diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index 6d0907e..52af779 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -29,13 +29,15 @@ allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; }; - containers.netbird = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { + containers = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.21"; - forwardPorts = [ + #netbird-management = { + netbird = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.21"; + forwardPorts = [ { containerPort = 33073; hostPort = 33073; @@ -56,58 +58,299 @@ hostPort = 3478; protocol = "udp"; } - ] ++ map (x : { - containerPort = x; - hostPort = x; - protocol = "udp"; - }) (builtins.genList (y: y + 49152) (65535 - 49152)); + ] ++ map (x : { + containerPort = x; + hostPort = x; + protocol = "udp"; + }) (builtins.genList (y: y + 49152) (65535 - 49152)); - bindMounts = {}; + bindMounts = {}; - config = { + config = { - networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; - allowedUDPPorts = [ 3478 ]; - allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; - }; - - services.netbird = { - - enable = true; + networking.firewall = { + allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; + }; + + services.netbird = { - server = { - enable = true; - domain = "vpn.blunkall.us"; -/* - management = { + + server = { + enable = true; - dnsDomain = ".vpn"; + domain = "vpn.blunkall.us"; - turnDomain = "localhost"; + management = { + enable = true; + dnsDomain = ".vpn"; - disableAnonymousMetrics = true; + turnDomain = "localhost"; + + disableAnonymousMetrics = true; + }; + + dashboard = { + enable = true; + managementServer = "localhost"; + settings = { + AUTH_AUTHORITY = ""; + NETBIRD_USE_AUTH0 = false; + NETBIRD_AUTH_DEVICE_AUTH_PROVIDER = "none"; + }; + }; + + coturn = { + domain = "turn.blunkall.us"; + enable = true; + }; + + signal = { + enable = true; + }; + }; - - dashboard = { - enable = true; - managementServer = "localhost"; - }; - - coturn = { - domain = "turn.blunkall.us"; - enable = true; - }; - - signal = { - enable = true; - }; -*/ }; }; }; + /* + netbird-dashboard = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.21"; + forwardPorts = [ + { + containerPort = 33073; + hostPort = 33073; + protocol = "tcp"; + } + { + containerPort = 33080; + hostPort = 33080; + protocol = "tcp"; + } + { + containerPort = 10000; + hostPort = 10000; + protocol = "tcp"; + } + { + containerPort = 3478; + hostPort = 3478; + protocol = "udp"; + } + ] ++ map (x : { + containerPort = x; + hostPort = x; + protocol = "udp"; + }) (builtins.genList (y: y + 49152) (65535 - 49152)); + + + bindMounts = {}; + + config = { + + networking.firewall = { + allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; + }; + + services.netbird = { + + enable = true; + + server = { + + enable = true; + domain = "vpn.blunkall.us"; + management = { + enable = true; + dnsDomain = ".vpn"; + + turnDomain = "localhost"; + + disableAnonymousMetrics = true; + }; + + dashboard = { + enable = true; + managementServer = "localhost"; + }; + + coturn = { + domain = "turn.blunkall.us"; + enable = true; + }; + + signal = { + enable = true; + }; + }; + }; + }; + }; + + netbird-coturn = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.21"; + forwardPorts = [ + { + containerPort = 33073; + hostPort = 33073; + protocol = "tcp"; + } + { + containerPort = 33080; + hostPort = 33080; + protocol = "tcp"; + } + { + containerPort = 10000; + hostPort = 10000; + protocol = "tcp"; + } + { + containerPort = 3478; + hostPort = 3478; + protocol = "udp"; + } + ] ++ map (x : { + containerPort = x; + hostPort = x; + protocol = "udp"; + }) (builtins.genList (y: y + 49152) (65535 - 49152)); + + + bindMounts = {}; + + config = { + + networking.firewall = { + allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; + }; + + services.netbird = { + + enable = true; + + server = { + + enable = true; + domain = "vpn.blunkall.us"; + management = { + enable = true; + dnsDomain = ".vpn"; + + turnDomain = "localhost"; + + disableAnonymousMetrics = true; + }; + + dashboard = { + enable = true; + managementServer = "localhost"; + }; + + coturn = { + domain = "turn.blunkall.us"; + enable = true; + }; + + signal = { + enable = true; + }; + }; + }; + }; + }; + + netbird-signal = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.21"; + forwardPorts = [ + { + containerPort = 33073; + hostPort = 33073; + protocol = "tcp"; + } + { + containerPort = 33080; + hostPort = 33080; + protocol = "tcp"; + } + { + containerPort = 10000; + hostPort = 10000; + protocol = "tcp"; + } + { + containerPort = 3478; + hostPort = 3478; + protocol = "udp"; + } + ] ++ map (x : { + containerPort = x; + hostPort = x; + protocol = "udp"; + }) (builtins.genList (y: y + 49152) (65535 - 49152)); + + + bindMounts = {}; + + config = { + + networking.firewall = { + allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; + }; + + services.netbird = { + + enable = true; + + server = { + + enable = true; + domain = "vpn.blunkall.us"; + management = { + enable = true; + dnsDomain = ".vpn"; + + turnDomain = "localhost"; + + disableAnonymousMetrics = true; + }; + + dashboard = { + enable = true; + managementServer = "localhost"; + }; + + coturn = { + domain = "turn.blunkall.us"; + enable = true; + }; + + signal = { + enable = true; + }; + }; + }; + }; + }; +*/ }; }; }