feat: add netbird client (gateway server and dev machine)

hosts/kroma/default.nix

@@ -2,6 +2,7 @@
   inputs,
   lib,
   minimal,
+  nodes,
   ...
 }:
 {
@@ -74,9 +75,21 @@
   #  };
   #};
 
-  nixpkgs.config.permittedInsecurePackages = lib.trace "please remove insecure nix 2.16.2 very fast ok thx bye" [
-    "nix-2.16.2"
-  ];
+  # FIXME: the ui is not directly accessible via environment.systemPackages
+  # FIXME: to control it as a user (and to allow SSO) we need to be in the netbird-home group
+  services.netbird.ui.enable = true;
+  services.netbird.clients.home = {
+    port = 51820;
+    name = "netbird-home";
+    interface = "wt-home";
+    openFirewall = true;
+    config.ServerSSHAllowed = false;
+    environment = rec {
+      NB_MANAGEMENT_URL = "https://${nodes.sentinel.config.networking.providedDomains.netbird}";
+      NB_ADMIN_URL = NB_MANAGEMENT_URL;
+      NB_HOSTNAME = "home-gateway";
+    };
+  };
 
   topology.self.icon = "devices.desktop";
 }

hosts/ward/default.nix

@@ -106,6 +106,7 @@
       {}
       // mkMicrovm "adguardhome"
       // mkMicrovm "forgejo"
+      // mkMicrovm "home-gateway"
       // mkMicrovm "kanidm"
       // mkMicrovm "netbird"
       // mkMicrovm "radicale"

hosts/ward/guests/home-gateway.nix

@@ -0,0 +1,21 @@
+{nodes, ...}: {
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/netbird-home";
+      mode = "0700";
+    }
+  ];
+
+  services.netbird.clients.home = {
+    port = 51820;
+    name = "netbird-home";
+    interface = "wt-home";
+    openFirewall = true;
+    config.ServerSSHAllowed = false;
+    environment = rec {
+      NB_MANAGEMENT_URL = "https://${nodes.sentinel.config.networking.providedDomains.netbird}";
+      NB_ADMIN_URL = NB_MANAGEMENT_URL;
+      NB_HOSTNAME = "home-gateway";
+    };
+  };
+}

hosts/ward/secrets/home-gateway/host.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILlEjX8dXaeZl+ax7YphX9XNr/S9WwKLsgbV7FDjWNzY