movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 20:25:32 +03:00
Code Issues Projects Releases Packages Wiki Activity
nixpkgs/nixos/modules/services/networking/netbird.md
Krzysztof Nazarewski 9962b33f51 nixos/netbird: update docs & release notes
2025-01-28 12:34:55 +01:00

2.9 KiB
Raw Blame History

Netbird

Quickstart

The absolute minimal configuration for the Netbird client daemon looks like this:

{
  services.netbird.enable = true;
}

This will set up a netbird service listening on the port 51820 associated to the wt0 interface.

Which is equivalent to:

{
  services.netbird.clients.wt0 = {
    port = 51820;
    name = "netbird";
    interface = "wt0";
    hardened = false;
  };
}

This will set up a netbird.service listening on the port 51820 associated to the wt0 interface. There will also be netbird-wt0 binary installed in addition to netbird.

see clients option documentation for more details.

Multiple connections setup

Using the services.netbird.clients option, it is possible to define more than one netbird service running at the same time.

You must at least define a port for the service to listen on, the rest is optional:

{
  services.netbird.clients.wt1.port = 51830;
  services.netbird.clients.wt2.port = 51831;
}

see clients option documentation for more details.

Exposing services internally on the Netbird network

You can easily expose services exclusively to Netbird network by combining networking.firewall.interfaces rules with interface names:

{
  services.netbird.clients.priv.port = 51819;
  services.netbird.clients.work.port = 51818;
  networking.firewall.interfaces = {
    "${config.services.netbird.clients.priv.interface}" = {
      allowedUDPPorts = [ 1234 ];
    };
    "${config.services.netbird.clients.work.interface}" = {
      allowedTCPPorts = [ 8080 ];
    };
  };
}

Additional customizations

Each Netbird client service by default:

  • runs in a hardened mode,
  • starts with the system,
  • opens up a firewall for direct (without TURN servers) peer-to-peer communication,
  • can be additionally configured with environment variables,
  • automatically determines whether netbird-ui-<name> should be available,

autoStart allows you to start the client (an actual systemd service) on demand, for example to connect to work-related or otherwise conflicting network only when required. See the option description for more information.

environment allows you to pass additional configurations through environment variables, but special care needs to be taken for overriding config location and daemon address due hardened option.