fix: netbird works now

2024-11-25 16:44:35 +01:00 · 2024-11-25 16:44:35 +01:00 · 6fa99bd855
parent 46613eee4d
commit 6fa99bd855
7 changed files with 35 additions and 9 deletions
--- a/config/services/netbird.nix
+++ b/config/services/netbird.nix
@ -9,6 +9,12 @@
      33080 # relay
    ];
  };
+  networking.nftables.chains.forward.from-netbird = {
+    after = [ "conntrack" ];
+    rules = [
+      "iifname nb-main oifname mv-lan accept"
+    ];
+  };

  age.secrets.coturnPassword = {
    generator.script = "alnum";
@ -34,7 +40,10 @@
    group = "netbird";
  };

-  networking.firewall.allowedUDPPorts = [ 3478 ]; # STUN/TURN server
+  networking.firewall.allowedUDPPorts = [
+    3478
+    5349
+  ]; # STUN/TURN server
  services.netbird = {
    clients.main = {
      port = 51820;
@ -44,6 +53,7 @@
        NB_HOSTNAME = "home";
      };
    };
+
    server = {
      enable = true;
      domain = "netbird.${config.secrets.secrets.global.domains.web}";
--- a/flake.lock
+++ b/flake.lock
@ -1371,11 +1371,11 @@
        "pre-commit-hooks": "pre-commit-hooks_3"
      },
      "locked": {
-        "lastModified": 1732215218,
-        "narHash": "sha256-/iaKjsFlCbbyDQSJeeCkcgq1+fiVTnJZNyyOO9aaMRM=",
+        "lastModified": 1732216602,
+        "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=",
        "owner": "oddlama",
        "repo": "nixos-extra-modules",
-        "rev": "90c0b018de0465bffe35fee0f86dadfab35b878f",
+        "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e",
        "type": "github"
      },
      "original": {
--- a/hosts/desktopnix/default.nix
+++ b/hosts/desktopnix/default.nix
@ -61,7 +61,6 @@
  ];
  zramSwap.enable = true;

-  services.netbird.enable = true;
  # Do not cleanup nix store to prevent having to rebuild packages onca a month
  nix.gc.automatic = lib.mkForce false;
  nixpkgs.hostPlatform = "x86_64-linux";
--- a/hosts/elisabeth/secrets/kanidm/secrets.nix.age
+++ b/hosts/elisabeth/secrets/kanidm/secrets.nix.age
--- a/hosts/patricknix/net.nix
+++ b/hosts/patricknix/net.nix
@ -3,6 +3,10 @@
  environment.persistence."/state".directories = [
    "/var/lib/iwd"
    "/etc/mullvad-vpn"
+    {
+      directory = "/var/lib/netbird-main";
+      user = "netbird-main";
+    }
  ];
  age.secrets.eduroam = {
    rekeyFile = ./secrets/iwd/eduroam.8021x.age;
@ -75,4 +79,15 @@
    enable = true;
    package = pkgs.mullvad-vpn;
  };
+  services.netbird = {
+    clients.main = {
+      port = 51820;
+      environment = {
+        NB_MANAGEMENT_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
+        NB_ADMIN_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
+        NB_HOSTNAME = "patricknix";
+      };
+    };
+  };
+  users.users."patrick".extraGroups = [ "netbird-main" ];
 }
--- a/users/patrick/impermanence.nix
+++ b/users/patrick/impermanence.nix
@ -56,6 +56,7 @@
        ".cache/spotify"
        ".local/share/cargo"
        ".local/share/wallpapers"
+        ".factorio"
      ];
    };
    "/panzer/state".directories = lib.lists.optionals (config.disko.devices.zpool ? "panzer") [
--- a/users/patrick/patrick.nix
+++ b/users/patrick/patrick.nix
@ -5,11 +5,15 @@
 {
  hm.home = {
    packages = with pkgs; [
+      bashInteractive
+      beatsabermodmanager
      chatterino2
      chromium
      cmatrix
      cowsay
      discord
+      disneyplus
+      element-desktop
      feh
      figlet
      galaxy-buds-client
@ -19,7 +23,6 @@
      hyperfine
      mpv
      netflix
-      disneyplus
      nextcloud-client
      nix-output-monitor
      nixpkgs-review
@ -33,14 +36,12 @@
      telegram-desktop
      timer
      via
+      wcurl
      webcord
      xournalpp
      yt-dlp
      zathura
      zotero
-      bashInteractive
-      element-desktop-wayland
-      beatsabermodmanager
    ];
  };
  hm.programs.bat.enable = true;