From 514205e1d98aa4369b5dd61a65bb0979887590e3 Mon Sep 17 00:00:00 2001
From: Annika Merris <me@annikamerris.com>
Date: Thu, 25 Jul 2024 10:15:25 -0400
Subject: [PATCH] Trying to improve Netbird Setup

---
 hosts/kim/default.nix                   |  8 +++-
 hosts/virt-nix/default.nix              |  1 -
 modules/common/applications/netbird.nix | 53 ++++++++++++++++++++-----
 secrets/secrets.yaml                    |  7 +++-
 4 files changed, 55 insertions(+), 14 deletions(-)

diff --git a/hosts/kim/default.nix b/hosts/kim/default.nix
index f7686f9..f0a1986 100644
--- a/hosts/kim/default.nix
+++ b/hosts/kim/default.nix
@@ -60,7 +60,13 @@ inputs.nixpkgs.lib.nixosSystem {
       element.enable = true;
       firefox.enable = true;
       kitty.enable = true;
-      netbird.enable = true;
+      # netbird.enable = true;
+      netbird = {
+        enable = true;
+        management_url = "https://netbird.moosenet.work:443";
+        admin_url = "https://netbird.moosenet.work";
+        setup_key = sops.netbird.setup_keys.end_user;
+      }
       openrgb.enable = true;
       prusa-slicer.enable = true;
       spotifyd.enable = true;
diff --git a/hosts/virt-nix/default.nix b/hosts/virt-nix/default.nix
index 0d4c6f8..22404e7 100644
--- a/hosts/virt-nix/default.nix
+++ b/hosts/virt-nix/default.nix
@@ -71,7 +71,6 @@ inputs.nixpkgs.lib.nixosSystem {
       ];
       services.openssh.enable = true;
       services.flatpak.enable = true;
-      services.netbird.enable = true; # TODO: Move this to the netbird configs
       hardware.bluetooth.enable = true;
       hardware.bluetooth.powerOnBoot = true;
       sound.enable = true; # TODO: Add the rest of the sound stuff...
diff --git a/modules/common/applications/netbird.nix b/modules/common/applications/netbird.nix
index c1bee97..3ca3382 100644
--- a/modules/common/applications/netbird.nix
+++ b/modules/common/applications/netbird.nix
@@ -6,25 +6,58 @@
         description = "Enable Netbird";
         default = false;
       };
+      opts = {
+        setup_key = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            Setup key obtained from the Management Service Dashboard (used to register peer)
+          '';
+          default = "";
+        };
+        management_url = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            Management Service URL [http|https]://[host]:[port]
+          '';
+          default = "https://api.wiretrustee.com:443";
+        };
+        admin_url = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            Admin Panel URL [http|https]://[host]:[port]
+          '';
+          default = "https://app.netbird.io";
+        };
+      };
     };
   };
+  # TODO: This code should live somewhere else and be available to everything.
+  # mkIfElse = p: yes: no: lib.mkMerge [
+  #   (lib.mkIf p yes)
+  #   (lib.mkif (!p) no)
+  # ];
   config = lib.mkIf (config.netbird.enable)
     (lib.mkMerge [
-      (lib.mkIf (config.gui.enable) {
+      {
+        services.netbird.tunnels = {
+          wt0.environment = (lib.mkMerge [
+            {
+              NB_MANAGEMENT_URL = config.netbird.opts.management_url;
+              NB_ADMIN_URL = config.netbird.opts.admin_url;
+            }
+            # isString e
+            (lib.mkIf (config.netbird.opts.setup_key != "") {
+              NB_SETUP_KEY = config.netbird.opts.setup_key;
+            })
+          ]);
+        };
+      }
+      (lib.mIf (config.gui.enable) {
         home-manager.users.${config.user} = {
           home.packages = [
             pkgs.netbird-ui
           ];
         };
-        services.netbird.enable = true;
-      })
-      (lib.mkIf (!config.gui.enable) {
-        home-manager.users.${config.user} = {
-          home.packages = [
-            pkgs.netbird
-          ];
-        };
-        services.netbird.enable = true;
       })
     ]);
 }
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 9cb4029..02ee8f6 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -3,6 +3,9 @@ spotifyd:
         global:
             password: ENC[AES256_GCM,data:YnfXoQ7pbqoZ8QcqfkYd3A==,iv:+QwDqlZ5HEIasmeMAT48kvF3LpbTzJMu4OR1kjWOZCQ=,tag:rANAqr1GlYzHNItb2AmCmg==,type:str]
 annika_password: ENC[AES256_GCM,data:qRdNYmU7Z0A0r3rhyTQMa9I/uNjlSMSjPzRNDBUvpV8t+jlN+l+5XzGawS7E1cwBTuU/rkdSha2vU2hCyWgxqOmLjSp8okCUSw==,iv:12lV4/zC5uneYnDrps9cdv5J1fXiuMfIGmoaYDaVD5c=,tag:d8SNVCcbYOT0iiUjeKVsWA==,type:str]
+netbird:
+    setup_keys:
+        end_user: ENC[AES256_GCM,data:9fFfVWHO2e3lACEl1+g+rWUQ1o6jZUQfTKBCXRcGTLClZ+ho,iv:LPaUSzZHy+iN9w7kjvDyGhHajR56G+S26JlMeur+Bko=,tag:SAASFjfyya3cigsyaR/mlg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -27,8 +30,8 @@ sops:
             YUxQYnZmRUc0TkZkaEFHSGp6RzdwdGcK/Y8BuOQrcOgWpA18FijIpRR7zw+VYl2+
             bJLhkeIjYvDc+mNoKf/GCVmJVtSAWanoHGKasDfkDkuSkAJfao9WzA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-23T19:08:33Z"
-    mac: ENC[AES256_GCM,data:6XxNXxnjzCxVHOK/7+e4x+PLEzyqDtClfvdPyOXJnvX7iz8p5zjXazUV0gq1kbUVrD6Uh2XumomNOeyA+VP7g5bpxkbOEGUoptzU+VsEQtTIvRlQn09J3J733yKlwDJ6dglTUuyOD66e21dIRF6JJ1UWOFkwptToHdEe+PqcWLc=,iv:T0Vr851SJcv6tprN0+wshu+WfSMWug5tEkPluVKRx4A=,tag:Dt10qxRJuUPBlK4oNyNgNg==,type:str]
+    lastmodified: "2024-07-24T14:26:38Z"
+    mac: ENC[AES256_GCM,data:xT/DXBA4zTPW+LqZhPW8kwJrCDrQliPLiVsKirNlJ6DZ4bJDpHob+drdi8qT8FVcFyenhBULrVW+f/keDbwhPp8o0NgLzi+5MiIS9yPux6krw47K8Y0CxJ2gS/TqrtNGuBIyuxwL8od9j6/wiz8RIGJ1r8Ng19KJH9sqvowVCKo=,iv:qtLV4+AgdSMOJwqzB4fwqdOnm+iOxPEEoUQRrp3o3ek=,tag:E9Sf8tBiryCKX40utWJkxQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0