| blob | 9771503e14e284587c8cb5827822f31b2a311787 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 let
9 inherit (lib)
10 attrNames
11 getExe
12 literalExpression
13 maintainers
14 mapAttrs'
15 mkDefault
16 mkEnableOption
17 mkIf
18 mkMerge
19 mkOption
20 mkPackageOption
21 nameValuePair
22 optional
23 versionOlder
24 ;
26 inherit (lib.types)
27 attrsOf
28 port
29 str
30 submodule
31 ;
33 kernel = config.boot.kernelPackages;
35 cfg = config.services.netbird;
36 in
37 {
38 meta.maintainers = with maintainers; [ ];
39 meta.doc = ./netbird.md;
41 options.services.netbird = {
42 enable = mkEnableOption "Netbird daemon";
43 package = mkPackageOption pkgs "netbird" { };
45 tunnels = mkOption {
46 type = attrsOf (
47 submodule (
48 { name, config, ... }:
49 {
50 options = {
51 port = mkOption {
52 type = port;
53 default = 51820;
54 description = ''
55 Port for the ${name} netbird interface.
56 '';
57 };
59 environment = mkOption {
60 type = attrsOf str;
61 defaultText = literalExpression ''
62 {
63 NB_CONFIG = "/var/lib/''${stateDir}/config.json";
64 NB_LOG_FILE = "console";
65 NB_WIREGUARD_PORT = builtins.toString port;
66 NB_INTERFACE_NAME = name;
67 NB_DAMEON_ADDR = "/var/run/''${stateDir}"
68 }
69 '';
70 description = ''
71 Environment for the netbird service, used to pass configuration options.
72 '';
73 };
75 stateDir = mkOption {
76 type = str;
77 default = "netbird-${name}";
78 description = ''
79 Directory storing the netbird configuration.
80 '';
81 };
82 };
84 config.environment = builtins.mapAttrs (_: mkDefault) {
85 NB_CONFIG = "/var/lib/${config.stateDir}/config.json";
86 NB_LOG_FILE = "console";
87 NB_WIREGUARD_PORT = builtins.toString config.port;
88 NB_INTERFACE_NAME = name;
89 NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock";
90 };
91 }
92 )
93 );
94 default = { };
95 description = ''
96 Attribute set of Netbird tunnels, each one will spawn a daemon listening on ...
97 '';
98 };
99 };
101 config = mkMerge [
102 (mkIf cfg.enable {
103 # For backwards compatibility
104 services.netbird.tunnels.wt0.stateDir = "netbird";
105 })
107 (mkIf (cfg.tunnels != { }) {
108 boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
110 environment.systemPackages = [ cfg.package ];
112 networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels;
114 systemd.network.networks = mkIf config.networking.useNetworkd (
115 mapAttrs' (
116 name: _:
117 nameValuePair "50-netbird-${name}" {
118 matchConfig = {
119 Name = name;
120 };
121 linkConfig = {
122 Unmanaged = true;
123 ActivationPolicy = "manual";
124 };
125 }
126 ) cfg.tunnels
127 );
129 systemd.services = mapAttrs' (
130 name:
131 { environment, stateDir, ... }:
132 nameValuePair "netbird-${name}" {
133 description = "A WireGuard-based mesh network that connects your devices into a single private network";
135 documentation = [ "https://netbird.io/docs/" ];
137 after = [ "network.target" ];
138 wantedBy = [ "multi-user.target" ];
140 path = with pkgs; [ openresolv ];
142 inherit environment;
144 serviceConfig = {
145 ExecStart = "${getExe cfg.package} service run";
146 Restart = "always";
147 RuntimeDirectory = stateDir;
148 StateDirectory = stateDir;
149 StateDirectoryMode = "0700";
150 WorkingDirectory = "/var/lib/${stateDir}";
151 };
153 unitConfig = {
154 StartLimitInterval = 5;
155 StartLimitBurst = 10;
156 };
158 stopIfChanged = false;
159 }
160 ) cfg.tunnels;
161 })
162 ];
163 }