From 6fa99bd85538ae221a676c91db25297e073d8fbf Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Mon, 25 Nov 2024 16:44:35 +0100
Subject: [PATCH] fix: netbird works now

---
 config/services/netbird.nix                   |  12 +++++++++++-
 flake.lock                                    |   6 +++---
 hosts/desktopnix/default.nix                  |   1 -
 .../elisabeth/secrets/kanidm/secrets.nix.age  | Bin 2462 -> 2611 bytes
 hosts/patricknix/net.nix                      |  15 +++++++++++++++
 users/patrick/impermanence.nix                |   1 +
 users/patrick/patrick.nix                     |   9 +++++----
 7 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/config/services/netbird.nix b/config/services/netbird.nix
index fc1f001..4320832 100644
--- a/config/services/netbird.nix
+++ b/config/services/netbird.nix
@@ -9,6 +9,12 @@
       33080 # relay
     ];
   };
+  networking.nftables.chains.forward.from-netbird = {
+    after = [ "conntrack" ];
+    rules = [
+      "iifname nb-main oifname mv-lan accept"
+    ];
+  };
 
   age.secrets.coturnPassword = {
     generator.script = "alnum";
@@ -34,7 +40,10 @@
     group = "netbird";
   };
 
-  networking.firewall.allowedUDPPorts = [ 3478 ]; # STUN/TURN server
+  networking.firewall.allowedUDPPorts = [
+    3478
+    5349
+  ]; # STUN/TURN server
   services.netbird = {
     clients.main = {
       port = 51820;
@@ -44,6 +53,7 @@
         NB_HOSTNAME = "home";
       };
     };
+
     server = {
       enable = true;
       domain = "netbird.${config.secrets.secrets.global.domains.web}";
diff --git a/flake.lock b/flake.lock
index 0ddacdb..6237aaf 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1371,11 +1371,11 @@
         "pre-commit-hooks": "pre-commit-hooks_3"
       },
       "locked": {
-        "lastModified": 1732215218,
-        "narHash": "sha256-/iaKjsFlCbbyDQSJeeCkcgq1+fiVTnJZNyyOO9aaMRM=",
+        "lastModified": 1732216602,
+        "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=",
         "owner": "oddlama",
         "repo": "nixos-extra-modules",
-        "rev": "90c0b018de0465bffe35fee0f86dadfab35b878f",
+        "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e",
         "type": "github"
       },
       "original": {
diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix
index 00fd670..b62f95c 100644
--- a/hosts/desktopnix/default.nix
+++ b/hosts/desktopnix/default.nix
@@ -61,7 +61,6 @@
   ];
   zramSwap.enable = true;
 
-  services.netbird.enable = true;
   # Do not cleanup nix store to prevent having to rebuild packages onca a month
   nix.gc.automatic = lib.mkForce false;
   nixpkgs.hostPlatform = "x86_64-linux";
diff --git a/hosts/elisabeth/secrets/kanidm/secrets.nix.age b/hosts/elisabeth/secrets/kanidm/secrets.nix.age
index 99e00cbcb21021a8552df693fdbae9241c5e9f32..697b325fff55542871d9337670e063278926d615 100644
GIT binary patch
delta 2572
zcmV+n3iI`z6SEYMAXjd5OlCQEF)vSWZ&p=nV^wQ&NMSTeIW|#OOF=_7Xi9ELW@2(q
zP+4g(K?-X(NKHmDFECF-crtcIWG`4mG-qiqW^Qm%YiW2vR5vqOM^$Y_Lwaj3IFnBS
z6@O?rD>+kYdS_E}QAs#?IWS5^D>-*)PH{|gVPQyhOmSydd3Rx1O+_zeO$u;mIdghS
zPi#10Gjc>uIZ1dkSWz%WM|v+bV>NX*OL8(VGE_uVd2lm$O$seOAaH4REpRe5HXvA3
zQEOE}AVD}oId(8uS41*KGgwtvd2Li<bVPb}Qgu*aT5B*fc~VeeYc*<iYEd&!RyPV{
zXf;SmN@;d5Y<fj2Z&gBcW;14KW=2qCN--;EO;=cEdTwD)WMz4EFhP?~0Tq8SR#A9x
zPjEMEWGh!VW-~T-Pf9gpR4`*SXHIlUMnP{*HAh-db#Qb@aasy*SxG`oXme?1HD^&%
zD|As+a#}QJVM#J=S9nQiSxtCqHZX8@Wpi;;Mt2G=J|J*ub}eu+H8vnMc5P5}Q6NEU
zYA-Q&P-jF~Nh?M<Nmq49Omcr>W>ar4G(}c-Q#N@?Zc;%`OG!+1Mn`uFXIfQSQ7dF?
