From e8d8adb62626c40839f0fb9ab52021217c16ebde Mon Sep 17 00:00:00 2001
From: "sascha.koenig" <sascha.koenig@azintec.com>
Date: Wed, 4 Mar 2026 09:13:02 +0100
Subject: [PATCH] chore: netbird update AZ-CLD-1

---
 flake.lock                           | 42 ++++++++++++++--------------
 home/features/coding/default.nix     |  1 -
 home/features/coding/opencode.nix    | 37 ++++++++++++++++++++++++
 home/features/desktop/default.nix    |  1 +
 hosts/AZ-CLD-1/services/default.nix  |  1 +
 hosts/AZ-CLD-1/services/netbird.nix  | 31 ++++++++++++++++++++
 hosts/AZ-PRM-1/services/n8n.nix      |  2 +-
 hosts/AZ-PRM-1/services/netbird.nix  | 28 +++++++++++++++++++
 hosts/AZLT124-L/services/default.nix |  7 ++++-
 hosts/AZLT124-L/services/netbird.nix | 28 +++++++++++++++++++
 10 files changed, 154 insertions(+), 24 deletions(-)
 create mode 100644 hosts/AZ-CLD-1/services/netbird.nix
 create mode 100644 hosts/AZ-PRM-1/services/netbird.nix
 create mode 100644 hosts/AZLT124-L/services/netbird.nix

diff --git a/flake.lock b/flake.lock
index d5bb119..ff25aff 100644
--- a/flake.lock
+++ b/flake.lock
@@ -24,11 +24,11 @@
     "agents": {
       "flake": false,
       "locked": {
-        "lastModified": 1771432333,
-        "narHash": "sha256-IkfbQQahxwMBRRUl+FKc03pxSZO1MX2kRxBuCqKuTD4=",
+        "lastModified": 1772563257,
+        "narHash": "sha256-hp6Q8TVP9xZeBFgZm51ndCacmVZxucZzLtj12pzD6c0=",
         "ref": "refs/heads/master",
-        "rev": "1bc81fb38c20154f0dd77f7da9b9d95439d8d873",
-        "revCount": 62,
+        "rev": "39ac89f388532e9a7629808037791c64cd5fc13c",
+        "revCount": 63,
         "type": "git",
         "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
       },
@@ -322,11 +322,11 @@
         "openspec": "openspec"
       },
       "locked": {
-        "lastModified": 1772041931,
-        "narHash": "sha256-NQOQrGtR1EXM33JSVUt5Sz5MburSxWU7t9iZrJk9gQo=",
+        "lastModified": 1772589687,
+        "narHash": "sha256-lLNDrdU0kQE6E2LHJP0VUTFqH3SzTciCsmTIxsNXuOE=",
         "ref": "refs/heads/master",
-        "rev": "e22774539ac26071b1bc0e6e8272df3c3ec732f2",
-        "revCount": 132,
+        "rev": "3ebda192e9606565d806002a92c3f53f852550d3",
+        "revCount": 146,
         "type": "git",
         "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
       },
@@ -516,11 +516,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1771574031,
-        "narHash": "sha256-yKeO6auxI8PrBZOdt/LVRDm+bh939E60l4iZKo1ExeA=",
+        "lastModified": 1772587492,
+        "narHash": "sha256-eUR2gs5CHnsWqjLbQ57FzBYyMAL3b7Y7P7VPJgJ1z5s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ab43bb60c7d266a4a285e863d89c1e69cd124dd5",
+        "rev": "5f4ff3b0be7289f151c703b29d41ca0e0907bde2",
         "type": "github"
       },
       "original": {
@@ -580,11 +580,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1771369470,
-        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
+        "lastModified": 1772542754,
+        "narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0182a361324364ae3f436a63005877674cf45efb",
+        "rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
         "type": "github"
       },
       "original": {
@@ -687,16 +687,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1772031356,
-        "narHash": "sha256-PA3/P5nUDlrKD6xjDXFoNNF8U2Wzz2JeeY4H+CzWWgY=",
+        "lastModified": 1772572115,
+        "narHash": "sha256-9bgjdtghbKUvFJp+fuXlvP2Kp/KNnytCfGyhfz8x3+g=",
         "owner": "anomalyco",
