{ config, lib, pkgs, ... }: { options.sysconfig.opts = { netbird.enable = lib.options.mkOption { type = lib.types.bool; default = false; }; virtualization.netbird = { enable = lib.options.mkOption { type = lib.types.bool; default = false; }; }; }; config = { services.netbird = { enable = config.sysconfig.opts.netbird.enable; }; #environment.systemPackages = lib.mkIf config.sysconfig.opts.netbird.enable [ pkgs.netbird-ui ]; networking.firewall = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { allowedTCPPorts = [ 80 443 33073 33080 10000 ]; allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; }; containers = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable { #netbird-management = { netbird = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.21"; forwardPorts = [ { containerPort = 33080; hostPort = 33080; protocol = "tcp"; } { containerPort = 3478; hostPort = 3478; protocol = "udp"; } ] ++ map (x: { containerPort = x; hostPort = x; protocol = "udp"; }) (builtins.genList (y: y + 49152) (1000)); /* ++ map (x : { containerPort = x; hostPort = x; protocol = "udp"; }) (builtins.genList (y: y + 49152) (65535 - 49152)); */ bindMounts = {}; config = { system.stateVersion = "25.05"; networking.firewall = { allowedTCPPorts = [ 80 443 33073 33080 10000 ]; allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; }; /*services.netbird = { enable = true; server = { enable = true; domain = "vpn.blunkall.us"; management = { enable = true; dnsDomain = ".vpn"; oidcConfigEndpoint = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; #turnDomain = "localhost"; disableAnonymousMetrics = true; }; dashboard = { enable = true; #managementServer = "localhost"; settings = { AUTH_AUTHORITY = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; NETBIRD_USE_AUTH0 = false; NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; NETBIRD_AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api"; NETBIRD_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; NETBIRD_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; NETBIRD_MGMT_IDP = "authentik"; NETBIRD_IDP_MGMT_CLIENT_ID = ""; NETBIRD_IDP_MGMT_EXTRA_USERNAME = "Netbird"; NETBIRD_IDP_MGMT_EXTRA_PASSWORD = "jfdkhsjlkasdhfklslhflhljksd"; NETBIRD_AUTH_PKCE_DISABLE_PROMPT_LOGIN = true; NETBIRD_DISABLE_LETSENCRYPT = true; NETBIRD_MGMT_API_ENDPOINT = "https://netbirdapi.blunkall.us:443"; NETBIRD_MGMT_GRPC_API_ENDPOINT = "https://netbirdapi.blunkall.us:443"; }; }; coturn = { #domain = "turn.blunkall.us"; enable = true; password = "password"; }; signal = { enable = true; }; }; };*/ }; }; /* netbird-dashboard = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.21"; forwardPorts = [ { containerPort = 33073; hostPort = 33073; protocol = "tcp"; } { containerPort = 33080; hostPort = 33080; protocol = "tcp"; } { containerPort = 10000; hostPort = 10000; protocol = "tcp"; } { containerPort = 3478; hostPort = 3478; protocol = "udp"; } ] ++ map (x : { containerPort = x; hostPort = x; protocol = "udp"; }) (builtins.genList (y: y + 49152) (65535 - 49152)); bindMounts = {}; config = { networking.firewall = { allowedTCPPorts = [ 80 443 33073 33080 10000 ]; allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; }; services.netbird = { enable = true; server = { enable = true; domain = "vpn.blunkall.us"; management = { enable = true; dnsDomain = ".vpn"; turnDomain = "localhost"; disableAnonymousMetrics = true; }; dashboard = { enable = true; managementServer = "localhost"; }; coturn = { domain = "turn.blunkall.us"; enable = true; }; signal = { enable = true; }; }; }; }; }; netbird-coturn = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.21"; forwardPorts = [ { containerPort = 33073; hostPort = 33073; protocol = "tcp"; } { containerPort = 33080; hostPort = 33080; protocol = "tcp"; } { containerPort = 10000; hostPort = 10000; protocol = "tcp"; } { containerPort = 3478; hostPort = 3478; protocol = "udp"; } ] ++ map (x : { containerPort = x; hostPort = x; protocol = "udp"; }) (builtins.genList (y: y + 49152) (65535 - 49152)); bindMounts = {}; config = { networking.firewall = { allowedTCPPorts = [ 80 443 33073 33080 10000 ]; allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; }; services.netbird = { enable = true; server = { enable = true; domain = "vpn.blunkall.us"; management = { enable = true; dnsDomain = ".vpn"; turnDomain = "localhost"; disableAnonymousMetrics = true; }; dashboard = { enable = true; managementServer = "localhost"; }; coturn = { domain = "turn.blunkall.us"; enable = true; }; signal = { enable = true; }; }; }; }; }; netbird-signal = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.21"; forwardPorts = [ { containerPort = 33073; hostPort = 33073; protocol = "tcp"; } { containerPort = 33080; hostPort = 33080; protocol = "tcp"; } { containerPort = 10000; hostPort = 10000; protocol = "tcp"; } { containerPort = 3478; hostPort = 3478; protocol = "udp"; } ] ++ map (x : { containerPort = x; hostPort = x; protocol = "udp"; }) (builtins.genList (y: y + 49152) (65535 - 49152)); bindMounts = {}; config = { networking.firewall = { allowedTCPPorts = [ 80 443 33073 33080 10000 ]; allowedUDPPorts = [ 3478 ]; allowedUDPPortRanges = [{ from = 49152; to = 65535; }]; }; services.netbird = { enable = true; server = { enable = true; domain = "vpn.blunkall.us"; management = { enable = true; dnsDomain = ".vpn"; turnDomain = "localhost"; disableAnonymousMetrics = true; }; dashboard = { enable = true; managementServer = "localhost"; }; coturn = { domain = "turn.blunkall.us"; enable = true; }; signal = { enable = true; }; }; }; }; }; */ }; }; }