zV`EcfZAfiWG&Xc}IALyWbwo{8WH~uSc}#e1bZRnrX-+r_Ej}PJIaOXkQ7kQIa%Ew2
zWgt~_U{!E-YHuK8Y+On%Oe`QrcnWnvFGWgdOjvnBcU5acc{M>cR(O9(OITu5Ygt5e
zVoYjENJCatV^LE{Ra8_=Y*ur2FHl)cRdGdcIB8jMX?ipYb!k&XHe^vbdO<c<Nn=WI
zVsc7HK~q6WMKW<$cUezIOGZ*eW-BsjNn$cEa&tFPRZ$8pEiE8%L2yzpZYyj_F-%oS
zOnORiO-pNKVQ+9tOId$vZfjyVM`%YuQ$uJudR9paUDnHpLTnF2_XEL})N!U<zidfw
zoDnCI67@9#@zijy5mdgOLNTy`QTUQ)8CZpTfD~Q3kY4q+IV({|vcC2iLpTvMStN}m
z*~Z0LD4>!cHLZ&q@6qLza(so96L1{(JGCi8P(h%C8q9xCME-w`4UOcVa&y*pJZSTQ
zIfPK{!AlylQ3Tb2eyL9veK%LH1rj2&n%+&lvrh&z^gnAAkJ~%v(mU0?QPDwX1q4r!
z`dv?jlnxN8uD=j_6U%?snG+Ac>`8s16pFxuo3lEyoiUq~a~%0Ejs9pJ#62GDjK;!O
zsNugpUKq05hkAdbP<=+IAubz$mCFyUT_!zQrKW00AfZVo@r)Ul^^=?aBwYLe6(A%a
zo_=+3Ex`zS|3WUlBw$4(Wjbws6ga)|e^jfnBNmStn=pkB5dW9WzJ2Gjhep6ljdg?O
z#f#pFZv|a?-yCIF6j!<d^s7NG#VjWGa++rerkF>du|<EK#45Y3cpI1*QGa_=D?5>D
z2fMZ^okkD$%pKYR)ktro&>Qy*%c!_Kw<0WoTbWiw=+m%j9>PA^;wu`06r+Swf+OPP
zrralDP&|6ifWd>SCPK#ItBIvVb{Q#dJ?iRt+OOfZbBqx#6|_TNfp8$o0-}-yPcdC>
zpeFYK01AIS9eO&5APmi8^J)qpMdCQ9GPlJeT#87%$xSH2gTX_waKmsD0c&<x3}-cf
zK3tQl>FKN!nK!j-tH<!WS+9hrs+BZun<rSjs;b+CQE^o<`ZEG>nt@mXs>Kb?`xNU8
z8*6n`Qd5IACj>2huta3o76kKkNK=t`Y-d}K?cIL}pUuFZcANRik#G~-Yq!%8%h{>_
zsz>snd;t#igxKLp((02y*>M5-&&=*1F24!HziR?0Y9`fAbZGgWp})K+wh5tlJr8sS
zz>DXxpDs-H;A)xVcb`3{b2DbH+s;ADgC0lI4Dr-d5`K<33kcdDDEgqIH41E+mEutJ
zu_=Ew@Rj$%a7<1v9TrZo&?n~vhex*s+fygp>8*5rvl0;b+Jx->n#9W-u($?|775jU
zdXk4P!qTHk1C=_EErV=_yZBdYI>rNBsFa$CI~N&G=7~aZUw<cqT^D)s-*jIIwz0<r
zXXyV*7rDw9DN<OC4zrLs-2aca8f82I*SCLhcj5VMDXeAx<DMQNLF+^fOFJntoWyp8
zPil7^O|0i@iw!=cW}Z`)8svuAdl62lN(szEXrS@MrAMlpy+R0{U%njDLJkASOct7O
zkFpXaS?h8;t^dy66fgT{%YoDnQ<!Da*JcVmMw2skD=V!xk4?;0jCEBTdzAOg2@ikL
zq&dN{ZNh6(Bm&@CX4Ke`O9?M2DtoLNkVRUSCn+y7x`K|GfxIRwu<A)S;%FnNo=*3y
z>F9@x;|5i>SZWMe)#EOnISJvrkjasD1~HfvEs~9|HvjmT^6!SgT-1+-o_*YZdKEhv
z0nO`8{T16WXS6`7s1KMCH1*!GWj}wzsJG1nkE%LD%J)Q?lY4`nwn0~Q_^Ryi-PKI6
z=ZS0fCXz?62>k3-s}J<F;z|3`>@|1p9C!M<gRTbBc}#8Rish%&wIsh>3fO|KrxoSl
