pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / netbird.nix
at 23.05-pre 1.8 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.services.netbird; 7 kernel = config.boot.kernelPackages; 8 interfaceName = "wt0"; 9in { 10 meta.maintainers = with maintainers; [ misuzu ]; 11 12 options.services.netbird = { 13 enable = mkEnableOption (lib.mdDoc "Netbird daemon"); 14 package = mkOption { 15 type = types.package; 16 default = pkgs.netbird; 17 defaultText = literalExpression "pkgs.netbird"; 18 description = lib.mdDoc "The package to use for netbird"; 19 }; 20 }; 21 22 config = mkIf cfg.enable { 23 boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard; 24 25 environment.systemPackages = [ cfg.package ]; 26 27 networking.dhcpcd.denyInterfaces = [ interfaceName ]; 28 29 systemd.network.networks."50-netbird" = mkIf config.networking.useNetworkd { 30 matchConfig = { 31 Name = interfaceName; 32 }; 33 linkConfig = { 34 Unmanaged = true; 35 ActivationPolicy = "manual"; 36 }; 37 }; 38 39 systemd.services.netbird = { 40 description = "A WireGuard-based mesh network that connects your devices into a single private network"; 41 documentation = [ "https://netbird.io/docs/" ]; 42 after = [ "network.target" ]; 43 wantedBy = [ "multi-user.target" ]; 44 serviceConfig = { 45 AmbientCapabilities = [ "CAP_NET_ADMIN" ]; 46 DynamicUser = true; 47 Environment = [ 48 "NB_CONFIG=/var/lib/netbird/config.json" 49 "NB_LOG_FILE=console" 50 ]; 51 ExecStart = "${cfg.package}/bin/netbird service run"; 52 Restart = "always"; 53 RuntimeDirectory = "netbird"; 54 StateDirectory = "netbird"; 55 WorkingDirectory = "/var/lib/netbird"; 56 }; 57 unitConfig = { 58 StartLimitInterval = 5; 59 StartLimitBurst = 10; 60 }; 61 stopIfChanged = false; 62 }; 63 }; 64}