386 lines
13 KiB
Nix
386 lines
13 KiB
Nix
{ config, lib, pkgs, ... }: {
|
|
|
|
options.sysconfig.opts = {
|
|
|
|
netbird.enable = lib.options.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
};
|
|
|
|
virtualization.netbird = {
|
|
enable = lib.options.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
config = {
|
|
|
|
services.netbird = {
|
|
enable = config.sysconfig.opts.netbird.enable;
|
|
};
|
|
|
|
#environment.systemPackages = lib.mkIf config.sysconfig.opts.netbird.enable [ pkgs.netbird-ui ];
|
|
|
|
networking.firewall = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable {
|
|
allowedTCPPorts = [ 80 443 33073 33080 10000 ];
|
|
allowedUDPPorts = [ 3478 ];
|
|
allowedUDPPortRanges = [{ from = 49152; to = 54152; }];
|
|
};
|
|
|
|
containers = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable {
|
|
|
|
#netbird-management = {
|
|
netbird = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.21";
|
|
forwardPorts = [
|
|
|
|
{
|
|
containerPort = 33080;
|
|
hostPort = 33080;
|
|
protocol = "tcp";
|
|
}
|
|
|
|
{
|
|
containerPort = 3478;
|
|
hostPort = 3478;
|
|
protocol = "udp";
|
|
}
|
|
] ++ map (x: {
|
|
containerPort = x;
|
|
hostPort = x;
|
|
protocol = "udp";
|
|
}) (builtins.genList (y: y + 49152) (54152 - 49152));
|
|
|
|
|
|
bindMounts = {};
|
|
|
|
config = {
|
|
|
|
system.stateVersion = "25.05";
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 80 443 33073 33080 10000 ];
|
|
allowedUDPPorts = [ 3478 ];
|
|
allowedUDPPortRanges = [{ from = 49152; to = 54152; }];
|
|
};
|
|
|
|
services.netbird = {
|
|
|
|
enable = true;
|
|
|
|
server = {
|
|
|
|
enable = true;
|
|
domain = "vpn.blunkall.us";
|
|
|
|
management = {
|
|
enable = true;
|
|
dnsDomain = ".vpn";
|
|
oidcConfigEndpoint = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration";
|
|
|
|
#turnDomain = "localhost";
|
|
|
|
disableAnonymousMetrics = true;
|
|
|
|
settings = {
|
|
Signal = {
|
|
Proto = "http";
|
|
URI = "vpn.blunkall.us:443";
|
|
};
|
|
|
|
HttpConfig = {
|
|
Address = "0.0.0.0:443";
|
|
AuthIssuer = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration";
|
|
AuthAudience = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD";
|
|
};
|
|
};
|
|
};
|
|
|
|
dashboard = {
|
|
enable = true;
|
|
#managementServer = "localhost";
|
|
settings = {
|
|
AUTH_AUTHORITY = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration";
|
|
NETBIRD_USE_AUTH0 = false;
|
|
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration";
|
|
NETBIRD_AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api";
|
|
NETBIRD_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD";
|
|
NETBIRD_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD";
|
|
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD";
|
|
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD";
|
|
|
|
NETBIRD_MGMT_IDP = "authentik";
|
|
NETBIRD_IDP_MGMT_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD";
|
|
NETBIRD_IDP_MGMT_EXTRA_USERNAME = "Netbird";
|
|
NETBIRD_IDP_MGMT_EXTRA_PASSWORD = "jfdkhsjlkasdhfklslhflhljksd";
|
|
|
|
NETBIRD_AUTH_PKCE_DISABLE_PROMPT_LOGIN = true;
|
|
|
|
NETBIRD_DISABLE_LETSENCRYPT = true;
|
|
NETBIRD_MGMT_API_ENDPOINT = "https://netbirdapi.blunkall.us:443";
|
|
NETBIRD_MGMT_GRPC_API_ENDPOINT = "https://netbirdapi.blunkall.us:443";
|
|
#NETBIRD_RELAY_PORT = "443";
|
|
|
|
TURN_MAX_PORT = "54152";
|
|
|
|
};
|
|
};
|
|
|
|
coturn = {
|
|
#domain = "turn.blunkall.us";
|
|
enable = true;
|
|
password = "password";
|
|
};
|
|
|
|
signal = {
|
|
enable = true;
|
|
};
|
|
|
|
};
|
|
};
|
|
};
|
|
};
|
|
/*
|
|
netbird-dashboard = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.21";
|
|
forwardPorts = [
|
|
{
|
|
containerPort = 33073;
|
|
hostPort = 33073;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 33080;
