From 8a6056998ed5d16b937ab82f5944e2a96d9947fa Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 27 Jul 2025 16:00:12 -0500 Subject: [PATCH] desperation --- .../services/containers/netbird/default.nix | 136 ++++-------------- .../services/containers/traefik/default.nix | 14 +- 2 files changed, 31 insertions(+), 119 deletions(-) diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index 0d4056c..b67f479 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -45,9 +45,11 @@ dashboard = { enable = true; + domain = "vpn.blunkall.us"; settings = { AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; }; + managementServer = "192.168.100.24"; }; }; }; @@ -61,27 +63,12 @@ }; - containers.netbird-management = lib.mkIf false { + containers.netbird-management = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.24"; - - forwardPorts = [ - - { - hostPort = 3478; - containerPort = 3478; - protocol = "udp"; - } - - ] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 49152 + y) (54152 - 49152)); - - bindMounts = { - - }; - config = { @@ -91,10 +78,15 @@ management = { enable = true; + domain = "mgmt.blunkall.us"; + disableAnonymousMetrics = true; dnsDomain = "vpn"; + turnDomain = "coturn.blunkall.us"; + turnPort = 3478; + oidcConfigEndpoint = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; settings = { @@ -102,9 +94,9 @@ "Turns" = [ { "Proto" = "udp"; - "URI" = "turn:vpn.blunkall.us:3478"; + "URI" = "turn:coturn.blunkall.us:3478"; "Username" = "netbird"; - "Password" = "QTCV8+Q+b+g5FYXz3gRP7suxy9cmbEpFTzYu2+/IQ4E"; + "Password" = "password"; } ]; }; @@ -124,12 +116,12 @@ }; - containers.netbird-coturn = lib.mkIf false { + containers.netbird-coturn = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; - localAddress = "192.168.100.21"; + localAddress = "192.168.100.25"; forwardPorts = [ @@ -150,51 +142,21 @@ services.netbird = { server = { - enable = true; enableNginx = false; - domain = "vpn.blunkall.us"; - - management = { - enable = true; - - disableAnonymousMetrics = true; - - dnsDomain = "vpn"; - - oidcConfigEndpoint = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; - - settings = { - "TURNConfig" = { - "Turns" = [ - { - "Proto" = "udp"; - "URI" = "turn:vpn.blunkall.us:3478"; - "Username" = "netbird"; - "Password" = "QTCV8+Q+b+g5FYXz3gRP7suxy9cmbEpFTzYu2+/IQ4E"; - } - ]; - }; - }; - - port = 33073; - }; - - dashboard = { - settings = { - AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; - }; - }; - coturn = { enable = true; + domain = "coturn.blunkall.us"; + user = "netbird"; password = "password"; + + openPorts = map (x: x) (builtins.genList (y: 49152 + y) (54152 - 49152)); }; }; }; networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedTCPPorts = [ 33080 ]; allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; }; @@ -204,79 +166,29 @@ }; - containers.netbird-signal = lib.mkIf false { + containers.netbird-signal = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; - localAddress = "192.168.100.21"; - - forwardPorts = [ - - { - hostPort = 3478; - containerPort = 3478; - protocol = "udp"; - } - - ] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 49152 + y) (54152 - 49152)); - - bindMounts = { - - }; - + localAddress = "192.168.100.26"; config = { services.netbird = { server = { - enable = true; enableNginx = false; - domain = "vpn.blunkall.us"; - - management = { + + signal = { enable = true; - - disableAnonymousMetrics = true; - - dnsDomain = "vpn"; - - oidcConfigEndpoint = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; - - settings = { - "TURNConfig" = { - "Turns" = [ - { - "Proto" = "udp"; - "URI" = "turn:vpn.blunkall.us:3478"; - "Username" = "netbird"; - "Password" = "QTCV8+Q+b+g5FYXz3gRP7suxy9cmbEpFTzYu2+/IQ4E"; - } - ]; - }; - }; - - port = 33073; - }; - - dashboard = { - settings = { - AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; - }; - }; - - coturn = { - enable = true; - - password = "password"; + port = 80; + domain = "signal.blunkall.us"; }; }; }; networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; - allowedUDPPorts = [ 3478 ]; - allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; + allowedTCPPorts = [ 80 ]; }; system.stateVersion = "25.05"; diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index 8d28e88..3cae148 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -178,19 +178,19 @@ }; netbirdApi = { entryPoints = [ "websecure" ]; - rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/api`)"; + rule = "Host(`mgmt.blunkall.us`) && PathPrefix(`/api`)"; service = "netbirdApi"; tls.certResolver = "cloudflare"; }; netbirdMgmt = { entryPoints = [ "websecure" ]; - rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/management.ManagementService`)"; + rule = "Host(`mgmt.blunkall.us`) && PathPrefix(`/management.ManagementService`)"; service = "netbirdMgmt"; tls.certResolver = "cloudflare"; }; netbirdSignal = { entryPoints = [ "websecure" ]; - rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)"; + rule = "Host(`signal.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)"; service = "netbirdSignal"; tls.certResolver = "cloudflare"; }; @@ -227,11 +227,11 @@ netbird.loadBalancer = { passHostHeader = true; - servers = [ { url = "http://192.168.100.23"; } ]; + servers = [ { url = "http://192.168.100.23:80"; } ]; }; - netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ]; - netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ]; - netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ]; + netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.24:80"; } ]; + netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.24:80"; } ]; + netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.26:80"; } ]; #homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];