m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
334 Commits 4 Branches 0 Tags
7c5b92c37784414a71055ffa745af5802bc82b67
Commit Graph

3 Commits

Author SHA1 Message Date
m3ta-chiron b49d5c4f72 Optimize Hermes Nix service configuration 2026-05-23 08:55:05 +02:00
m3ta-chiron fc39e05beb feat: Hermes Dashboard via m3-atlas Traefik with TLS + Netbird-only access 
m3-hermes:
- Add --insecure flag (required for 0.0.0.0 bind, safe behind Netbird firewall)
- Update comments to document the Traefik proxy flow

m3-atlas Traefik:
- New service: hermes-dashboard → http://100.81.231.152:9119 (Netbird)
- New router: dash.m3ta.dev with GoDaddy TLS cert
- New middleware: netbird-only (IP whitelist 100.64.0.0/16)

Flow: Browser → dash.m3ta.dev (TLS) → Traefik → Netbird → m3-hermes:9119
 2026-05-11 15:53:04 +02:00
m3ta-chiron 20bd28d567 feat(m3-hermes): add Hermes Dashboard as systemd service with Netbird-only firewall 
- New hermes-dashboard.service: runs 'hermes dashboard' on 0.0.0.0:9119
- Firewall restricts port 9119 to Netbird mesh VPN range (100.64.0.0/16)
- Runs as hermes user with NoNewPrivileges + ProtectSystem hardening
- Depends on hermes-agent.service (starts after gateway)
- Added placeholder hermes-api-server-key.age (needs real encryption on host)
 2026-05-11 11:19:21 +02:00