commit 53b4a94f99f94ed45b0cebad9126b0440e6b21bc · ptr.pet/ark

secrets/develMobi.key.pub

···

       0

···

       1
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILUIHFy8lBU8Iy5253Lglw0v67k9ozxjLWprjTjwTsrm dusk@devel.mobi

secrets/develMobiNetbirdClientKey.age

This is a binary file and will not be displayed.

secrets/secrets.nix

···

       1
        
       let

     

       2
        
         yusdacra = builtins.readFile ./yusdacra.key.pub;

     

       3
        
         wolumonde = builtins.readFile ./wolumonde.key.pub;

     

       0
        
       
     

       4
        
       in

     

       5
        
       {

     

       6
        
         "bernbotToken.age".publicKeys = [

     
···

       68
        
         "netbirdClientKey.age".publicKeys = [

     

       69
        
           yusdacra

     

       70
        
           wolumonde

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       71
        
         ];

     

       72
        
       }

···

       1
        
       let

     

       2
        
         yusdacra = builtins.readFile ./yusdacra.key.pub;

     

       3
        
         wolumonde = builtins.readFile ./wolumonde.key.pub;

     

       4
       +
         develMobi = builtins.readFile ./develMobi.key.pub;

     

       5
        
       in

     

       6
        
       {

     

       7
        
         "bernbotToken.age".publicKeys = [

     
···

       69
        
         "netbirdClientKey.age".publicKeys = [

     

       70
        
           yusdacra

     

       71
        
           wolumonde

     

       72
       +
         ];

     

       73
       +
         "develMobiNetbirdClientKey.age".publicKeys = [

     

       74
       +
           yusdacra

     

       75
       +
           develMobi

     

       76
        
         ];

     

       77
        
       }

+26 -7

users/dusk@devel.mobi/default.nix

···

       1
        
       {

     

       0
        
       
     

       2
        
         pkgs,

     

       3
        
         lib,

     

       4
        
         tlib,

     
···

       22
        
                 "fzf"

     

       23
        
                 "direnv"

     

       24
        
                 "nushell"

     

       0
        
       
     

       25
        
               ]

     

       26
        
               # dev stuff

     

       27
        
               [

     
···

       32
        
             ];

     

       33
        
           in

     

       34
        
           l.flatten [

     

       0
        
       
     

       35
        
             ../../modules/persist/null.nix

     

       36
        
             (tlib.prefixStrings "${inputs.self}/users/modules/" modulesToEnable)

     

       37
        
           ];

     

       38
        
       

     

       0
        
       
     

       39
        
         home = {

     

       40
        
           homeDirectory = "/home/dusk";

     

       41
        
           username = "dusk";

     

       42
        
           stateVersion = "25.11";

     

       43
       -
           # file.".ssh/authorized_keys".text = ''

     

       44
       -
           #   ${signKeyText}

     

       45
       -
           # '';

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       46
        
         };

     

       47
        
       

     

       48
        
         programs = {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       49
        
           git = {

     

       50
        
             userName = name;

     

       51
        
             userEmail = email;

     
···

       55
        
               user.signingkey = signKeyText;

     

       56
        
             };

     

       57
        
           };

     

       58
       -
         };

     

       59
       -
       

     

       60
       -
         services.podman = {

     

       61
       -
           enable = true;

     

       62
        
         };

     

       63
        
       }

···

       1
        
       {

     

       2
       +
         config,

     

       3
        
         pkgs,

     

       4
        
         lib,

     

       5
        
         tlib,

     
···

       23
        
                 "fzf"

     

       24
        
                 "direnv"

     

       25
        
                 "nushell"

     

       26
       +
                 "netbird"

     

       27
        
               ]

     

       28
        
               # dev stuff

     

       29
        
               [

     
···

       34
        
             ];

     

       35
        
           in

     

       36
        
           l.flatten [

     

       37
       +
             inputs.agenix.homeManagerModules.default

     

       38
        
             ../../modules/persist/null.nix

     

       39
        
             (tlib.prefixStrings "${inputs.self}/users/modules/" modulesToEnable)

     

       40
        
           ];

     

       41
        
       

     

       42
       +
         age.identityPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"];

     

       43
        
         home = {

     

       44
        
           homeDirectory = "/home/dusk";

     

       45
        
           username = "dusk";

     

       46
        
           stateVersion = "25.11";

     

       47
       +
           # shell

     

       48
       +
           shell.enableShellIntegration = true;

     

       49
       +
           shellAliases = {

     

       50
       +
             ctl = "systemctl --user";

     

       51
       +
             jtl = "journalctl --user";

     

       52
       +
             jtlu = "journalctl --user --unit";

     

       53
       +
           };

     

       54
       +
         };

     

       55
       +
       

     

       56
       +
         age.secrets.netbirdClientKey = {

     

       57
       +
           file = ../../secrets/develMobiNetbirdClientKey.age;

     

       58
       +
           mode = "600";

     

       59
       +
         };

     

       60
       +
         services.netbird = {

     

