| blob | d39c373dbc94c83c3083cd2a1e739c4b27b2d8a2 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 let
9 inherit (lib)
10 attrNames
11 getExe
12 literalExpression
13 maintainers
14 mapAttrs'
15 mkDefault
16 mkEnableOption
17 mkIf
18 mkMerge
19 mkOption
20 mkPackageOption
21 nameValuePair
22 optional
23 versionOlder
24 ;
26 inherit (lib.types)
27 attrsOf
28 port
29 str
30 submodule
31 ;
33 kernel = config.boot.kernelPackages;
35 cfg = config.services.netbird;
36 in
37 {
38 meta.maintainers = with maintainers; [ ];
39 meta.doc = ./netbird.md;
41 options.services.netbird = {
42 enable = mkEnableOption "Netbird daemon";
43 package = mkPackageOption pkgs "netbird" { };
45 tunnels = mkOption {
46 type = attrsOf (
47 submodule (
48 { name, config, ... }:
49 {
50 options = {
51 port = mkOption {
52 type = port;
53 default = 51820;
54 description = ''
55 Port for the ${name} netbird interface.
56 '';
57 };
59 environment = mkOption {
60 type = attrsOf str;
61 defaultText = literalExpression ''
62 {
63 NB_CONFIG = "/var/lib/''${stateDir}/config.json";
64 NB_LOG_FILE = "console";
65 NB_WIREGUARD_PORT = builtins.toString port;
66 NB_INTERFACE_NAME = name;
67 NB_DAMEON_ADDR = "/var/run/''${stateDir}"
68 }
69 '';
70 description = ''
71 Environment for the netbird service, used to pass configuration options.
72 '';
73 };
75 stateDir = mkOption {
76 type = str;
77 default = "netbird-${name}";
78 description = ''
79 Directory storing the netbird configuration.
80 '';
81 };
82 };
84 config.environment = builtins.mapAttrs (_: mkDefault) {
85 NB_CONFIG = "/var/lib/${config.stateDir}/config.json";
86 NB_LOG_FILE = "console";
87 NB_WIREGUARD_PORT = builtins.toString config.port;
88 NB_INTERFACE_NAME = name;
89 NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock";
90 };
91 }
92 )
93 );
94 default = { };
95 description = ''
96 Attribute set of Netbird tunnels, each one will spawn a daemon listening on ...
97 '';
98 };
99 };
101 config = mkMerge [
102 (mkIf cfg.enable {
103 # For backwards compatibility
104 services.netbird.tunnels.wt0.stateDir = "netbird";
105 })
107 (mkIf (cfg.tunnels != { }) {
108 boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
110 environment.systemPackages = [ cfg.package ];
112 networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels;
114 systemd.network.networks = mkIf config.networking.useNetworkd (
115 mapAttrs'
116 (
117 name: _:
118 nameValuePair "50-netbird-${name}" {
119 matchConfig = {
120 Name = name;
121 };
122 linkConfig = {
123 Unmanaged = true;
124 ActivationPolicy = "manual";
125 };
126 }
127 )
128 cfg.tunnels
129 );
131 systemd.services =
132 mapAttrs'
133 (
134 name:
135 { environment, stateDir, ... }:
136 nameValuePair "netbird-${name}" {
137 description = "A WireGuard-based mesh network that connects your devices into a single private network";
139 documentation = [ "https://netbird.io/docs/" ];
141 after = [ "network.target" ];
142 wantedBy = [ "multi-user.target" ];
144 path = with pkgs; [ openresolv ];
146 inherit environment;
148 serviceConfig = {
149 ExecStart = "${getExe cfg.package} service run";
150 Restart = "always";
151 RuntimeDirectory = stateDir;
152 StateDirectory = stateDir;
153 StateDirectoryMode = "0700";
154 WorkingDirectory = "/var/lib/${stateDir}";
155 };
157 unitConfig = {
158 StartLimitInterval = 5;
159 StartLimitBurst = 10;
160 };
162 stopIfChanged = false;
163 }
164 )
165 cfg.tunnels;
166 })
167 ];
168 }