z8ep1Ix!y3`@}p;5^?bCD49dN}0G_1g;v|oHRh+*^k*YGrVju$L3Um*q@8f^(Yl+={
z1c4L{fx3bE5Imfk1f5NwPxqH4j@#d5r5=V&VW2^1e1`uY>dQ&K3XxuSJfZSySZ{J7
zd{r&4f*W~ts3lZmdqYUFkqC{A!CbOG7UtX)_+^&WY~-ra+C7fvgSPc4rnNo>=F6E>
z7gds+Tedt&Ydc5)_Gz$BpTK`jPbCbXX(P4XRD+a4N7Nim1$wWfp)uV)M+N1Gft;ss
zOA?E`-oeC$Wmx1*G-9+7nOu9?lOxK{MR$G$D<OS|zQkwuUy<l36Rr3OqvAYy$jX0U
z{=HlcNPs{U@y4g{=FDLDE}g#J%xpE8oNJ%O#CSa=Y<(Vtk*H#E{I`E82axT9Fqn+J
zH_nY?1N_E|V!Pi&k({kZ7`!kPuObtcO6#Fo7U{qP&Sc-wV<P+2+R^;8J2_0v$Z&4H
zzD6*0#9t|z@;dVUiMgibnxQ*FE6yfcdCI)IU8lgrdidR2`Yn}Sv9r)F>a%ZBgd+!*
zhK>pmfNc`%B97Gc2TXr#lEOId#&0bHeWrkdv%>z==}$4m;NfE1k9lOr`wZZE>jqb5
z3}Tw3gEc6ChEBhnd%mx%MNe*5`?=#^vS_G^jCS{t)fYQ=9`Mc6GHt^DQD43gzK!Yu
z?Py?nb!pkA+*vqrm*(xoRWyJT67d+Y?hy60!_{&D=T%Q5SQ%gkH>H?EX?0SMy~EUT
z$=c520n{uI7A-6#iSzE={gZiFd_<XgELQ}vke@+7{RlcT(Sy%ozok%R2e4HirGYG9
iWCq9=g72^VH0axtTpv<e5E5olXQ2;ee~CBR>G<(alzH|5

delta 2422
zcmV-+35oWz6rK~1AXj5{I7wkLY*a;aSX4tnI7(SaML0t@RBT0LG<0WgM>JP%bZTdK
zYk4wxQ3^;+PismuHd!}OK~7|4Q7}h$LpFFeG-FIRM|3zzdU0w=acOOOWpHk9G?PyO
z6@M#9O>t^zGe=8vFEwjaGEinVIBjn<acX!)XD>A|dO<Q!D@}7{RBLf7RtkDCGB{B$
zHEeB0M`mzvcS<laY<M<oWot-FXGTd*Nl0x^ZB2S<VKP!TI0`L3AaH4REpRe5HXvA3
zQEOE}AVGFaa7<cZN_8?rM|pR0H%Vx1LPU3AFIiMEa7{B+Y-Ub!Wl>9Qa!E*7IcExY
zWo=MOQBh@LG<R-qb!cm8bT3&?FEc|#R&7f|aaVL=D_A&gLO4c9c14p<0Tq8WbwNi`
zR8nU-V=rwqF={ePR!&Z5Ge>4gGB;3gQ&KWGOF}qrZbdOjd2$MDOlnC?N=-yTQ*l9g
zR98%QG;Ts!K~qe0G;nP<c`;R5P*-L}XD@4JaYYI(J|J*ub}eu+H8vnMc5P5}Q6NDy
zY)?ZsH+fbzG+J3OZ$dG5Z+d@KRzYiGGIca>ZdiCyX*X$UOm;7CH$_$oGI&x;Hezu>
zQ(1CYXiGG1PfK)iFfdg(Y)(i^O-V*XYjti_On5?YW@s=9Ej}PbUp_l6XL4m>b7cxN
zdU0$oOD``pa6wT?X*gMKSu-$bc|&zbV`fVVEiEk|Q$<5iFj``1O)`ISF>_TjRzXd7
zZ89-MX=rOtdUi{0X>U$vICnxXR8>c73fOl39{bIAHah51>dh)ay#mMZrj&c}Q{~%Q
ze|J9cUA427mqG`>H>t=x|J{MIhaSo~bQW%;B5|!&=_Ma_9+ytNtAdxvH(*oZT05H6
zhRZhpb@b9*((=87Yw3TZGPw`RA&48ckEbARJt?j?;0Y(uH)B_8Q+N6-@pu%ly~5cO
zi4!GT6Ue>1=tB0%6XOQkPVh%^TAEoIuC-v(R+;qlXn7i-8hQgjOy2a<Jwv&nyZwB?
