diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index 0ada50e..6d0907e 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -21,7 +21,13 @@ enable = config.sysconfig.opts.netbird.enable; }; - environment.systemPackages = lib.mkIf config.sysconfig.opts.netbird.enable [ pkgs.netbird-ui ]; + #environment.systemPackages = lib.mkIf config.sysconfig.opts.netbird.enable [ pkgs.netbird-ui ]; + + networking.firewall = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { + allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; + }; containers.netbird = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { @@ -29,10 +35,43 @@ privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.21"; + forwardPorts = [ + { + containerPort = 33073; + hostPort = 33073; + protocol = "tcp"; + } + { + containerPort = 33080; + hostPort = 33080; + protocol = "tcp"; + } + { + containerPort = 10000; + hostPort = 10000; + protocol = "tcp"; + } + { + containerPort = 3478; + hostPort = 3478; + protocol = "udp"; + } + ] ++ map (x : { + containerPort = x; + hostPort = x; + protocol = "udp"; + }) (builtins.genList (y: y + 49152) (65535 - 49152)); + bindMounts = {}; config = { + + networking.firewall = { + allowedTCPPorts = [ 80 443 33073 33080 10000 ]; + allowedUDPPorts = [ 3478 ]; + allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; + }; services.netbird = { @@ -42,25 +81,30 @@ enable = true; domain = "vpn.blunkall.us"; - +/* management = { enable = true; dnsDomain = ".vpn"; + turnDomain = "localhost"; + disableAnonymousMetrics = true; }; dashboard = { enable = true; + managementServer = "localhost"; }; coturn = { + domain = "turn.blunkall.us"; enable = true; }; signal = { enable = true; }; +*/ }; }; }; diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index f421d9c..467f33b 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -216,6 +216,13 @@ service = "pihole"; tls.certResolver = "cloudflare"; };*/ + + netbird = { + entryPoints = [ "websecure" ]; + rule = "Host(`vpn.blunkall.us`)"; + service = "netbird"; + tls.certResolver = "cloudflare"; + }; }; middlewares = { @@ -261,6 +268,8 @@ nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ]; ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ]; + + netbird.loadBalancer.servers = [ { url = "http://192.168.100.21"; } ]; homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];