Add combined module for netbird client native and in container
Native will be used for SSH access, the container is rootless and will be used for reverse proxying services.
This commit is contained in:
parent
adaaaa9602
commit
496bbb8271
1 changed files with 99 additions and 0 deletions
99
modules/netbird-client.nix
Normal file
99
modules/netbird-client.nix
Normal file
|
|
@ -0,0 +1,99 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
pkgs-unstable,
|
||||||
|
utils,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
|
||||||
|
cfg = config.services.netbird-client;
|
||||||
|
|
||||||
|
clientVersion = "0.69.0";
|
||||||
|
|
||||||
|
clientConfiguration = lib.types.submodule {
|
||||||
|
options = {
|
||||||
|
setupKey = lib.mkOption {
|
||||||
|
description = "Setup Key for this client";
|
||||||
|
type = lib.types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
options.services.netbird-client = {
|
||||||
|
enable = lib.mkEnableOption "Netbird client, with possiblities for host connection and for docker based connection.";
|
||||||
|
managementUrl = lib.mkOption {
|
||||||
|
description = "Management URL of netbird server.";
|
||||||
|
type = lib.types.str;
|
||||||
|
};
|
||||||
|
host = lib.mkOption {
|
||||||
|
description = "Configuration for host connection";
|
||||||
|
type = clientConfiguration;
|
||||||
|
};
|
||||||
|
docker = lib.mkOption {
|
||||||
|
description = "Configuration for docker connection";
|
||||||
|
type = clientConfiguration;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.netbird = {
|
||||||
|
package = pkgs-unstable.netbird;
|
||||||
|
useRoutingFeatures = "both";
|
||||||
|
clients.wt0 = {
|
||||||
|
hardened = false;
|
||||||
|
login = {
|
||||||
|
enable = true;
|
||||||
|
setupKeyFile = (pkgs.writeText "setupKey" cfg.host.setupKey).outPath;
|
||||||
|
};
|
||||||
|
port = 51820;
|
||||||
|
environment = {
|
||||||
|
NB_MANAGEMENT_URL = cfg.managementUrl;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.${config.services.netbird.clients.wt0.service.name}.path = [ pkgs.shadow ];
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
netbird = {
|
||||||
|
image = "netbirdio/netbird:${clientVersion}-rootless";
|
||||||
|
autoStart = true;
|
||||||
|
hostname = "${config.networking.hostName}-docker";
|
||||||
|
networks = [
|
||||||
|
"webproxy"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
NB_MANAGEMENT_URL = cfg.managementUrl;
|
||||||
|
PEER_NAME = "${config.networking.hostName}-docker";
|
||||||
|
NB_SETUP_KEY = cfg.docker.setupKey;
|
||||||
|
};
|
||||||
|
extraOptions = [
|
||||||
|
''--mount=type=volume,source=netbird_client_data,target=/var/lib/netbird,volume-driver=local''
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."docker-netbird" = {
|
||||||
|
after = [
|
||||||
|
"docker-network-webproxy.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"docker-network-webproxy.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
systemd.services."docker-network-webproxy" = {
|
||||||
|
path = [ pkgs.docker ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
docker network inspect webproxy || docker network create webproxy --ipv4 --ipv6 --subnet=172.20.0.0/16 --gateway=172.20.0.1
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue