From f7c4620378d36b51f70dd7793ffaa5e9b5edecb5 Mon Sep 17 00:00:00 2001
From: JuliusFreudenberger <julius+git@jfreudenberger.de>
Date: Sat, 25 Apr 2026 23:58:47 +0200
Subject: [PATCH] Enable netbird-docker on srv03

---
 hosts/srv03/default.nix | 19 +++++++++++++++++++
 hosts/srv03/secrets.nix |  2 ++
 2 files changed, 21 insertions(+)

diff --git a/hosts/srv03/default.nix b/hosts/srv03/default.nix
index b56205c..1cc29bf 100644
--- a/hosts/srv03/default.nix
+++ b/hosts/srv03/default.nix
@@ -16,6 +16,7 @@
       ../../modules/docker.nix
       ../../modules/traefik.nix
       ../../modules/pocket-id.nix
+      ../../modules/netbird-docker.nix
       ../../modules/auto-upgrade.nix
       "${inputs.secrets}/modules/opkssh.nix"
       # Include the results of the hardware scan.
@@ -42,6 +43,24 @@
       };
       environmentFile = config.age.secrets.pocket-id.path;
     };
+
+    netbird-docker = {
+      enable = true;
+      secrets = config.age.secrets.netbird-server;
+      proxy = {
+        domain = "netbird.jfreudenberger.de";
+        token-secret = config.age.secrets.netbird-proxy;
+      };
+    };
+    netbird.server = let
+      domain = "netbird.jfreudenberger.de";
+    in {
+      domain = domain;
+      management.domain = domain;
+      dashboard.domain = domain;
+      signal.domain = domain;
+      management.oidcConfigEndpoint = "https://login.jfreudenberger.de/.well-known/openid-configuration";
+    };
   };
 
   systemd.network = {
diff --git a/hosts/srv03/secrets.nix b/hosts/srv03/secrets.nix
index 2a119d0..e7368f7 100644
--- a/hosts/srv03/secrets.nix
+++ b/hosts/srv03/secrets.nix
@@ -3,5 +3,7 @@
   age.secrets = {
     inwx.file = "${inputs.secrets}/secrets/dns-management/inwx";
     pocket-id.file = "${inputs.secrets}/secrets/srv03/pocket-id";
+    netbird-server.file = "${inputs.secrets}/secrets/srv03/netbird-server";
+    netbird-proxy.file = "${inputs.secrets}/secrets/srv03/netbird-proxy";
   };
 }