From 644e3a4541103f451fed391ad868fc708304d43b Mon Sep 17 00:00:00 2001 From: xiongchenyu Date: Fri, 17 Nov 2023 14:36:17 +0800 Subject: [PATCH] add netbird server --- default.nix | 56 ------------------------- flake.lock | 6 +-- modules/default.nix | 1 + modules/netbird/default.nix | 83 +++++++++++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+), 59 deletions(-) create mode 100644 modules/netbird/default.nix diff --git a/default.nix b/default.nix index 9f95a6b..af4755f 100644 --- a/default.nix +++ b/default.nix @@ -19,31 +19,6 @@ let allPkgs = my-pkgs // pkgs // { inherit source sourcee; }; callPackage = lib.callPackageWith allPkgs; my-pkgs = rec { - # example-docker = - # pkgs.dockerTools.buildImage { - # name = "hello-docker"; - # tag = "latest"; - # created = "now"; - # runAsRoot = '' - # mkdir /data - # ''; - # copyToRoot = pkgs.buildEnv { - # name = "image-root"; - # paths = [ - # pkgs.coreutils - # pkgs.bash - # pkgs.vim - # ]; - # pathsToLink = [ "/bin" ]; - # }; - - # config = { - # WorkingDir = "/data"; - # Env = [ "PATH=${pkgs.coreutils}/bin/" ]; - # Cmd = [ "${pkgs.coreutils}/bin/cat" "${my-pkgs.example-package}" ]; - # }; - # }; - launch = stdenv.mkDerivation (source.launch // { installPhase = '' mkdir -p $out; @@ -63,8 +38,6 @@ let discourse-hb = callPackage ./pkgs/discourse { }; - # gitops = callPackage ./pkgs/gitops { }; - my2sql = callPackage ./pkgs/my2sql { }; # delivery = callPackage ./pkgs/delivery { }; @@ -87,8 +60,6 @@ let newsapi-python = callPackage ./pkgs/python3/newsapi-python { }; - # chatgpt-wrapper = callPackage ./pkgs/python3/chatgpt-wrapper { }; - copilot-el = callPackage ./pkgs/emacs/copilot { }; ligature = callPackage ./pkgs/emacs/ligature { }; @@ -119,33 +90,6 @@ let tron-eventquery = callPackage ./pkgs/tron-eventquery { }; - # my-ferretdb = callPackage ./pkgs/ferretdb { }; - - # gptcommit = callPackage ./pkgs/gptcommit { }; - - # vbox = nixos-generators.nixosGenerate { - - # inherit system; - # format = "virtualbox"; - # }; - # amazon = nixos-generators.nixosGenerate { - # system = "x86_64-linux"; - # format = "amazon"; - # }; - - # tat = callPackage ./tat { }; - - # dotfiles = with pkgs; - # stdenv.mkDerivation { - # pname = "dotfiles"; - # version = "0.1.0"; - # src = ./.; - # installPhase = '' - # mkdir -p $out/etc; - # cp -r . $out/etc; - # ''; - # }; - ldap-passthrough-conf = callPackage ./pkgs/ldap-passthrough-conf { }; ldap-extra-schemas = callPackage ./pkgs/ldap-extra-schemas { }; diff --git a/flake.lock b/flake.lock index 73543be..286bfa0 100644 --- a/flake.lock +++ b/flake.lock @@ -250,11 +250,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699601893, - "narHash": "sha256-9f008k1k5SmEAO1ldjO5sQf+oWHFkeK5jhS3Ji3vFyk=", + "lastModified": 1700108881, + "narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06c716ef149f466f25e62a836c30b90476e65e5", + "rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1", "type": "github" }, "original": { diff --git a/modules/default.nix b/modules/default.nix index e36dbb1..f70a235 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -11,4 +11,5 @@ java-tron = import ./java-tron; chainlink = import ./chainlink; binbash = import ./binbash; + netbird = import ./netbird; } diff --git a/modules/netbird/default.nix b/modules/netbird/default.nix new file mode 100644 index 0000000..2274402 --- /dev/null +++ b/modules/netbird/default.nix @@ -0,0 +1,83 @@ +{ pkgs, config, lib, ... }: +with lib; +let + file-path = builtins.split "/" (toString ./.); + serviceName = lib.last file-path; + cfg = config.services."${serviceName}-server"; +in { + options.services = { + "${serviceName}-server" = { + enable = mkEnableOption "Enables ${serviceName} service"; + mgmtConfig = mkOption { + type = types.path; + description = "Path to management config file"; + }; + signalPort = mkOption { + default = 8080; + type = types.int; + description = "Port for signal service"; + }; + mgmtPort = mkOption { + default = 8081; + type = types.int; + description = "Port for management service"; + }; + }; + }; + config = mkIf cfg.enable { + systemd = { + services = { + "netbird-signal" = { + wantedBy = [ "multi-user.target" ]; + after = [ "networking.target" ]; + startLimitIntervalSec = 500; + startLimitBurst = 5; + preStart = ""; + onSuccess = [ ]; + onFailure = [ ]; + serviceConfig = { + User = serviceName; + RestartSec = "5s"; + WorkingDirectory = "/var/lib/${serviceName}"; + StateDirectory = serviceName; + RuntimeDirectory = serviceName; + CacheDirectory = serviceName; + Type = "simple"; + }; + script = "${pkgs.netbird}/bin/netbird-signal run --port ${ + toString cfg.signalPort + } --log-file console --log-level debug"; + }; + "netbird-mgmt" = { + wantedBy = [ "multi-user.target" ]; + after = [ "networking.target" ]; + startLimitIntervalSec = 500; + startLimitBurst = 5; + preStart = ""; + onSuccess = [ ]; + onFailure = [ ]; + serviceConfig = { + User = serviceName; + RestartSec = "5s"; + WorkingDirectory = "/var/lib/${serviceName}"; + StateDirectory = serviceName; + RuntimeDirectory = serviceName; + CacheDirectory = serviceName; + Type = "simple"; + }; + script = + "${pkgs.netbird}/bin/netbird-mgmt management --config ${cfg.mgmtConfig} --port ${ + toString cfg.mgmtPort + } --log-file console --log-level debug --single-account-mode-domain=netbird.trontech.link"; + }; + }; + }; + users.users."${serviceName}" = { + description = "${serviceName} user"; + isSystemUser = true; + group = serviceName; + createHome = true; + }; + users.groups."${serviceName}" = { }; + }; +}