pyrox.dev
1# Netbird {#module-services-netbird}
2
3## Quickstart {#module-services-netbird-quickstart}
4
5The absolute minimal configuration for the Netbird client daemon looks like this:
6
7```nix
8{ services.netbird.enable = true; }
9```
10
11This will set up a netbird service listening on the port `51820` associated to the
12`wt0` interface.
13
14Which is equivalent to:
15
16```nix
17{
18 services.netbird.clients.wt0 = {
19 port = 51820;
20 name = "netbird";
21 interface = "wt0";
22 hardened = false;
23 };
24}
25```
26
27This will set up a `netbird.service` listening on the port `51820` associated to the
28`wt0` interface. There will also be `netbird-wt0` binary installed in addition to `netbird`.
29
30see [clients](#opt-services.netbird.clients) option documentation for more details.
31
32## Multiple connections setup {#module-services-netbird-multiple-connections}
33
34Using the `services.netbird.clients` option, it is possible to define more than
35one netbird service running at the same time.
36
37You must at least define a `port` for the service to listen on, the rest is optional:
38
39```nix
40{
41 services.netbird.clients.wt1.port = 51830;
42 services.netbird.clients.wt2.port = 51831;
43}
44```
45
46see [clients](#opt-services.netbird.clients) option documentation for more details.
47
48## Exposing services internally on the Netbird network {#module-services-netbird-firewall}
49
50You can easily expose services exclusively to Netbird network by combining
51[`networking.firewall.interfaces`](#opt-networking.firewall.interfaces) rules
52with [`interface`](#opt-services.netbird.clients._name_.interface) names:
53
54```nix
55{
56 services.netbird.clients.priv.port = 51819;
57 services.netbird.clients.work.port = 51818;
58 networking.firewall.interfaces = {
59 "${config.services.netbird.clients.priv.interface}" = {
60 allowedUDPPorts = [ 1234 ];
61 };
62 "${config.services.netbird.clients.work.interface}" = {
63 allowedTCPPorts = [ 8080 ];
64 };
65 };
66}
67```
68
69### Additional customizations {#module-services-netbird-customization}
70
71Each Netbird client service by default:
72
73- runs in a [hardened](#opt-services.netbird.clients._name_.hardened) mode,
74- starts with the system,
75- [opens up a firewall](#opt-services.netbird.clients._name_.openFirewall) for direct (without TURN servers)
76 peer-to-peer communication,
77- can be additionally configured with environment variables,
78- automatically determines whether `netbird-ui-<name>` should be available,
79- does not enable [routing features](#opt-services.netbird.useRoutingFeatures) by default
80 If you plan to use routing features, you must explicitly enable them. By enabling them, the service will
81 configure the firewall and enable IP forwarding on the system.
82 When set to `client` or `both`, reverse path filtering will be set to loose instead of strict.
83 When set to `server` or `both`, IP forwarding will be enabled.
84
85[autoStart](#opt-services.netbird.clients._name_.autoStart) allows you to start the client (an actual systemd service)
86on demand, for example to connect to work-related or otherwise conflicting network only when required.
87See the option description for more information.
88
89[environment](#opt-services.netbird.clients._name_.environment) allows you to pass additional configurations
90through environment variables, but special care needs to be taken for overriding config location and
91daemon address due [hardened](#opt-services.netbird.clients._name_.hardened) option.