         "repo": "opencode",
-        "rev": "de2bc25677b419d2af0da8b6a24a05d3f22b67a8",
+        "rev": "e66d829d1875f5a5fd8b0bfcab69cacb48b11b5d",
         "type": "github"
       },
       "original": {
         "owner": "anomalyco",
-        "ref": "v1.2.14",
+        "ref": "v1.2.16",
         "repo": "opencode",
         "type": "github"
       }
@@ -732,11 +732,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771554066,
-        "narHash": "sha256-nQPz81Um+4zhEeNz1o55Ix1DoBEM3CxeABAmOJkgIac=",
+        "lastModified": 1772182342,
+        "narHash": "sha256-9Q0iUyZGcDPLdgvnrBN3GumV8g9akV8TFb8bFkD1yYs=",
         "owner": "Fission-AI",
         "repo": "OpenSpec",
-        "rev": "4ba26902dfecf6f54c5a729993e012a57f4e2877",
+        "rev": "afdca0d5dab1aa109cfd8848b2512333ccad60c3",
         "type": "github"
       },
       "original": {
diff --git a/home/features/coding/default.nix b/home/features/coding/default.nix
index 85bceef..ae90db5 100644
--- a/home/features/coding/default.nix
+++ b/home/features/coding/default.nix
@@ -5,7 +5,6 @@
   home.packages = with pkgs; [
     agenix-cli
     alejandra
-    beads
     bc
     bun
     devpod
diff --git a/home/features/coding/opencode.nix b/home/features/coding/opencode.nix
index 9de86df..5a7828d 100644
--- a/home/features/coding/opencode.nix
+++ b/home/features/coding/opencode.nix
@@ -30,6 +30,43 @@
           extensions = [".nix"];
         };
       };
+      provider = {
+        litellm = {
+          npm = "@ai-sdk/openai-compatible";
+          name = "LiteLLM (AZ-Gruppe)";
+          options.baseURL = "https://llm.az-gruppe.com/v1";
+          models = {
+            "gpt-5.2" = {
+              name = "GPT-5.2";
+              limit = {
+                context = 400000;
+                output = 128000;
+              };
+            };
+            "gpt-5.3-codex" = {
+              name = "GPT-5.3 Codex";
+              limit = {
+                context = 400000;
+                output = 128000;
+              };
+            };
+            "claude-sonnet-4-6" = {
+              name = "Claude Sonnet 4.6";
+              limit = {
+                context = 200000;
+                output = 64000;
+              };
+            };
+            "claude-opus-4-6" = {
+              name = "Claude Opus 4.6";
+              limit = {
+                context = 200000;
+                output = 128000;
+              };
+            };
+          };
+        };
+      };
       mcp = {
         Ref = {
           type = "local";
diff --git a/home/features/desktop/default.nix b/home/features/desktop/default.nix
index 8677629..a560311 100644
--- a/home/features/desktop/default.nix
+++ b/home/features/desktop/default.nix
@@ -93,6 +93,7 @@
     # eww
     # firefox-devedition
     file-roller
+    kdotool
     ksnip
     hyprpaper-random
     hyprpanel
diff --git a/hosts/AZ-CLD-1/services/default.nix b/hosts/AZ-CLD-1/services/default.nix
index bbd2586..1e341d4 100644
--- a/hosts/AZ-CLD-1/services/default.nix
+++ b/hosts/AZ-CLD-1/services/default.nix
@@ -6,6 +6,7 @@
     ./gotenberg.nix
     ./metabase.nix
     ./n8n.nix
+    ./netbird.nix
     ./ntfy.nix
     ./outline.nix
     ./postgres.nix
diff --git a/hosts/AZ-CLD-1/services/netbird.nix b/hosts/AZ-CLD-1/services/netbird.nix
new file mode 100644
index 0000000..84ae8ed
--- /dev/null
+++ b/hosts/AZ-CLD-1/services/netbird.nix
@@ -0,0 +1,31 @@
+{pkgs, ...}: {
+  services.netbird = {
+    enable = true;