zZ6$)tcVzhrV!Y%aa}YWM`^iDDCK8M#R1}fe1l$}Yqet4f&kKJGTXP8?3SH)eJVV;6
zcj<+M%9xX|DrJdM2ogH`K^Oj!$QiqDnl#fzB3p05@orlAV{b*9_$n54l=brE6DVSz
z2pC%E4jHc_bt@v9qO?}>qjilWZU$d-Oc#G_e$3ruvfHF&#<y;@O}toVitGOABwdfF
z$7zSYjD#i2iPwKQMv6;wQbvju5UV&PXckAMajIyR#+M-NJJ42RN>I$dEew=SzLN_T
zit1KUzRy~0hOvxPFvvC`Wtc<xV|ih%(c;Kc^q!M-Cb1qJKNH+x1fT9SSRj@Ju}JMa
z(ifF*@zqPZ(t~xI5JU&B7g6&cVD6vb=1;Ltv9k*7TH1fYCH#B#m}k`r;Mwk5%QVy1
zKjZLa_?wkzM*@}FTlRlOO4WgKxGcZ{rK#sfE@tDP1~Jsy-QjrURV?^)Jjkm$v|rSh
z_Q9{?m7fPLAOElGLq_>tOvUDx0TA#QOKuE5*I`u@I&Cs&$dvx7*m%$kPeh1X`*_-l
z3Q8zfM#z6lZ;6uld5QO>-+)=^lubIj;4rVz#KS7?5?hUGS0ibJ0o{*flf2%X*zs<B
z*AP8iL$lH%Ia_jf|IBm`cBz$zTkG^mM&I>$HCNM*^PaM43+u6M72TT{uh(-y;0Q9Y
z)6#u1E2)T?(;hiUj9UWh+&3WAyf)f*<c5#ozWjgR^D+;8;A16*)?-H@vkjAhIoI*=
zuL^W-&);6m;$|!iMAwbK_k}z>G%P*e0R0+cJ$GzWFITs{9?mg!mtqWdPfCK?a<N-i
zIX1bz)l>P}d;kBgtU4q?bW>RKbIybaXp!Hs$sh=tYrsTHaGWw5T3O|U7m2|Mk~Cu;
zyLEr1*H#1d$R4IU`gIB@-aVPK#ANh(>qunDb8S}mGTl4j4C$hM$tNMhP>HGXD0F%x
zA<jYtb#e-=x%q#+x3Xd@b8-3-LV{Zl2Sp(@s%<ibYope@6HI!D=tFTlQi%5GoG}l8
zlW5<xUh*FI;sogJFz=KcSG-Fky79mxXS{zVh?hR8h+uAjk-b8)PixE4?XMIhXP$B(
z3z_<)FW{>NDSK!_6}Lamr&P};DIS~M%KPzmuxW`e$T`g~VoytVHWMC{if!4vL!qAf
zG^-dBBB}_M_Lw+t5xv*7<ce3oPqj`f0>0NySfYRkRr87Ty^wT#&G^S%gg$Di;tYRh
z2PA2|txGMQz&1@41*`cZRFM!64=9|_cB^!k(9gA^u`T<Co6gd_IlB^B{+BoZesl$I
zBJ}of>_-x<#n}i0Vwi8xkGeDVhKvC85J}W`?7~Cs)plQo(sLyjy%i<`--P@FHp%fo
z5mcb%MM_+7y@*cMbSP1#mp{RX4#|I)5mxUdlNJbn+gmfs(c4M{`e7>&z;#UWh(g3R
z_3U!BNtma&l&VHXtF{kb;Nmv{v=OQLD?@*5*rdK_sIvp;&BMgxWQc15qbK8yjfCqD
zp#2lk>W;IowE+ifn!TqOx{B<hlkb|x+*gj>=XQb2nSkX<u4`}C<0qvnCu)DBWE8w1
zNq<6+QSk`KE5d=x?h&EcM^-c7jPgGkV1;`^0Sk;fB(WHeZJjtcd_rdP!>PxU4xgd?
