m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(m3-hermes): Netbird mesh VPN + API server for Desktop App #12

Merged
m3tam3re merged 1 commits from feat/hermes-netbird-api-server into master 2026-05-11 09:15:48 +02:00
Conversation 0 Commits 1 Files Changed 5
+28
m3ta-chiron commented 2026-05-10 11:46:49 +02:00
Collaborator
Copy Link
Copy Source

Changes

  • Netbird VPN client for m3-hermes (same pattern as m3-atlas/m3-kratos)

    • Headless client, no GUI needed
    • NB_DISABLE_SSH_CONFIG = true + loose reverse path check

  • API Server enabled (OpenAI-compatible, port 8642)

    • Binds to 0.0.0.0 so it`'s reachable via Netbird mesh
    • NOT exposed to public internet
    • For Hermes Desktop App remote connections

  • New agenix secret: hermes-api-server-key.age

    • Contains API_SERVER_KEY=<key> for Bearer auth
    • ⚠️ Must be encrypted before nixos-rebuild switch

Post-merge steps

  1. Encrypt the secret:

    cd /path/to/nixos-config
agenix -e secrets/hermes-api-server-key.age
# Content: API_SERVER_KEY=<your-chosen-key>

  2. On m3-hermes:

    nixos-rebuild switch
netbird up --setup-key <KEY>  # or via Netbird dashboard

  3. Verify: Netbird IP should be reachable on port 8642

  4. Nemoti: Install Hermes Desktop App on Mac, connect to http://<netbird-ip>:8642

## Changes - **Netbird VPN client** for m3-hermes (same pattern as m3-atlas/m3-kratos) - Headless client, no GUI needed - `NB_DISABLE_SSH_CONFIG = true` + loose reverse path check - **API Server** enabled (OpenAI-compatible, port 8642) - Binds to `0.0.0.0` so it`'s reachable via Netbird mesh - NOT exposed to public internet - For Hermes Desktop App remote connections - **New agenix secret**: `hermes-api-server-key.age` - Contains `API_SERVER_KEY=<key>` for Bearer auth - ⚠️ Must be encrypted before `nixos-rebuild switch` ## Post-merge steps 1. Encrypt the secret: ```bash cd /path/to/nixos-config agenix -e secrets/hermes-api-server-key.age # Content: API_SERVER_KEY=<your-chosen-key> ``` 2. On m3-hermes: ```bash nixos-rebuild switch netbird up --setup-key <KEY> # or via Netbird dashboard ``` 3. Verify: Netbird IP should be reachable on port 8642 4. Nemoti: Install Hermes Desktop App on Mac, connect to `http://<netbird-ip>:8642`
m3ta-chiron added 1 commit 2026-05-10 11:46:49 +02:00
feat(m3-hermes): add Netbird mesh VPN + enable API server for Hermes Desktop c6df5d3836
m3tam3re merged commit e743808d2b into master 2026-05-11 09:15:48 +02:00
m3tam3re deleted branch feat/hermes-netbird-api-server 2026-05-11 09:15:48 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
m3ta-chiron m3tam3re
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: m3tam3re/nixos-config#12
Delete Branch "feat/hermes-netbird-api-server"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?