diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index bb6b604..6a0a2ff 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -21,365 +21,17 @@ enable = config.sysconfig.opts.netbird.enable; }; - #environment.systemPackages = lib.mkIf config.sysconfig.opts.netbird.enable [ pkgs.netbird-ui ]; + systemd.services.launchNetbird = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { - networking.firewall = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; - allowedUDPPorts = [ 3478 ]; - allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; + enable = false; + + wantedBy = [ "multi-user.target" ]; + + script = '' + cd /ssd1/Netbird + ${pkgs.docker-compose}/bin/docker-compose up + ''; }; - containers = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { - - #netbird-management = { - netbird = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.21"; - forwardPorts = [ - - { - containerPort = 33080; - hostPort = 33080; - protocol = "tcp"; - } - - { - containerPort = 3478; - hostPort = 3478; - protocol = "udp"; - } - ] ++ map (x: { - containerPort = x; - hostPort = x; - protocol = "udp"; - }) (builtins.genList (y: y + 49152) (54152 - 49152)); - - - bindMounts = {}; - - config = { - - system.stateVersion = "25.05"; - - networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; - allowedUDPPorts = [ 3478 ]; - allowedUDPPortRanges = [{ from = 49152; to = 54152; }]; - }; - - services.netbird = { - - enable = true; - - server = { - - enable = true; - domain = "vpn.blunkall.us"; - - management = { - enable = true; - dnsDomain = ".vpn"; - oidcConfigEndpoint = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; - - #turnDomain = "localhost"; - - disableAnonymousMetrics = true; - - settings = { - Signal = { - Proto = "http"; - URI = "vpn.blunkall.us:443"; - }; - - HttpConfig = { - Address = "0.0.0.0:443"; - AuthIssuer = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; - AuthAudience = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; - }; - }; - }; - - dashboard = { - enable = true; - #managementServer = "localhost"; - settings = { - AUTH_AUTHORITY = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; - NETBIRD_USE_AUTH0 = false; - NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; - NETBIRD_AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api"; - NETBIRD_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; - NETBIRD_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; - NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; - NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; - - NETBIRD_MGMT_IDP = "authentik"; - NETBIRD_IDP_MGMT_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; - NETBIRD_IDP_MGMT_EXTRA_USERNAME = "Netbird"; - NETBIRD_IDP_MGMT_EXTRA_PASSWORD = "jfdkhsjlkasdhfklslhflhljksd"; - - NETBIRD_AUTH_PKCE_DISABLE_PROMPT_LOGIN = true; - - NETBIRD_DISABLE_LETSENCRYPT = true; - NETBIRD_MGMT_API_ENDPOINT = "https://netbirdapi.blunkall.us:443"; - NETBIRD_MGMT_GRPC_API_ENDPOINT = "https://netbirdapi.blunkall.us:443"; - #NETBIRD_RELAY_PORT = "443"; - - TURN_MAX_PORT = "54152"; - - }; - }; - - coturn = { - #domain = "turn.blunkall.us"; - enable = true; - password = "password"; - }; - - signal = { - enable = true; - }; - - }; - }; - }; - }; - /* - netbird-dashboard = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.21"; - forwardPorts = [ - { - containerPort = 33073; - hostPort = 33073; - protocol = "tcp"; - } - { - containerPort = 33080; - hostPort = 33080; - protocol = "tcp"; - } - { - containerPort = 10000; - hostPort = 10000; - protocol = "tcp"; - } - { - containerPort = 3478; - hostPort = 3478; - protocol = "udp"; - } - ] ++ map (x : { - containerPort = x; - hostPort = x; - protocol = "udp"; - }) (builtins.genList (y: y + 49152) (65535 - 49152)); - - - bindMounts = {}; - - config = { - - networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; - allowedUDPPorts = [ 3478 ]; - allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; - }; - - services.netbird = { - - enable = true; - - server = { - - enable = true; - domain = "vpn.blunkall.us"; - management = { - enable = true; - dnsDomain = ".vpn"; - - turnDomain = "localhost"; - - disableAnonymousMetrics = true; - }; - - dashboard = { - enable = true; - managementServer = "localhost"; - }; - - coturn = { - domain = "turn.blunkall.us"; - enable = true; - }; - - signal = { - enable = true; - }; - }; - }; - }; - }; - - netbird-coturn = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.21"; - forwardPorts = [ - { - containerPort = 33073; - hostPort = 33073; - protocol = "tcp"; - } - { - containerPort = 33080; - hostPort = 33080; - protocol = "tcp"; - } - { - containerPort = 10000; - hostPort = 10000; - protocol = "tcp"; - } - { - containerPort = 3478; - hostPort = 3478; - protocol = "udp"; - } - ] ++ map (x : { - containerPort = x; - hostPort = x; - protocol = "udp"; - }) (builtins.genList (y: y + 49152) (65535 - 49152)); - - - bindMounts = {}; - - config = { - - networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; - allowedUDPPorts = [ 3478 ]; - allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; - }; - - services.netbird = { - - enable = true; - - server = { - - enable = true; - domain = "vpn.blunkall.us"; - management = { - enable = true; - dnsDomain = ".vpn"; - - turnDomain = "localhost"; - - disableAnonymousMetrics = true; - }; - - dashboard = { - enable = true; - managementServer = "localhost"; - }; - - coturn = { - domain = "turn.blunkall.us"; - enable = true; - }; - - signal = { - enable = true; - }; - }; - }; - }; - }; - - netbird-signal = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.21"; - forwardPorts = [ - { - containerPort = 33073; - hostPort = 33073; - protocol = "tcp"; - } - { - containerPort = 33080; - hostPort = 33080; - protocol = "tcp"; - } - { - containerPort = 10000; - hostPort = 10000; - protocol = "tcp"; - } - { - containerPort = 3478; - hostPort = 3478; - protocol = "udp"; - } - ] ++ map (x : { - containerPort = x; - hostPort = x; - protocol = "udp"; - }) (builtins.genList (y: y + 49152) (65535 - 49152)); - - - bindMounts = {}; - - config = { - - networking.firewall = { - allowedTCPPorts = [ 80 443 33073 33080 10000 ]; - allowedUDPPorts = [ 3478 ]; - allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; - }; - - services.netbird = { - - enable = true; - - server = { - - enable = true; - domain = "vpn.blunkall.us"; - management = { - enable = true; - dnsDomain = ".vpn"; - - turnDomain = "localhost"; - - disableAnonymousMetrics = true; - }; - - dashboard = { - enable = true; - managementServer = "localhost"; - }; - - coturn = { - domain = "turn.blunkall.us"; - enable = true; - }; - - signal = { - enable = true; - }; - }; - }; - }; - }; -*/ - }; }; }