m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: fix netbird ssh

Browse Source
This commit is contained in:
m3tm3re
2026-03-02 19:24:28 +01:00
parent 674ce6957c
commit e4195230a5
6 changed files with 115 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
flake.lock generated
View File

@@ -246,11 +246,11 @@
"openspec": "openspec" "openspec": "openspec"
}, },
"locked": { "locked": {
"lastModified": 1772041931, "lastModified": 1772460048,
"narHash": "sha256-NQOQrGtR1EXM33JSVUt5Sz5MburSxWU7t9iZrJk9gQo=", "narHash": "sha256-qN2a0yrXZplR0z98ZVgWNSwh3hbR600KSJmgHLegjcg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "e22774539ac26071b1bc0e6e8272df3c3ec732f2", "rev": "be401c2ebbf336cb6b443a1e9bbee3adb4c58d13",
"revCount": 132, "revCount": 141,
"type": "git", "type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs" "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
}, },
@@ -393,11 +393,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1771574031, "lastModified": 1772459199,
"narHash": "sha256-yKeO6auxI8PrBZOdt/LVRDm+bh939E60l4iZKo1ExeA=", "narHash": "sha256-bwbGxsckrQDHihUGkb9Bw9+6RnpPOZ1Uo6h+Dp94Th4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ab43bb60c7d266a4a285e863d89c1e69cd124dd5", "rev": "f88889dd2451655660dde8700eae20f93a789355",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -457,11 +457,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1771369470, "lastModified": 1772198003,
"narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0182a361324364ae3f436a63005877674cf45efb", "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -548,16 +548,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772031356, "lastModified": 1772094145,
"narHash": "sha256-PA3/P5nUDlrKD6xjDXFoNNF8U2Wzz2JeeY4H+CzWWgY=", "narHash": "sha256-26MV9TbyAF0KFqZtIHPYu6wqJwf0pNPdW/D3gDQEUlQ=",
"owner": "anomalyco", "owner": "anomalyco",
"repo": "opencode", "repo": "opencode",
"rev": "de2bc25677b419d2af0da8b6a24a05d3f22b67a8", "rev": "799b2623cbb1c0f19e045d87c2c8593e83678bc0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "anomalyco", "owner": "anomalyco",
"ref": "v1.2.14", "ref": "v1.2.15",
"repo": "opencode", "repo": "opencode",
"type": "github" "type": "github"
} }
@@ -570,11 +570,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771554066, "lastModified": 1772182342,
"narHash": "sha256-nQPz81Um+4zhEeNz1o55Ix1DoBEM3CxeABAmOJkgIac=", "narHash": "sha256-9Q0iUyZGcDPLdgvnrBN3GumV8g9akV8TFb8bFkD1yYs=",
"owner": "Fission-AI", "owner": "Fission-AI",
"repo": "OpenSpec", "repo": "OpenSpec",
"rev": "4ba26902dfecf6f54c5a729993e012a57f4e2877", "rev": "afdca0d5dab1aa109cfd8848b2512333ccad60c3",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
hosts/common/users/m3tam3re.nix
View File

@@ -24,6 +24,7 @@
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZcjCKl0DRuOUOMXbM0GKY5JjvmyFpVZ/tRlTKWu/zp razr"
]; ];
packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default]; packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default];
}; };

15
hosts/m3-ares/services/default.nix
View File

@@ -1,6 +1,7 @@
{ {pkgs, ...}: {
imports = [ imports = [
./containers ./containers
./netbird.nix
#./n8n.nix #./n8n.nix
./mem0.nix ./mem0.nix
./postgres.nix ./postgres.nix
@@ -9,8 +10,20 @@
./udev.nix ./udev.nix
./wireguard.nix ./wireguard.nix
]; ];
# console.useXkbConfig = true;
# services.xserver.xkb = {
# layout = "de,us";
# options = "ctrl:nocaps";
# };
# optional, falls du auch die TTY-Konsole deutsch willst:
services = { services = {
hypridle.enable = true; hypridle.enable = true;
espanso = {
enable = true;
package = pkgs.espanso-wayland;
};
printing.enable = true; printing.enable = true;
gvfs.enable = true; gvfs.enable = true;
trezord.enable = true; trezord.enable = true;

29
hosts/m3-ares/services/netbird.nix Normal file
View File

@@ -0,0 +1,29 @@
{pkgs, ...}: {
services.netbird.enable = true;
environment.systemPackages = with pkgs; [netbird-ui];
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}

27
hosts/m3-atlas/services/netbird.nix
View File

@@ -1,3 +1,28 @@
{ {pkgs, ...}: {
services.netbird.enable = true; services.netbird.enable = true;
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
} }

29
hosts/m3-kratos/services/netbird.nix
View File

@@ -1,5 +1,32 @@
{pkgs, ...}: { {pkgs, ...}: {
services.netbird.enable = true; services.netbird.enable = true;
environment.systemPackages = [pkgs.netbird-ui]; environment.systemPackages = with pkgs; [netbird-ui];
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow # login
pkgs.util-linux # runuser
];
};
# Symlink kannst du jetzt ENTFERNEN nicht mehr nötig!
# system.activationScripts.netbird-login-link = ... # LÖSCHEN
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose"; networking.firewall.checkReversePath = "loose";
} }