Trying to improve Netbird Setup

2025-12-11 11:05:23 -05:00 · 2024-07-25 10:15:25 -04:00 · 2024-07-25 10:15:25 -04:00 · 514205e1d9
commit 514205e1d9
parent f030235976
4 changed files with 55 additions and 14 deletions
--- a/hosts/kim/default.nix
+++ b/hosts/kim/default.nix
@ -60,7 +60,13 @@ inputs.nixpkgs.lib.nixosSystem {
      element.enable = true;
      firefox.enable = true;
      kitty.enable = true;
-      netbird.enable = true;
+      # netbird.enable = true;
+      netbird = {
+        enable = true;
+        management_url = "https://netbird.moosenet.work:443";
+        admin_url = "https://netbird.moosenet.work";
+        setup_key = sops.netbird.setup_keys.end_user;
+      }
      openrgb.enable = true;
      prusa-slicer.enable = true;
      spotifyd.enable = true;
--- a/hosts/virt-nix/default.nix
+++ b/hosts/virt-nix/default.nix
@ -71,7 +71,6 @@ inputs.nixpkgs.lib.nixosSystem {
      ];
      services.openssh.enable = true;
      services.flatpak.enable = true;
-      services.netbird.enable = true; # TODO: Move this to the netbird configs
      hardware.bluetooth.enable = true;
      hardware.bluetooth.powerOnBoot = true;
      sound.enable = true; # TODO: Add the rest of the sound stuff...
--- a/modules/common/applications/netbird.nix
+++ b/modules/common/applications/netbird.nix
@ -6,25 +6,58 @@
        description = "Enable Netbird";
        default = false;
      };
+      opts = {
+        setup_key = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            Setup key obtained from the Management Service Dashboard (used to register peer)
+          '';
+          default = "";
+        };
+        management_url = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            Management Service URL [http|https]://[host]:[port]
+          '';
+          default = "https://api.wiretrustee.com:443";
+        };
+        admin_url = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            Admin Panel URL [http|https]://[host]:[port]
+          '';
+          default = "https://app.netbird.io";
+        };
+      };
    };
  };
+  # TODO: This code should live somewhere else and be available to everything.
+  # mkIfElse = p: yes: no: lib.mkMerge [
+  #   (lib.mkIf p yes)
+  #   (lib.mkif (!p) no)
+  # ];
  config = lib.mkIf (config.netbird.enable)
    (lib.mkMerge [
-      (lib.mkIf (config.gui.enable) {
+      {
+        services.netbird.tunnels = {
+          wt0.environment = (lib.mkMerge [
+            {
+              NB_MANAGEMENT_URL = config.netbird.opts.management_url;
+              NB_ADMIN_URL = config.netbird.opts.admin_url;
+            }
+            # isString e
+            (lib.mkIf (config.netbird.opts.setup_key != "") {
+              NB_SETUP_KEY = config.netbird.opts.setup_key;
+            })
+          ]);
+        };
+      }
+      (lib.mIf (config.gui.enable) {
        home-manager.users.${config.user} = {
          home.packages = [
            pkgs.netbird-ui
          ];
        };
-        services.netbird.enable = true;
-      })
-      (lib.mkIf (!config.gui.enable) {
-        home-manager.users.${config.user} = {
-          home.packages = [
-            pkgs.netbird
-          ];
-        };
-        services.netbird.enable = true;
      })
    ]);
 }
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -3,6 +3,9 @@ spotifyd:
        global:
            password: ENC[AES256_GCM,data:YnfXoQ7pbqoZ8QcqfkYd3A==,iv:+QwDqlZ5HEIasmeMAT48kvF3LpbTzJMu4OR1kjWOZCQ=,tag:rANAqr1GlYzHNItb2AmCmg==,type:str]
 annika_password: ENC[AES256_GCM,data:qRdNYmU7Z0A0r3rhyTQMa9I/uNjlSMSjPzRNDBUvpV8t+jlN+l+5XzGawS7E1cwBTuU/rkdSha2vU2hCyWgxqOmLjSp8okCUSw==,iv:12lV4/zC5uneYnDrps9cdv5J1fXiuMfIGmoaYDaVD5c=,tag:d8SNVCcbYOT0iiUjeKVsWA==,type:str]
+netbird:
+    setup_keys:
+        end_user: ENC[AES256_GCM,data:9fFfVWHO2e3lACEl1+g+rWUQ1o6jZUQfTKBCXRcGTLClZ+ho,iv:LPaUSzZHy+iN9w7kjvDyGhHajR56G+S26JlMeur+Bko=,tag:SAASFjfyya3cigsyaR/mlg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -27,8 +30,8 @@ sops:
            YUxQYnZmRUc0TkZkaEFHSGp6RzdwdGcK/Y8BuOQrcOgWpA18FijIpRR7zw+VYl2+
            bJLhkeIjYvDc+mNoKf/GCVmJVtSAWanoHGKasDfkDkuSkAJfao9WzA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-23T19:08:33Z"
-    mac: ENC[AES256_GCM,data:6XxNXxnjzCxVHOK/7+e4x+PLEzyqDtClfvdPyOXJnvX7iz8p5zjXazUV0gq1kbUVrD6Uh2XumomNOeyA+VP7g5bpxkbOEGUoptzU+VsEQtTIvRlQn09J3J733yKlwDJ6dglTUuyOD66e21dIRF6JJ1UWOFkwptToHdEe+PqcWLc=,iv:T0Vr851SJcv6tprN0+wshu+WfSMWug5tEkPluVKRx4A=,tag:Dt10qxRJuUPBlK4oNyNgNg==,type:str]
+    lastmodified: "2024-07-24T14:26:38Z"
+    mac: ENC[AES256_GCM,data:xT/DXBA4zTPW+LqZhPW8kwJrCDrQliPLiVsKirNlJ6DZ4bJDpHob+drdi8qT8FVcFyenhBULrVW+f/keDbwhPp8o0NgLzi+5MiIS9yPux6krw47K8Y0CxJ2gS/TqrtNGuBIyuxwL8od9j6/wiz8RIGJ1r8Ng19KJH9sqvowVCKo=,iv:qtLV4+AgdSMOJwqzB4fwqdOnm+iOxPEEoUQRrp3o3ek=,tag:E9Sf8tBiryCKX40utWJkxQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.0