From e6f184f24a076d2bba2d98a96d4c10049c6dece5 Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Mon, 11 May 2026 11:36:49 +0200 Subject: [PATCH] chore: hermes dashboard over netbird --- flake.lock | 212 ++++++++++++++++++++------- hosts/m3-hermes/services/netbird.nix | 14 ++ secrets/hermes-api-server-key.age | 27 +++- 3 files changed, 200 insertions(+), 53 deletions(-) diff --git a/flake.lock b/flake.lock index 33e4a13..61412cb 100644 --- a/flake.lock +++ b/flake.lock @@ -126,7 +126,11 @@ }, "basecamp": { "inputs": { - "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1774505501, @@ -145,7 +149,10 @@ }, "basecamp_2": { "inputs": { - "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1774505501, @@ -164,8 +171,14 @@ }, "blueprint": { "inputs": { - "nixpkgs": ["llm-agents", "nixpkgs"], - "systems": ["llm-agents", "systems"] + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ] }, "locked": { "lastModified": 1776249299, @@ -183,10 +196,22 @@ }, "bun2nix": { "inputs": { - "flake-parts": ["llm-agents", "flake-parts"], - "nixpkgs": ["llm-agents", "nixpkgs"], - "systems": ["llm-agents", "systems"], - "treefmt-nix": ["llm-agents", "treefmt-nix"] + "flake-parts": [ + "llm-agents", + "flake-parts" + ], + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ], + "treefmt-nix": [ + "llm-agents", + "treefmt-nix" + ] }, "locked": { "lastModified": 1777369708, @@ -205,7 +230,10 @@ }, "darwin": { "inputs": { - "nixpkgs": ["agenix", "nixpkgs"] + "nixpkgs": [ + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1744478979, @@ -224,7 +252,11 @@ }, "darwin_2": { "inputs": { - "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1744478979, @@ -243,7 +275,9 @@ }, "disko": { "inputs": { - "nixpkgs": ["nixpkgs"] + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1777713215, @@ -261,7 +295,10 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": ["hermes-agent", "nixpkgs"] + "nixpkgs-lib": [ + "hermes-agent", + "nixpkgs" + ] }, "locked": { "lastModified": 1772408722, @@ -279,7 +316,10 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": ["llm-agents", "nixpkgs"] + "nixpkgs-lib": [ + "llm-agents", + "nixpkgs" + ] }, "locked": { "lastModified": 1777988971, @@ -297,7 +337,11 @@ }, "flake-parts_3": { "inputs": { - "nixpkgs-lib": ["m3ta-home", "nur", "nixpkgs"] + "nixpkgs-lib": [ + "m3ta-home", + "nur", + "nixpkgs" + ] }, "locked": { "lastModified": 1733312601, @@ -315,7 +359,10 @@ }, "flake-parts_4": { "inputs": { - "nixpkgs-lib": ["nur", "nixpkgs"] + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] }, "locked": { "lastModified": 1733312601, @@ -375,7 +422,10 @@ }, "home-manager": { "inputs": { - "nixpkgs": ["agenix", "nixpkgs"] + "nixpkgs": [ + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1745494811, @@ -393,7 +443,9 @@ }, "home-manager_2": { "inputs": { - "nixpkgs": ["nixpkgs"] + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1778248595, @@ -411,7 +463,10 @@ }, "home-manager_3": { "inputs": { - "nixpkgs": ["hyprpanel", "nixpkgs"] + "nixpkgs": [ + "hyprpanel", + "nixpkgs" + ] }, "locked": { "lastModified": 1750798083, @@ -429,7 +484,11 @@ }, "home-manager_4": { "inputs": { - "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1745494811, @@ -447,14 +506,17 @@ }, "home-manager_5": { "inputs": { - "nixpkgs": ["m3ta-home", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ] }, "locked": { - "lastModified": 1778248595, - "narHash": "sha256-dhFgEjoeJMYN/7OY6xfxS799YB4IjbbYXTjyGIJyLpc=", + "lastModified": 