|
|
hostPort = 33080;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 10000;
|
|
hostPort = 10000;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 3478;
|
|
hostPort = 3478;
|
|
protocol = "udp";
|
|
}
|
|
] ++ map (x : {
|
|
containerPort = x;
|
|
hostPort = x;
|
|
protocol = "udp";
|
|
}) (builtins.genList (y: y + 49152) (65535 - 49152));
|
|
|
|
|
|
bindMounts = {};
|
|
|
|
config = {
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 80 443 33073 33080 10000 ];
|
|
allowedUDPPorts = [ 3478 ];
|
|
allowedUDPPortRanges = [{ from = 49152; to = 65535; }];
|
|
};
|
|
|
|
services.netbird = {
|
|
|
|
enable = true;
|
|
|
|
server = {
|
|
|
|
enable = true;
|
|
domain = "vpn.blunkall.us";
|
|
management = {
|
|
enable = true;
|
|
dnsDomain = ".vpn";
|
|
|
|
turnDomain = "localhost";
|
|
|
|
disableAnonymousMetrics = true;
|
|
};
|
|
|
|
dashboard = {
|
|
enable = true;
|
|
managementServer = "localhost";
|
|
};
|
|
|
|
coturn = {
|
|
domain = "turn.blunkall.us";
|
|
enable = true;
|
|
};
|
|
|
|
signal = {
|
|
enable = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
netbird-coturn = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.21";
|
|
forwardPorts = [
|
|
{
|
|
containerPort = 33073;
|
|
hostPort = 33073;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 33080;
|
|
hostPort = 33080;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 10000;
|
|
hostPort = 10000;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 3478;
|
|
hostPort = 3478;
|
|
protocol = "udp";
|
|
}
|
|
] ++ map (x : {
|
|
containerPort = x;
|
|
hostPort = x;
|
|
protocol = "udp";
|
|
}) (builtins.genList (y: y + 49152) (65535 - 49152));
|
|
|
|
|
|
bindMounts = {};
|
|
|
|
config = {
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 80 443 33073 33080 10000 ];
|
|
allowedUDPPorts = [ 3478 ];
|
|
allowedUDPPortRanges = [{ from = 49152; to = 65535; }];
|
|
};
|
|
|
|
services.netbird = {
|
|
|
|
enable = true;
|
|
|
|
server = {
|
|
|
|
enable = true;
|
|
domain = "vpn.blunkall.us";
|
|
management = {
|
|
enable = true;
|
|
dnsDomain = ".vpn";
|
|
|
|
turnDomain = "localhost";
|
|
|
|
disableAnonymousMetrics = true;
|
|
};
|
|
|
|
dashboard = {
|
|
enable = true;
|
|
managementServer = "localhost";
|
|
};
|
|
|
|
coturn = {
|
|
domain = "turn.blunkall.us";
|
|
enable = true;
|
|
};
|
|
|
|
signal = {
|
|
enable = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
netbird-signal = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.21";
|
|
forwardPorts = [
|
|
{
|
|
containerPort = 33073;
|
|
hostPort = 33073;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 33080;
|
|
hostPort = 33080;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 10000;
|
|
hostPort = 10000;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 3478;
|
|
hostPort = 3478;
|
|
protocol = "udp";
|
|
}
|
|
] ++ map (x : {
|
|
containerPort = x;
|
|
hostPort = x;
|
|
protocol = "udp";
|
|
}) (builtins.genList (y: y + 49152) (65535 - 49152));
|
|
|
|
|
|
bindMounts = {};
|
|
|
|
config = {
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 80 443 33073 33080 10000 ];
|
|
allowedUDPPorts = [ 3478 ];
|
|
allowedUDPPortRanges = [{ from = 49152; to = 65535; }];
|
|
};
|
|
|
|
services.netbird = {
|
|
|
|
enable = true;
|
|
|
|
server = {
|
|
|
|
enable = true;
|
|
domain = "vpn.blunkall.us";
|
|
management = {
|
|
enable = true;
|
|
dnsDomain = ".vpn";
|
|
|
|
turnDomain = "localhost";
|
|
|
|
disableAnonymousMetrics = true;
|
|
};
|
|
|
|
dashboard = {
|
|
enable = true;
|
|
managementServer = "localhost";
|
|
};
|
|
|
|
coturn = {
|
|
domain = "turn.blunkall.us";
|
|
enable = true;
|
|
};
|
|
|
|
signal = {
|
|
enable = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
*/
|
|
};
|
|
};
|
|
}
|