From 26860d2119d130218cac243d4ea7a09b4075a158 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Sun, 30 Mar 2025 20:54:41 -0700
Subject: [PATCH] Attempt at making firezone work

---
 machines/howl/default.nix          |  16 ++++++++++++++++
 machines/howl/properties.nix       |   1 +
 machines/ponyo/properties.nix      |   1 +
 machines/storage/s0/properties.nix |   1 +
 secrets/firezone-token.age         | Bin 0 -> 812 bytes
 secrets/secrets.nix                |   3 +++
 6 files changed, 22 insertions(+)
 create mode 100644 secrets/firezone-token.age

diff --git a/machines/howl/default.nix b/machines/howl/default.nix
index eae09fa..70b4d1a 100644
--- a/machines/howl/default.nix
+++ b/machines/howl/default.nix
@@ -9,4 +9,20 @@
   nix.distributedBuilds = lib.mkForce false;
 
   nix.gc.automatic = lib.mkForce false;
+
+  services.resolved.enable = true;
+
+  # services.firezone.headless-client = {
+  #   enable = true;
+  #   name = config.networking.hostName;
+  #   apiUrl = "wss://api.firezone.dev/";
+  #   tokenFile = "/run/agenix/firezone-token";
+  # };
+  # age.secrets.firezone-token.file = ../../secrets/firezone-token.age;
+
+  # services.firezone.gui-client = {
+  #   enable = true;
+  #   name = config.networking.hostName;
+  #   allowedUsers = [ "googlebot" ];
+  # };
 }
diff --git a/machines/howl/properties.nix b/machines/howl/properties.nix
index 536e0c3..b8301bb 100644
--- a/machines/howl/properties.nix
+++ b/machines/howl/properties.nix
@@ -7,6 +7,7 @@
 
   systemRoles = [
     "personal"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQi3q8jU6vRruExAL60J7GFO1gS8HsmXVJuKRT4ljrG";
diff --git a/machines/ponyo/properties.nix b/machines/ponyo/properties.nix
index 1695957..4c2c4fa 100644
--- a/machines/ponyo/properties.nix
+++ b/machines/ponyo/properties.nix
@@ -16,6 +16,7 @@
     "dailybot"
     "gitea"
     "librechat"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
diff --git a/machines/storage/s0/properties.nix b/machines/storage/s0/properties.nix
index 4b77af6..8c5bb6c 100644
--- a/machines/storage/s0/properties.nix
+++ b/machines/storage/s0/properties.nix
@@ -14,6 +14,7 @@
     "gitea-actions-runner"
     "frigate"
     "zigbee"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
diff --git a/secrets/firezone-token.age b/secrets/firezone-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..caa33cb5756ae0b0f97baa28c627702f72bd5252
GIT binary patch
literal 812
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlGfyeXN>^|-^R9Gp
zG|Vr}@%JcCGB64?3lDI0aZEL>veZux3Ql$QH?4{=aZfBa^yDfC&PWe8ukZ=Z&oc1S
zuP_PpHp?`OEcYr44=+o}_RlfR&j`p1ODoV1^F_DK%rV4BKV6~Jx2P(lBq+x_GTkh%
zqOdF{E!EGk#J4Ct$<#+X(=E)k+&MBwJKxRSF`3IV+cz+>O5ZIoxis88-8s=bt5CZv
zvNSEove;cett!YeF(|Rj*Rb5z5yQ5OfC9t3a)r#)LeCJR;wY1l)XH*4v$EiTlCVgR
zpm2jUbMFd$@4{?nZNu{NvSPR3KrYuX=OCj*qm;^IKc7^mY@e{q;G(FiVC^&)FVjE|
z3s<*v%S;!q5`*MOS9HIX8|Rf;q$@-jMf#WPJ6Wdq6?lhQI6G^XRFzbgnD|v{=bHEh
z1b9`LXM}qun&uTbr*j4S7wen2Mx<4^re+l71r``M`5ILwr4%`N_=N;`J9!kO1^b(2
znudh9r*rA*>M8`J=o@8b1SXlg8JU-uTKHrd8z<)Gd!|Qt1R5B47bF)On<bhQ2YaVf
zd2%@?$RAy^yDk02)!5&<x12>cu^O_k*!#1>DE{P{wiwH=wlNED9#XeIcFg?zma`6t
zYH=(A+ny?Jxi7c8WVR-Q!i~aT@0HlU8%<re?qlfPjo-NU&&}Pe^s#Q0p3xMpiCm=`
z&F!Mht*_o(SB>uCUcNeGPf6mBJwAQAroEZ`ca`A%$d`(%+?I3w-k!DNVRFU2gC^6t
zS9`~52<%r||K!JBhHLo+Osj<%eeUhKvFt~8e#L7>t!<B60z?DO%KbQO`0Baun}x^A
zo)@H>JW6kS|Ndx2aPXCPA<C2gyS|;cZQBwV=dGKVn5XkOP3G1-p&p=-!oIcb!}L_a
zLWPgHB}w}x&E?{so>y8enBtWA>DK<OQ-%0+H(Xj{KUXa{meWei<G0M;-sPS-M)K#+
OFR+vSx~;Eh-8KL?I5?C5

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e4de178..bcce79e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -60,4 +60,7 @@ with roles;
 
   # zigbee2mqtt secrets
   "zigbee2mqtt.yaml.age".publicKeys = zigbee;
+
+  # Firezone Token
+  "firezone-token.age".publicKeys = firezone;
 }