nixos/modules/services/networking/netbird.md at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / netbird.md
at 25.11-pre 3.0 kB view raw view rendered
 1# Netbird {#module-services-netbird}
 2
 3## Quickstart {#module-services-netbird-quickstart}
 4
 5The absolute minimal configuration for the Netbird client daemon looks like this:
 6
 7```nix
 8{
 9  services.netbird.enable = true;
10}
11```
12
13This will set up a netbird service listening on the port `51820` associated to the
14`wt0` interface.
15
16Which is equivalent to:
17
18```nix
19{
20  services.netbird.clients.wt0 = {
21    port = 51820;
22    name = "netbird";
23    interface = "wt0";
24    hardened = false;
25  };
26}
27```
28
29This will set up a `netbird.service` listening on the port `51820` associated to the
30`wt0` interface. There will also be `netbird-wt0` binary installed in addition to `netbird`.
31
32see [clients](#opt-services.netbird.clients) option documentation for more details.
33
34## Multiple connections setup {#module-services-netbird-multiple-connections}
35
36Using the `services.netbird.clients` option, it is possible to define more than
37one netbird service running at the same time.
38
39You must at least define a `port` for the service to listen on, the rest is optional:
40
41```nix
42{
43  services.netbird.clients.wt1.port = 51830;
44  services.netbird.clients.wt2.port = 51831;
45}
46```
47
48see [clients](#opt-services.netbird.clients) option documentation for more details.
49
50## Exposing services internally on the Netbird network {#module-services-netbird-firewall}
51
52You can easily expose services exclusively to Netbird network by combining
53[`networking.firewall.interfaces`](#opt-networking.firewall.interfaces) rules
54with [`interface`](#opt-services.netbird.clients._name_.interface) names:
55
56```nix
57{
58  services.netbird.clients.priv.port = 51819;
59  services.netbird.clients.work.port = 51818;
60  networking.firewall.interfaces = {
61    "${config.services.netbird.clients.priv.interface}" = {
62      allowedUDPPorts = [ 1234 ];
63    };
64    "${config.services.netbird.clients.work.interface}" = {
65      allowedTCPPorts = [ 8080 ];
66    };
67  };
68}
69```
70
71### Additional customizations {#module-services-netbird-customization}
72
73Each Netbird client service by default:
74
75- runs in a [hardened](#opt-services.netbird.clients._name_.hardened) mode,
76- starts with the system,
77- [opens up a firewall](#opt-services.netbird.clients._name_.openFirewall) for direct (without TURN servers)
78  peer-to-peer communication,
79- can be additionally configured with environment variables,
80- automatically determines whether `netbird-ui-<name>` should be available,
81
82[autoStart](#opt-services.netbird.clients._name_.autoStart) allows you to start the client (an actual systemd service)
83on demand, for example to connect to work-related or otherwise conflicting network only when required.
84See the option description for more information.
85
86[environment](#opt-services.netbird.clients._name_.environment) allows you to pass additional configurations
87through environment variables, but special care needs to be taken for overriding config location and
88daemon address due [hardened](#opt-services.netbird.clients._name_.hardened) option.