       61
       +
           enable = true;

     

       62
       +
           managementUrl = "https://bird.gaze.systems";

     

       63
       +
           setupKeyFile = config.age.secrets.netbirdClientKey.path;

     

       64
        
         };

     

       65
        
       

     

       66
        
         programs = {

     

       67
       +
           bash = {

     

       68
       +
             enable = true;

     

       69
       +
             enableCompletion = true;

     

       70
       +
           };

     

       71
       +
           tealdeer.enable = true;

     

       72
        
           git = {

     

       73
        
             userName = name;

     

       74
        
             userEmail = email;

     
···

       78
        
               user.signingkey = signKeyText;

     

       79
        
             };

     

       80
        
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       81
        
         };

     

       82
        
       }

+72

users/modules/netbird/default.nix

···

       1
       +
       {lib, config, pkgs, ...}: let

     

       2
       +
         l = lib;

     

       3
       +
         t = l.types;

     

       4
       +
         cfg = config.services.netbird;

     

       5
       +
         wrapped = pkgs.writers.writeBashBin "netbird" ''

     

       6
       +
           ${pkgs.netbird}/bin/netbird \

     

       7
       +
             --daemon-addr "unix://netbird.sock" \

     

       8
       +
             --config "${config.xdg.configHome}/netbird/config.json" $@

     

       9
       +
         '';

     

       10
       +
         proxychainsCfg = pkgs.writers.writeText "proxychains.conf" ''

     

       11
       +
           proxy_dns

     

       12
       +
           quiet_mode

     

       13
       +
           [ProxyList]

     

       14
       +
           socks5 127.0.0.1 1080

     

       15
       +
         '';

     

       16
       +
         wrappedProxychains = pkgs.writers.writeBashBin "netbird-proxychains" ''

     

       17
       +
           ${pkgs.proxychains-ng}/bin/proxychains4 \

     

       18
       +
             -f "${proxychainsCfg}" \

     

       19
       +
             $@

     

       20
       +
         '';

     

       21
       +
       in {

     

       22
       +
         options = {

     

       23
       +
           services.netbird = {

     

       24
       +
             enable = l.mkEnableOption "netbird client";

     

       25
       +
             managementUrl = l.mkOption {

     

       26
       +
               type = t.str;

     

       27
       +
               default = "https://api.netbird.cloud";

     

       28
       +
               description = "NetBird management URL";

     

       29
       +
             };

     

       30
       +
             setupKeyFile = l.mkOption {

     

       31
       +
               type = t.str;

     

       32
       +
               description = "Path to the setup key file";

     

       33
       +
             };

     

       34
       +
             proxyScript = l.mkOption {

     

       35
       +
               type = t.package;

     

       36
       +
               description = "path to a script that uses proxychains to proxy traffic";

     

       37
       +
               readOnly = true;

     

       38
       +
             };

     

       39
       +
           };

     

       40
       +
         };

     

       41
       +
         config = l.mkIf cfg.enable {

     

       42
       +
           home.packages = [ wrapped wrappedProxychains ];

     

       43
       +
           services.netbird.proxyScript = wrappedProxychains;

     

       44
       +
           systemd.user.services.netbird = {

     

       45
       +
             Unit = {

     

       46
       +
               Description = "NetBird Client";

     

       47
       +
               After = [ "network.target" ];

     

       48
       +
             };

     

       49
       +
       

     

       50
       +
             Service = {

     

       51
       +
               ExecStart = "${pkgs.netbird}/bin/netbird up -F";

     

       52
       +
               Restart = "on-failure";

     

       53
       +
               RestartSec = "5s";

     

       54
       +
               Environment = l.mapAttrsToList (k: v: "${k}=${toString v}") {

     

       55
       +
                 PATH = "${pkgs.coreutils}/bin:$PATH";

     

       56
       +
                 NB_WG_KERNEL_DISABLE = "true";

     

       57
       +
                 NB_USE_NETSTACK_MODE = "true";

     

       58
       +
                 NB_ENABLE_NETSTACK_LOCAL_FORWARDING = "true";

     

       59
       +
                 NB_NETSTACK_SKIP_PROXY = "false";

     

       60
       +
                 NB_SOCKS5_LISTENER_PORT = 1080;

     

       61
       +
                 NB_DISABLE_DNS = "false";

     

       62
       +
                 NB_SETUP_KEY_FILE = l.replaceString "\${XDG_RUNTIME_DIR}" "%t" cfg.setupKeyFile;

     

       63
       +
                 NB_MANAGEMENT_URL = cfg.managementUrl;

     

       64
       +
                 NB_CONFIG = "${config.xdg.configHome}/netbird/config.json";

     

       65
       +
                 NB_DAEMON_ADDR = "unix://%t/netbird.sock";

     

       66
       +
               };

     

       67
       +
             };

     

       68
       +
       

     

       69
       +
             Install.WantedBy = [ "network.target" ];

     

       70
       +
           };

     

       71
       +
         };

     

       72
       +
       }