Add NetBird module

hosts/vps1/default.nix

@@ -80,6 +80,10 @@
 
   modules = rec {
     databases.postgresql.enable = true;
+    networking = {
+      netbird.enable = true;
+      tailscale.enable = lib.mkForce false;
+    };
     services = {
       borgmatic = {
         enable = true;
@@ -96,7 +100,7 @@
         matrixIntegration = true;
       };
       gitea.enable = true;
-      headscale.enable = true;
+      headscale.enable = false;
       matrix = {
         enable = true;
         bridges = {

modules/default.nix

@@ -32,6 +32,7 @@
     ./editors/neovim
     ./editors/vscode.nix
     ./hardware/presonus-studio.nix
+    ./networking/netbird.nix
     ./networking/tailscale.nix
     ./networking/wireless.nix
     ./security/gpg.nix

modules/networking/netbird.nix

@@ -0,0 +1,61 @@
+{ config, lib, self, ... }:
+
+let
+  cfg = config.modules.networking.netbird;
+  hostname = config.networking.hostName;
+in {
+  options.modules.networking.netbird = {
+    enable = lib.mkEnableOption "netbird";
+    coordinatorDomain = lib.mkOption {
+      type = lib.types.str;
+      default = "netbird.vimium.net";
+    };
+    meshDomain = lib.mkOption {
+      type = lib.types.str;
+      default = "mesh.vimium.net";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    age.secrets."passwords/services/netbird/data-store-encryption-key" = {
+      file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
+    };
+
+    services.netbird = {
+      enable = true;
+    };
+
+    services.netbird.server = {
+      domain = cfg.coordinatorDomain;
+      enable = true;
+      enableNginx = true;
+      dashboard.settings.AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
+      management = rec {
+        disableAnonymousMetrics = true;
+        dnsDomain = cfg.meshDomain;
+        oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
+        settings = {
+          DataStoreEncryptionKey = {
+            _secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
+          };
+          HttpConfig = {
+            AuthAudience = "netbird";
+          };
+          StoreConfig = { Engine = "sqlite"; };
+          TURNConfig = {
+            Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
+            TimeBasedCredentials = true;
+          };
+        };
+        singleAccountModeDomain = dnsDomain;
+        turnDomain = config.services.coturn.realm;
+        turnPort = config.services.coturn.listening-port;
+      };
+    };
+
+    services.nginx.virtualHosts."netbird.vimium.net" = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}

modules/services/matrix/default.nix

@@ -171,6 +171,10 @@ in {
       };
     } else {});
 
+    nixpkgs.config.permittedInsecurePackages = [
+      "jitsi-meet-1.0.8043"
+    ];
+
     services.matrix-synapse = {
       enable = true;
       enableRegistrationScript = true;