From 128f2360c7fe6732805396f2c54338c6bfedec2f Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Mon, 8 Apr 2024 08:16:29 +0200
Subject: [PATCH 1/4] hosts/hydra-1,hosts/hydra-2: Allow git via http in
 restricted mode

---
 hosts/hydra-1/configuration.nix | 2 +-
 hosts/hydra-2/configuration.nix | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix
index 7bd2095..06309ea 100644
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@@ -26,7 +26,7 @@
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   nix = {
-    settings.allowed-uris = "http: https: github:";
+    settings.allowed-uris = "http: https: git+https: github:";
     distributedBuilds = true;
     buildMachines = [
       {
diff --git a/hosts/hydra-2/configuration.nix b/hosts/hydra-2/configuration.nix
index 8dc1418..e738724 100644
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@@ -26,7 +26,7 @@
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   # Allow Hydra to fetch remote URLs in restricted mode
-  nix.settings.allowed-uris = "http: https: github:";
+  nix.settings.allowed-uris = "http: https: git+https: github:";
 
   services.openssh.settings= {
    PermitRootLogin = "yes";

From db61a104ff5d926f31553604b708c4056324224b Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Mon, 8 Apr 2024 08:17:19 +0200
Subject: [PATCH 2/4] lib/flake-helper.nix: Use fqdn as target host for colmena

---
 lib/flake-helper.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix
index 62e549a..69d1413 100644
--- a/lib/flake-helper.nix
+++ b/lib/flake-helper.nix
@@ -57,7 +57,7 @@ rec {
 
   generateColmenaHost = name: hostSystem: {
     deployment = {
-      targetHost = "${name}.net.clerie.de";
+      targetHost = hostSystem.config.networking.fqdn;
       targetUser = null;
       tags = let
         group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;

From 606343b11f60b6d476a313f6339f2e8596343290 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Mon, 8 Apr 2024 08:41:05 +0200
Subject: [PATCH 3/4] configuration/common: add bij to programs

---
 configuration/common/programs.nix |  1 +
 flake.lock                        | 21 +++++++++++++++++++++
 flake.nix                         |  4 ++++
 lib/flake-helper.nix              |  4 +++-
 4 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix
index afb6e4f..b37a656 100644
--- a/configuration/common/programs.nix
+++ b/configuration/common/programs.nix
@@ -7,6 +7,7 @@
     htop
     parted
     tmux
+    bij
     colmena
     vim
     agenix
diff --git a/flake.lock b/flake.lock
index 65e82b1..441d904 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,26 @@
         "type": "github"
       }
     },
+    "bij": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1712512137,
+        "narHash": "sha256-crxzFc3lc/ViHYVK+IKmIbifxF6zyHgSwhBKd0lLgWE=",
+        "ref": "refs/heads/main",
+        "rev": "221052d8465f0a4437cb8cae3cc9998c87e88f68",
+        "revCount": 2,
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/bij.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/bij.git"
+      }
+    },
     "chaosevents": {
       "inputs": {
         "nixpkgs": [
@@ -229,6 +249,7 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "bij": "bij",
         "chaosevents": "chaosevents",
         "fernglas": "fernglas",
         "fieldpoc": "fieldpoc",
diff --git a/flake.nix b/flake.nix
index ac69e14..aa59880 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,6 +7,10 @@
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    bij = {
+      url = "git+https://git.clerie.de/clerie/bij.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     chaosevents = {
       url = "git+https://git.clerie.de/clerie/chaosevents.git";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix
index 69d1413..1f28cdb 100644
--- a/lib/flake-helper.nix
+++ b/lib/flake-helper.nix
@@ -1,4 +1,4 @@
-{ self, nixpkgs, agenix, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, ... }@inputs:
+{ self, nixpkgs, agenix, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, ... }@inputs:
 
 rec {
   generateNixosSystem = {
@@ -30,6 +30,8 @@ rec {
           (_: _: {
             inherit (agenix.packages."x86_64-linux")
               agenix;
+            inherit (bij.packages."${system}")
+              bij;
             inherit (chaosevents.packages."x86_64-linux")
               chaosevents;
            })

From 816aa0b86dc98bdb1186da0d5f1e42348aa722d0 Mon Sep 17 00:00:00 2001
From: Flake Update Bot <flake-update-bot@clerie.de>
Date: Tue, 9 Apr 2024 03:03:03 +0200
Subject: [PATCH 4/4] Update nixpkgs 2024-04-09-01-03

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 441d904..63d1fe7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -232,11 +232,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1708118438,
-        "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=",
+        "lastModified": 1712439257,
+        "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80",
+        "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
         "type": "github"
       },
       "original": {