1778444552, + "narHash": "sha256-f18pIiR9q/p1vHY93gmAum7aHhQOG49oGvAB9+lptRo=", "owner": "nix-community", "repo": "home-manager", - "rev": "fdb2ccba9d5e1238d32e0c4a3ec1a277efa80c1d", + "rev": "dcebe66f958673729896eec2de4abfd86ef22d21", "type": "github" }, "original": { @@ -465,7 +527,10 @@ }, "hyprlang": { "inputs": { - "nixpkgs": ["rose-pine-hyprcursor", "nixpkgs"], + "nixpkgs": [ + "rose-pine-hyprcursor", + "nixpkgs" + ], "systems": "systems_5" }, "locked": { @@ -531,15 +596,17 @@ "home-manager": "home-manager_5", "m3ta-nixpkgs": "m3ta-nixpkgs", "nix-colors": "nix-colors", - "nixpkgs": ["nixpkgs"], + "nixpkgs": [ + "nixpkgs" + ], "nur": "nur" }, "locked": { - "lastModified": 1778311103, - "narHash": "sha256-lqjnPjBfyjIOfAe94ubvdzwfjmylT5xvR5V4RtCVJPk=", + "lastModified": 1778340253, + "narHash": "sha256-Fa/41Ab4AI6zxKEjJ8IjNWIapFMXm/L78IMUTJFqaj4=", "ref": "refs/heads/master", - "rev": "cbe5a55937005c6b9f44266cafcdaaae63a60295", - "revCount": 23, + "rev": "b7b9addbe0f2064db82906f3cc1cf6b4f7a82f31", + "revCount": 24, "type": "git", "url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home" }, @@ -552,16 +619,19 @@ "inputs": { "agents": "agents_2", "basecamp": "basecamp", - "nixpkgs": ["m3ta-home", "nixpkgs"], + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ], "nixpkgs-master": "nixpkgs-master", "openspec": "openspec" }, "locked": { - "lastModified": 1778309566, - "narHash": "sha256-VMc0IOYWzNj6+KdWqggpZ9Mt9MkxYPcKP7smOIkbapo=", + "lastModified": 1778464839, + "narHash": "sha256-AoJGWHEiUyO+EvyxxkdW5YK0jV6Q7nOHDoDrwT58cZw=", "ref": "refs/heads/master", - "rev": "db1a29df1584c0046a110ef693229be73b986cfc", - "revCount": 289, + "rev": "14fd00426cebeca2bd918e1600c038e886d667fb", + "revCount": 293, "type": "git", "url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs" }, @@ -760,11 +830,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1778291595, - "narHash": "sha256-XZRSWn32HgzPiVBUgFu4QgefWq6LjXNljQbmdf52Q5U=", + "lastModified": 1778462231, + "narHash": "sha256-ETxNoYDzDJRsQ9i8H20SLHfpyEhS5RsO6Es9rQiGr0Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "67d18561bfe53cee9d84a19cb5c0be3c8ef5c186", + "rev": "38ebdae768604c382e08a0dd08912ef79425fb7e", "type": "github" }, "original": { @@ -984,7 +1054,10 @@ }, "npm-lockfile-fix": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ] }, "locked": { "lastModified": 1775903712, @@ -1006,11 +1079,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1778310897, - "narHash": "sha256-3YXHiKiPmSfoKeW/TJzsMM6F8v/DruwL0BjnmDtv5Jk=", + "lastModified": 1778482942, + "narHash": "sha256-sZuVkKuDiwj0TG9UG+1hmMnW/cLKbmY++xw4P6TRVLw=", "owner": "nix-community", "repo": "NUR", - "rev": "400996593f670f004c7a544dd3d75987b96fa68e", + "rev": "a89886f8103fe501ba97ad74dce6d087db69c9f9", "type": "github" }, "original": { @@ -1022,7 +1095,9 @@ "nur_2": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": ["nixpkgs"] + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1778308643, @@ -1040,7 +1115,11 @@ }, "openspec": { "inputs": { - "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1778120451, @@ -1058,7 +1137,10 @@ }, "openspec_2": { "inputs": { - "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1778120451, @@ -1076,7 +1158,10 @@ }, "pyproject-build-systems": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"], + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ], "pyproject-nix": "pyproject-nix", "uv2nix": "uv2nix" }, @@ -1096,7 +1181,11 @@ }, "pyproject-nix": { "inputs": { - "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "pyproject-build-systems", + "nixpkgs" + ] }, "locked": { "lastModified": 1769936401, @@ -1114,7 +1203,10 @@ }, "pyproject-nix_2": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ] }, "locked": { "lastModified": 1772865871, @@ -1132,7 +1224,11 @@ }, "pyproject-nix_3": { "inputs": { - "nixpkgs": ["hermes-agent", "uv2nix", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "uv2nix", + "nixpkgs" + ] }, "locked": { "lastModified": 1771518446, @@ -1199,7 +1295,9 @@ }, "rustfs": { "inputs": { - "nixpkgs": ["nixpkgs"] + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1777635550, @@ -1387,7 +1485,10 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": ["llm-agents", "nixpkgs"] + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ] }, "locked": { "lastModified": 1775636079, @@ -1423,7 +1524,11 @@ }, "uv2nix": { "inputs": { - "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"], + "nixpkgs": [ + "hermes-agent", + "pyproject-build-systems", + "nixpkgs" + ], "pyproject-nix": [ "hermes-agent", "pyproject-build-systems", @@ -1446,7 +1551,10 @@ }, "uv2nix_2": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"], + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ], "pyproject-nix": "pyproject-nix_3" }, "locked": { diff --git a/hosts/m3-hermes/services/netbird.nix b/hosts/m3-hermes/services/netbird.nix index 16c6f70..6e8ccb8 100644 --- a/hosts/m3-hermes/services/netbird.nix +++ b/hosts/m3-hermes/services/netbird.nix @@ -4,6 +4,7 @@ systemd.services.netbird = { environment = { NB_DISABLE_SSH_CONFIG = "true"; + NB_USE_LEGACY_ROUTING = "true"; }; path = [ pkgs.shadow @@ -11,5 +12,18 @@ ]; }; + programs.ssh.extraConfig = '' + Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p" + PreferredAuthentications password,publickey,keyboard-interactive + PasswordAuthentication yes + PubkeyAuthentication yes + BatchMode no + ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + CheckHostIP no + LogLevel ERROR + ''; + networking.firewall.checkReversePath = "loose"; } diff --git a/secrets/hermes-api-server-key.age b/secrets/hermes-api-server-key.age index 48cdce8..f848e08 100644 --- a/secrets/hermes-api-server-key.age +++ b/secrets/hermes-api-server-key.age @@ -1 +1,26 @@ -placeholder +age-encryption.org/v1 +-> ssh-ed25519 4NLKrw 2TwbZwX9SwWg4SVC0A2ICmyRjSfO+xtfBcBOK1lh3T4 +DSf4DrOAvW7L49lh6cq5IqrMM7gqXv2+67rR3ttn+CE +-> ssh-ed25519 5kwcsA K1hqFOAxq2T+oLp3bQjLYpXtlQVkA7RHCM/8ETMGbwU +xIE4xz50LB5vbDTTLKVcx9vC2iXIsRLThHYYxGjcJyY +-> ssh-ed25519 9d4YIQ bXYb62OM/N+EXpMOZZ6zEbpfaH10Vz62PuUdGODXolw +j64kKzOn8CmSnykEuWnXHZ0nfqwOfOxX4FPR4GSouR0 +-> ssh-ed25519 3Bcr1w C4alN6ud7q0K4I7NHuBgC77D6zeTfZVGjNS3EKpvL00 +NpjOsg3eJ5LvX0lV7NYuVHLeqeYylHdmw60H+KeG1GY +-> ssh-ed25519 c4NQlA In5wsg4+LTIEbP75B83GMXPCItSPGwKWUW8QO+QjXyY +oK1kikhr4RMq6QMv9kjNjiKrf5srlGh7hGbU2qns2rM +-> ssh-rsa DQlE7w +tcP4yPgGWqHYeE1gw/KD6cswik+9WU2s2f7hg5mK78085sQ7npXRsBVAz2OCRn07 +foeAAmnY4YmKriBh421JOVNBDOXHR5dfaIKY9b663L+rYj99ic0rfW26C+dqKitF +SnvveL3Zf16nqg6duSVA7LIcIFgkIlA+RXnHPVho+P4GwEH7W8nCf/4kUquuhB7B +F4Hx1qOknmGyNBJBFi27D04ZDDk/ZVxioYsO6P6TUu7MuaGmQCoVKREDl5RRh4zO +XD8/TFDRsJLqqcbCKIlU+6CN1+L0r4FN4K0UaTjwPNzGvn5EEjBKw9RpOhdvI28I +WlAQ+w6gdQiz9Ju4e5p7Doz2MbNb6894DimawHjzl968Xy5ifX2XA+FBdcW5hU9A +u+7VXKZmbfMyvRA7lmKRoi4SurJAyQd6iXBrVKfTwFc53V/tJi48bsKcE3yXxHH+ +lKGuZFNGDDkqCruycjvz94WaIHy3fv5hhmBdgwoCZK1VGSLAnwdm1rG4B9m3t/K8 + +-> ssh-ed25519 CSMyhg FNYYdEIJYcxkjMuM5lnIs9gIilvgD44uazZE8CjNeho +QHeghlsOOlYNMwhMHT4o7DeuyxGP/3wyqm94HUHjn44 +--- zRG6aCTS+X18VpeN+tz38kaUoilk1kN5KrWTWYZ6pV4 +ræX _qÔÁ’Ð껿H#p¯f™”}(žA(ã|»?ë0ªyJk¥SD‡\Jm&uõà &Ô9€ýÄ5Ù+çÊ…!v%Y˜ù~ãÁ$û“šZÇÓ° j„z–Â\ßá1,Vf˜ +£’æ1zª»#Ó \ No newline at end of file