5YS9OeE1KSTNRa0JOOHBWaDMwCmlieENKcFBCelJjR0lNWnpycHpu\ndy9lT3dmRzIyR1gvVDN2VThVQk1TNDgKLS0tIENtWnVVUHJ4K01tVHpVZWcrWFpP\nS0NXdVFLeVI1dTVTTk5kS21aMno1bHMKinIeyyUs9QL92/Egx5VUlXq0w3cEDCJk\nFh09GKnj3kNlFOKCP3grVBAX36TKAHLLKGHr+sz30G/VPkGUMNHKeg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMnJZTFFYUEtvWjRkVFg2\nVW1RWVlOa01xbnhGVlFJSmVyKzhWYjF3THc0CmpXK0NuZ21BR0p5OWt0TVBrREc3\nckRqdmVxU1JLMUlqaFViTnNBSEwwcFEKLS0tIFVJSlNFK1Ayd2dTTlZncEViR2JC\nNm0yM0JZMWpKYXc2RS9QMGtKWXJXOG8K1UrprHHWw4SsWG9/8sD5aDKGmAIrorPL\nZPzhlV3WLDw2YvZPVahPDgNEsWVitL3QVzEnxbQDQeLe9Dp0lTFc6Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRWJjdytWNkYwNUh2UlZN\nTnVod0N2SXBZbGZKa2pwejZneW9FdFliOTJ3ClNoa05JMTdOSXBNWjc4OUsvWUlM\nbCswa3RkWmZ1MU0xRVpjQy9sNkpqNmsKLS0tIFNhTjRDV3B3S2d3ZmhhNnNmZkdJ\nMGw3TzBaMzc2ekpuaTFzZGQzaTRlc3cKWfPSUoBVO4+stvpHPuXOcbg5mY+JWycc\npbxEAnDep9KiI5aqWao7fQ74SHzVQrMFUPITo9ARgbIhUqKrdrA+yA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMVkwak1tenhnRmZzd3pD\nMmxzdytMMmhnZzdZQko4Z3JVTVhqVVhpY1RBCjVzam9RM0U1TXNzZlhVcXovQ3My\nM2lDRm1CMmxxOGtvUWQ5M0dVVERsK3MKLS0tIDFUYndidDM4WS9DNXJhZVdtOGRw\nQ2R4TERROE01TUhRb2ZkUnRUV0lrdGsKP/BVd0OoB6zU/Pcyk3eI9877EmlPaqPJ\nd5LK9zbu9TX8QJP78ZrC90y1SZW3p4YqgHaLYBDq6oXPnqjk9DnLNQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-10-17T04:29:35Z",
+		"mac": "ENC[AES256_GCM,data:c8+A/HjyGgxm6wGQXCKG3LDY4ELs44Ct7TEm69YHXgloU3D2hz2PTBXHguLqr0NHW5o0HhrFodH5+3+W0WWssIrsMp8w3IW9r2u1+c3Xn2tGkkZ/TS93KNT1wPfiBlF5MVREm1MsZC2kKGR4QHqxcH+1hcRto6dHTAcEz9uSNWQ=,iv:sq6BLJ4eXTbtprhet+XwbZwohRcRMRUe14IiyR+2+tw=,tag:NxkOC9CT7zWtWJDbheldSg==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}

vars/per-machine/b4l/yggdrasil/yggdrasil-secret/users/kurogeek

@@ -0,0 +1 @@
+../../../../../../sops/users/kurogeek