m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re/nixos-config:1544764f37f5131c1cc2adfcd14419c757d41b66
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua
...
compare: m3tam3re/nixos-config:e743808d2b9c5f7c006e4843795aadeaf8781c61
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua

2 Commits
1544764f37 ... e743808d2b

Author SHA1 Message Date
m3tam3re e743808d2b Merge pull request 'feat(m3-hermes): Netbird mesh VPN + API server for Desktop App' (#12) from feat/hermes-netbird-api-server into master 
Reviewed-on: #12
 2026-05-11 09:15:48 +02:00
m3ta-chiron c6df5d3836 feat(m3-hermes): add Netbird mesh VPN + enable API server for Hermes Desktop 2026-05-10 11:46:21 +02:00
5 changed files with 28 additions and 0 deletions
Expand all files Collapse all files
hosts/m3-hermes/secrets.nix
+3
View File
@@ -7,6 +7,9 @@
hermes-cloud-env = {
file = ../../secrets/hermes-cloud-env.age;
};
hermes-api-server-key = {
file = ../../secrets/hermes-api-server-key.age;
};
};
};
}
hosts/m3-hermes/services/default.nix
+1
View File
@@ -1,5 +1,6 @@
{
imports = [
./hermes-agent.nix
./netbird.nix
];
}
hosts/m3-hermes/services/hermes-agent.nix
+8
View File
@@ -85,6 +85,7 @@ in {
environmentFiles = [
config.age.secrets."hermes-env".path
config.age.secrets."hermes-cloud-env".path
config.age.secrets."hermes-api-server-key".path
];
# Non-secret environment variables
@@ -94,6 +95,13 @@ in {
GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to";
GIT_COMMITTER_NAME = "m3ta-chiron";
GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to";
# ── API Server (OpenAI-compatible, for Hermes Desktop App) ─────────
# Accessible via Netbird mesh VPN — not exposed to the public internet.
# Bind to 0.0.0.0 so the Netbird interface can reach it.
API_SERVER_ENABLED = "true";
API_SERVER_HOST = "0.0.0.0";
API_SERVER_PORT = "8642";
};
# ── Container mode (podman) ──────────────────────────────────────────
hosts/m3-hermes/services/netbird.nix
+15
View File
@@ -0,0 +1,15 @@
{pkgs, ...}: {
services.netbird.enable = true;
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
networking.firewall.checkReversePath = "loose";
}
secrets.nix
+1
View File
@@ -52,6 +52,7 @@ in {
"secrets/honcho-key.age".publicKeys = systems ++ users;
"secrets/hermes-env.age".publicKeys = systems ++ users;
"secrets/hermes-cloud-env.age".publicKeys = systems ++ users;
"secrets/hermes-api-server-key.age".publicKeys = systems ++ users;
"secrets/hermes-gitea-token.age".publicKeys = systems ++ users;
"secrets/tuwunel-registration-token.age".publicKeys = systems ++ users;
}