z@%|;z&N(r+PSf|fwIBrqRl$aqPE*;L(AET``<E$vGKl=KmCVuO)m?!Ga7b)>J9{vr
z;?*hIqM(L?z;{-@_sqeD(9VC299wn*Yuy^Qt1M8og3?Wtm;tV3dbwC7EW&Evz7nJ0
z^viDV%V{!#kGIDC8lL`n@!@!9{#Smqp(o!{G<f`vm>7Vd-;5IJ8Hps*g9)SSsCk-i
zRufKcp^LX2)F(uWsvet|o8@4hK6(xgwv6h?@1Q`8L(b#tH==$Nh+TiqDMpJIu&uOv
zKg!6?&H2QDJJB8MT@wgFt=T3Z(v^`hC*|TiBUHU(l#KlTv`M%hnQQA{)?Wt}qm#!Y
zoEp_a>rEuSX*(hCP0t2lYEjnei7%}HMge%R@&PPxLw{K)-%6d^FW1sdQrXAo!rNqb
z>rXRUmf~<@FBm6Nb&^Uon0$I8<RVT*RiUv^l1v0YO_i<k-`NooUc{qELND^~Y{gYc
oawE%erChzR=ZWx~=dV>HGKzO<&JF8yJ`{pabE0nE`a~Tqo;w#;tpET3

diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix
index 3932e0e..7e261c1 100644
--- a/hosts/patricknix/net.nix
+++ b/hosts/patricknix/net.nix
@@ -3,6 +3,10 @@
   environment.persistence."/state".directories = [
     "/var/lib/iwd"
     "/etc/mullvad-vpn"
+    {
+      directory = "/var/lib/netbird-main";
+      user = "netbird-main";
+    }
   ];
   age.secrets.eduroam = {
     rekeyFile = ./secrets/iwd/eduroam.8021x.age;
@@ -75,4 +79,15 @@
     enable = true;
     package = pkgs.mullvad-vpn;
   };
+  services.netbird = {
+    clients.main = {
+      port = 51820;
+      environment = {
+        NB_MANAGEMENT_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
+        NB_ADMIN_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
+        NB_HOSTNAME = "patricknix";
+      };
+    };
+  };
+  users.users."patrick".extraGroups = [ "netbird-main" ];
 }
diff --git a/users/patrick/impermanence.nix b/users/patrick/impermanence.nix
index 5783f56..fd7a899 100644
--- a/users/patrick/impermanence.nix
+++ b/users/patrick/impermanence.nix
@@ -56,6 +56,7 @@
         ".cache/spotify"
         ".local/share/cargo"
         ".local/share/wallpapers"
+        ".factorio"
       ];
     };
     "/panzer/state".directories = lib.lists.optionals (config.disko.devices.zpool ? "panzer") [
diff --git a/users/patrick/patrick.nix b/users/patrick/patrick.nix
index d58bf00..970cad7 100644
--- a/users/patrick/patrick.nix
+++ b/users/patrick/patrick.nix
@@ -5,11 +5,15 @@
 {
   hm.home = {
     packages = with pkgs; [
+      bashInteractive
+      beatsabermodmanager
       chatterino2
       chromium
       cmatrix
       cowsay
       discord
+      disneyplus
+      element-desktop
       feh
       figlet
       galaxy-buds-client
@@ -19,7 +23,6 @@
       hyperfine
       mpv
       netflix
-      disneyplus
       nextcloud-client
       nix-output-monitor
       nixpkgs-review
@@ -33,14 +36,12 @@
       telegram-desktop
       timer
       via
+      wcurl
       webcord
       xournalpp
       yt-dlp
       zathura
       zotero
-      bashInteractive
-      element-desktop-wayland
-      beatsabermodmanager
     ];
   };
   hm.programs.bat.enable = true;