feat: netbird

2026-01-08 14:21:53 +08:00 · 2026-01-08 14:21:53 +08:00 · ea118b7995
commit ea118b7995
parent 53b83b3471
64 changed files with 1088 additions and 665 deletions
--- a/system/dev/dn-pre7780/services/pangolin.nix
+++ b/system/dev/dn-pre7780/services/pangolin.nix
@ -0,0 +1,48 @@
+{ config, lib, ... }:
+let
+  inherit (lib) mkForce;
+  secrets = config.sops.secrets;
+  domain = "net.dn";
+in
+{
+  sops.secrets = {
+    "pangolin/env" = { };
+    "pangolin/traefik" = {
+      key = "acme/pdns";
+    };
+  };
+
+  services.pangolin = {
+    enable = true;
+    openFirewall = true;
+    dashboardDomain = "auth.${domain}";
+    baseDomain = domain;
+
+    environmentFile = secrets."pangolin/env".path;
+    letsEncryptEmail = "danny@net.dn";
+    dnsProvider = "pdns";
+
+    settings = {
+      app = {
+        save_logs = true;
+      };
+      domains = {
+
+      };
+      traefik.prefer_wildcard_cert = true;
+    };
+  };
+
+  services.traefik = {
+    staticConfigOptions = {
+      certificatesResolvers.letsencrypt.acme = {
+        caServer = mkForce "https://ca.net.dn/acme/acme/directory";
+        dnsChallenge = {
+          provider = "pdns";
+          resolvers = [ "10.0.0.1:53" ];
+        };
+      };
+    };
+    environmentFiles = [ secrets."pangolin/traefik".path ];
+  };
+}