diff --git a/config/services/netbird.nix b/config/services/netbird.nix index fc1f001..4320832 100644 --- a/config/services/netbird.nix +++ b/config/services/netbird.nix @@ -9,6 +9,12 @@ 33080 # relay ]; }; + networking.nftables.chains.forward.from-netbird = { + after = [ "conntrack" ]; + rules = [ + "iifname nb-main oifname mv-lan accept" + ]; + }; age.secrets.coturnPassword = { generator.script = "alnum"; @@ -34,7 +40,10 @@ group = "netbird"; }; - networking.firewall.allowedUDPPorts = [ 3478 ]; # STUN/TURN server + networking.firewall.allowedUDPPorts = [ + 3478 + 5349 + ]; # STUN/TURN server services.netbird = { clients.main = { port = 51820; @@ -44,6 +53,7 @@ NB_HOSTNAME = "home"; }; }; + server = { enable = true; domain = "netbird.${config.secrets.secrets.global.domains.web}"; diff --git a/flake.lock b/flake.lock index 0ddacdb..6237aaf 100644 --- a/flake.lock +++ b/flake.lock @@ -1371,11 +1371,11 @@ "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { - "lastModified": 1732215218, - "narHash": "sha256-/iaKjsFlCbbyDQSJeeCkcgq1+fiVTnJZNyyOO9aaMRM=", + "lastModified": 1732216602, + "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "90c0b018de0465bffe35fee0f86dadfab35b878f", + "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e", "type": "github" }, "original": { diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index 00fd670..b62f95c 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -61,7 +61,6 @@ ]; zramSwap.enable = true; - services.netbird.enable = true; # Do not cleanup nix store to prevent having to rebuild packages onca a month nix.gc.automatic = lib.mkForce false; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/hosts/elisabeth/secrets/kanidm/secrets.nix.age b/hosts/elisabeth/secrets/kanidm/secrets.nix.age index 99e00cb..697b325 100644 Binary files a/hosts/elisabeth/secrets/kanidm/secrets.nix.age and b/hosts/elisabeth/secrets/kanidm/secrets.nix.age differ diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix index 3932e0e..7e261c1 100644 --- a/hosts/patricknix/net.nix +++ b/hosts/patricknix/net.nix @@ -3,6 +3,10 @@ environment.persistence."/state".directories = [ "/var/lib/iwd" "/etc/mullvad-vpn" + { + directory = "/var/lib/netbird-main"; + user = "netbird-main"; + } ]; age.secrets.eduroam = { rekeyFile = ./secrets/iwd/eduroam.8021x.age; @@ -75,4 +79,15 @@ enable = true; package = pkgs.mullvad-vpn; }; + services.netbird = { + clients.main = { + port = 51820; + environment = { + NB_MANAGEMENT_URL = "https://netbird.${config.secrets.secrets.global.domains.web}"; + NB_ADMIN_URL = "https://netbird.${config.secrets.secrets.global.domains.web}"; + NB_HOSTNAME = "patricknix"; + }; + }; + }; + users.users."patrick".extraGroups = [ "netbird-main" ]; } diff --git a/users/patrick/impermanence.nix b/users/patrick/impermanence.nix index 5783f56..fd7a899 100644 --- a/users/patrick/impermanence.nix +++ b/users/patrick/impermanence.nix @@ -56,6 +56,7 @@ ".cache/spotify" ".local/share/cargo" ".local/share/wallpapers" + ".factorio" ]; }; "/panzer/state".directories = lib.lists.optionals (config.disko.devices.zpool ? "panzer") [ diff --git a/users/patrick/patrick.nix b/users/patrick/patrick.nix index d58bf00..970cad7 100644 --- a/users/patrick/patrick.nix +++ b/users/patrick/patrick.nix @@ -5,11 +5,15 @@ { hm.home = { packages = with pkgs; [ + bashInteractive + beatsabermodmanager chatterino2 chromium cmatrix cowsay discord + disneyplus + element-desktop feh figlet galaxy-buds-client @@ -19,7 +23,6 @@ hyperfine mpv netflix - disneyplus nextcloud-client nix-output-monitor nixpkgs-review @@ -33,14 +36,12 @@ telegram-desktop timer via + wcurl webcord xournalpp yt-dlp zathura zotero - bashInteractive - element-desktop-wayland - beatsabermodmanager ]; }; hm.programs.bat.enable = true;