diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index 3372936..13ef265 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -25,7 +25,7 @@ allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; }; - +/* containers.netbird-dashboard = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { autoStart = true; @@ -206,4 +206,97 @@ }; }; +*/ + + containers.netbird = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.23"; + + forwardPorts = [ + + { + hostPort = 3478; + containerPort = 3478; + protocol = "udp"; + } + + ] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 49152 + y) (54152 - 49152)); + + + config = { + + services.netbird = { + server = { + enable = true; + enableNginx = false; + domain = "vpn.blunkall.us"; + + dashboard = { + enable = true; + settings = { + AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + }; + }; + management = { + enable = true; + + domain = "mgmt.blunkall.us"; + + disableAnonymousMetrics = true; + + dnsDomain = "vpn"; + + turnDomain = "vpn.blunkall.us"; + turnPort = 3478; + + oidcConfigEndpoint = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + + settings = { + "TURNConfig" = { + "Turns" = [ + { + "Proto" = "udp"; + "URI" = "turn:vpn.blunkall.us:3478"; + "Username" = "netbird"; + "Password" = "password"; + } + ]; + }; + + DataStoreEncryptionKey = "770A8A65DA156D24EE2A093277530142"; + }; + + port = 80; + }; + + coturn = { + enable = true; + + user = "netbird"; + password = "password"; + + openPorts = map (x: x) (builtins.genList (y: 49152 + y) (54152 - 49152)); + }; + + signal = { + enable = true; + port = 8080; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; + }; + + system.stateVersion = "25.05"; + }; + }; + + } diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index 3cae148..7eaa834 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -178,19 +178,19 @@ }; netbirdApi = { entryPoints = [ "websecure" ]; - rule = "Host(`mgmt.blunkall.us`) && PathPrefix(`/api`)"; + rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/api`)"; service = "netbirdApi"; tls.certResolver = "cloudflare"; }; netbirdMgmt = { entryPoints = [ "websecure" ]; - rule = "Host(`mgmt.blunkall.us`) && PathPrefix(`/management.ManagementService`)"; + rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/management.ManagementService`)"; service = "netbirdMgmt"; tls.certResolver = "cloudflare"; }; netbirdSignal = { entryPoints = [ "websecure" ]; - rule = "Host(`signal.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)"; + rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)"; service = "netbirdSignal"; tls.certResolver = "cloudflare"; }; @@ -229,9 +229,9 @@ passHostHeader = true; servers = [ { url = "http://192.168.100.23:80"; } ]; }; - netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.24:80"; } ]; - netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.24:80"; } ]; - netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.26:80"; } ]; + netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.23:80"; } ]; + netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.23:80"; } ]; + netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.23:8080"; } ]; #homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];