Attempt at making firezone work

machines/howl/default.nix

@@ -9,4 +9,20 @@
   nix.distributedBuilds = lib.mkForce false;
 
   nix.gc.automatic = lib.mkForce false;
+
+  services.resolved.enable = true;
+
+  # services.firezone.headless-client = {
+  #   enable = true;
+  #   name = config.networking.hostName;
+  #   apiUrl = "wss://api.firezone.dev/";
+  #   tokenFile = "/run/agenix/firezone-token";
+  # };
+  # age.secrets.firezone-token.file = ../../secrets/firezone-token.age;
+
+  # services.firezone.gui-client = {
+  #   enable = true;
+  #   name = config.networking.hostName;
+  #   allowedUsers = [ "googlebot" ];
+  # };
 }

machines/howl/properties.nix

@@ -7,6 +7,7 @@
 
   systemRoles = [
     "personal"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQi3q8jU6vRruExAL60J7GFO1gS8HsmXVJuKRT4ljrG";

machines/ponyo/properties.nix

@@ -16,6 +16,7 @@
     "dailybot"
     "gitea"
     "librechat"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";

machines/storage/s0/properties.nix

@@ -14,6 +14,7 @@
     "gitea-actions-runner"
     "frigate"
     "zigbee"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";

secrets/secrets.nix

@@ -60,4 +60,7 @@ with roles;
 
   # zigbee2mqtt secrets
   "zigbee2mqtt.yaml.age".publicKeys = zigbee;
+
+  # Firezone Token
+  "firezone-token.age".publicKeys = firezone;
 }