diff --git a/system-config/services/containers/n8n/default.nix b/system-config/services/containers/n8n/default.nix new file mode 100644 index 0000000..8da9502 --- /dev/null +++ b/system-config/services/containers/n8n/default.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: { + + options.sysconfig.opts.virtualization.n8n.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + + config = lib.mkIf config.sysconfig.opts.virtualization.n8n.enable { + + containers.n8n = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.21"; + + config = { + + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.n8n = { + + }; + + system.stateVersion = "25.05"; + }; + }; + }; +} diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index 29b4490..0d4056c 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -22,12 +22,189 @@ }; networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; }; - containers.netbird = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { + containers.netbird-dashboard = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.23"; + + + config = { + + services.netbird = { + server = { + enableNginx = false; + management = { + port = 80; + }; + + dashboard = { + enable = true; + settings = { + AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + }; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 80 ]; + }; + + system.stateVersion = "25.05"; + }; + }; + + + containers.netbird-management = lib.mkIf false { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.24"; + + forwardPorts = [ + + { + hostPort = 3478; + containerPort = 3478; + protocol = "udp"; + } + + ] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 49152 + y) (54152 - 49152)); + + bindMounts = { + + }; + + + config = { + + services.netbird = { + server = { + enableNginx = false; + management = { + enable = true; + + disableAnonymousMetrics = true; + + dnsDomain = "vpn"; + + oidcConfigEndpoint = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + + settings = { + "TURNConfig" = { + "Turns" = [ + { + "Proto" = "udp"; + "URI" = "turn:vpn.blunkall.us:3478"; + "Username" = "netbird"; + "Password" = "QTCV8+Q+b+g5FYXz3gRP7suxy9cmbEpFTzYu2+/IQ4E"; + } + ]; + }; + }; + + port = 80; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 80 ]; + }; + + system.stateVersion = "25.05"; + }; + }; + + + containers.netbird-coturn = lib.mkIf false { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.21"; + + forwardPorts = [ + + { + hostPort = 3478; + containerPort = 3478; + protocol = "udp"; + } + + ] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 49152 + y) (54152 - 49152)); + + bindMounts = { + + }; + + + config = { + + services.netbird = { + server = { + enable = true; + enableNginx = false; + domain = "vpn.blunkall.us"; + + management = { + enable = true; + + disableAnonymousMetrics = true; + + dnsDomain = "vpn"; + + oidcConfigEndpoint = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + + settings = { + "TURNConfig" = { + "Turns" = [ + { + "Proto" = "udp"; + "URI" = "turn:vpn.blunkall.us:3478"; + "Username" = "netbird"; + "Password" = "QTCV8+Q+b+g5FYXz3gRP7suxy9cmbEpFTzYu2+/IQ4E"; + } + ]; + }; + }; + + port = 33073; + }; + + dashboard = { + settings = { + AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + }; + }; + + coturn = { + enable = true; + + password = "password"; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; + }; + + system.stateVersion = "25.05"; + }; + }; + + + containers.netbird-signal = lib.mkIf false { autoStart = true; privateNetwork = true; diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index f04c3d1..8d28e88 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -227,7 +227,7 @@ netbird.loadBalancer = { passHostHeader = true; - servers = [ { url = "http://192.168.100.21:33073"; } ]; + servers = [ { url = "http://192.168.100.23"; } ]; }; netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ]; netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ];