JuliusFreudenberger
496bbb8271
Native will be used for SSH access, the container is rootless and will be used for reverse proxying services.
99 lines
2.5 KiB
Nix
99 lines
2.5 KiB
Nix
{
|
|
pkgs,
|
|
pkgs-unstable,
|
|
utils,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
|
|
cfg = config.services.netbird-client;
|
|
|
|
clientVersion = "0.69.0";
|
|
|
|
clientConfiguration = lib.types.submodule {
|
|
options = {
|
|
setupKey = lib.mkOption {
|
|
description = "Setup Key for this client";
|
|
type = lib.types.str;
|
|
};
|
|
};
|
|
};
|
|
|
|
in {
|
|
|
|
options.services.netbird-client = {
|
|
enable = lib.mkEnableOption "Netbird client, with possiblities for host connection and for docker based connection.";
|
|
managementUrl = lib.mkOption {
|
|
description = "Management URL of netbird server.";
|
|
type = lib.types.str;
|
|
};
|
|
host = lib.mkOption {
|
|
description = "Configuration for host connection";
|
|
type = clientConfiguration;
|
|
};
|
|
docker = lib.mkOption {
|
|
description = "Configuration for docker connection";
|
|
type = clientConfiguration;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.netbird = {
|
|
package = pkgs-unstable.netbird;
|
|
useRoutingFeatures = "both";
|
|
clients.wt0 = {
|
|
hardened = false;
|
|
login = {
|
|
enable = true;
|
|
setupKeyFile = (pkgs.writeText "setupKey" cfg.host.setupKey).outPath;
|
|
};
|
|
port = 51820;
|
|
environment = {
|
|
NB_MANAGEMENT_URL = cfg.managementUrl;
|
|
};
|
|
};
|
|
};
|
|
systemd.services.${config.services.netbird.clients.wt0.service.name}.path = [ pkgs.shadow ];
|
|
|
|
virtualisation.oci-containers.containers = {
|
|
netbird = {
|
|
image = "netbirdio/netbird:${clientVersion}-rootless";
|
|
autoStart = true;
|
|
hostname = "${config.networking.hostName}-docker";
|
|
networks = [
|
|
"webproxy"
|
|
];
|
|
environment = {
|
|
NB_MANAGEMENT_URL = cfg.managementUrl;
|
|
PEER_NAME = "${config.networking.hostName}-docker";
|
|
NB_SETUP_KEY = cfg.docker.setupKey;
|
|
};
|
|
extraOptions = [
|
|
''--mount=type=volume,source=netbird_client_data,target=/var/lib/netbird,volume-driver=local''
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.services."docker-netbird" = {
|
|
after = [
|
|
"docker-network-webproxy.service"
|
|
];
|
|
requires = [
|
|
"docker-network-webproxy.service"
|
|
];
|
|
};
|
|
|
|
|
|
systemd.services."docker-network-webproxy" = {
|
|
path = [ pkgs.docker ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
};
|
|
script = ''
|
|
docker network inspect webproxy || docker network create webproxy --ipv4 --ipv6 --subnet=172.20.0.0/16 --gateway=172.20.0.1
|
|
'';
|
|
};
|
|
};
|
|
}
|