chore: fix netbird ssh

hosts/m3-ares/services/default.nix

@@ -1,6 +1,7 @@
-{
+{pkgs, ...}: {
   imports = [
     ./containers
+    ./netbird.nix
     #./n8n.nix
     ./mem0.nix
     ./postgres.nix
@@ -9,8 +10,20 @@
     ./udev.nix
     ./wireguard.nix
   ];
+  # console.useXkbConfig = true;
+
+  # services.xserver.xkb = {
+  #   layout = "de,us";
+  #   options = "ctrl:nocaps";
+  # };
+
+  # optional, falls du auch die TTY-Konsole deutsch willst:
   services = {
     hypridle.enable = true;
+    espanso = {
+      enable = true;
+      package = pkgs.espanso-wayland;
+    };
     printing.enable = true;
     gvfs.enable = true;
     trezord.enable = true;

hosts/m3-ares/services/netbird.nix

@@ -0,0 +1,29 @@
+{pkgs, ...}: {
+  services.netbird.enable = true;
+  environment.systemPackages = with pkgs; [netbird-ui];
+
+  systemd.services.netbird = {
+    environment = {
+      NB_DISABLE_SSH_CONFIG = "true";
+    };
+    path = [
+      pkgs.shadow
+      pkgs.util-linux
+    ];
+  };
+
+  programs.ssh.extraConfig = ''
+    Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
+        PreferredAuthentications password,publickey,keyboard-interactive
+        PasswordAuthentication yes
+        PubkeyAuthentication yes
+        BatchMode no
+        ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
+        StrictHostKeyChecking no
+        UserKnownHostsFile /dev/null
+        CheckHostIP no
+        LogLevel ERROR
+  '';
+
+  networking.firewall.checkReversePath = "loose";
+}