+    package = pkgs.unstable.netbird;
+  };
+
+  systemd.services.netbird = {
+    environment = {
+      NB_DISABLE_SSH_CONFIG = "true";
+    };
+    path = [
+      pkgs.shadow
+      pkgs.util-linux
+    ];
+  };
+
+  programs.ssh.extraConfig = ''
+    Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
+        PreferredAuthentications password,publickey,keyboard-interactive
+        PasswordAuthentication yes
+        PubkeyAuthentication yes
+        BatchMode no
+        ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
+        StrictHostKeyChecking no
+        UserKnownHostsFile /dev/null
+        CheckHostIP no
+        LogLevel ERROR
+  '';
+
+  networking.firewall.checkReversePath = "loose";
+}
diff --git a/hosts/AZ-PRM-1/services/n8n.nix b/hosts/AZ-PRM-1/services/n8n.nix
index eccd763..6d6fc4a 100644
--- a/hosts/AZ-PRM-1/services/n8n.nix
+++ b/hosts/AZ-PRM-1/services/n8n.nix
@@ -15,7 +15,7 @@
     ];
 
     routers.n8n = {
-      rule = "Host(`wf.i.az-intec.com`)";
+      rule = "Host(`wf.l.az-gruppe.com`)";
       tls = {
         certResolver = "ionos";
       };
diff --git a/hosts/AZ-PRM-1/services/netbird.nix b/hosts/AZ-PRM-1/services/netbird.nix
new file mode 100644
index 0000000..10cc079
--- /dev/null
+++ b/hosts/AZ-PRM-1/services/netbird.nix
@@ -0,0 +1,28 @@
+{pkgs, ...}: {
+  services.netbird.enable = true;
+
+  systemd.services.netbird = {
+    environment = {
+      NB_DISABLE_SSH_CONFIG = "true";
+    };
+    path = [
+      pkgs.shadow
+      pkgs.util-linux
+    ];
+  };
+
+  programs.ssh.extraConfig = ''
+    Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
+        PreferredAuthentications password,publickey,keyboard-interactive
+        PasswordAuthentication yes
+        PubkeyAuthentication yes
+        BatchMode no
+        ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
+        StrictHostKeyChecking no
+        UserKnownHostsFile /dev/null
+        CheckHostIP no
+        LogLevel ERROR
+  '';
+
+  networking.firewall.checkReversePath = "loose";
+}
diff --git a/hosts/AZLT124-L/services/default.nix b/hosts/AZLT124-L/services/default.nix
index b78fbf6..25f1a35 100644
--- a/hosts/AZLT124-L/services/default.nix
+++ b/hosts/AZLT124-L/services/default.nix
@@ -1,12 +1,17 @@
-{
+{pkgs, ...}: {
   imports = [
     # ./ad.nix
     ./mem0.nix
     ./n8n.nix
+    ./netbird.nix
     ./sound.nix
     ./udev.nix
   ];
   services = {
+    espanso = {
+      enable = true;
+      package = pkgs.espanso-wayland;
+    };
     hypridle.enable = true;
     printing.enable = true;
     gvfs.enable = true;
diff --git a/hosts/AZLT124-L/services/netbird.nix b/hosts/AZLT124-L/services/netbird.nix
new file mode 100644
index 0000000..10cc079
--- /dev/null
+++ b/hosts/AZLT124-L/services/netbird.nix
@@ -0,0 +1,28 @@
+{pkgs, ...}: {
+  services.netbird.enable = true;
+
+  systemd.services.netbird = {
+    environment = {
+      NB_DISABLE_SSH_CONFIG = "true";
+    };
+    path = [
+      pkgs.shadow
+      pkgs.util-linux
+    ];
+  };
+
+  programs.ssh.extraConfig = ''
+    Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
+        PreferredAuthentications password,publickey,keyboard-interactive
+        PasswordAuthentication yes
+        PubkeyAuthentication yes
+        BatchMode no
+        ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
+        StrictHostKeyChecking no
+        UserKnownHostsFile /dev/null
+        CheckHostIP no
+        LogLevel ERROR
+  '';
+
+  networking.firewall.checkReversePath = "loose";
+}