Netbird: Difference between revisions
Add initial Netbird documentation based on my local configuration |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
=== Basic Client Setup === | === Basic Client Setup === | ||
To set up a Netbird client (peer), add the following to your NixOS module: | To set up a Netbird client (peer), you will need to first create a setup key as described in the [https://docs.netbird.io/manage/peers/register-machines-using-setup-keys Netbird setup key documentation]. | ||
Then, add the following to your NixOS module and rebuild your system: | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
| Line 12: | Line 14: | ||
# Automatically login to your Netbird network with a setup key | # Automatically login to your Netbird network with a setup key | ||
# This is mostly useful for server computers. | |||
# For manual setup instructions, see the wiki page section below. | |||
login = { | login = { | ||
enable = true; | enable = true; | ||
| Line 19: | Line 23: | ||
setupKeyFile = "/path/to/your/setup-key"; | setupKeyFile = "/path/to/your/setup-key"; | ||
}; | }; | ||
# Port used to listen to wireguard connections | |||
port = 51821; | |||
# Set this to true if you want the GUI client | # Set this to true if you want the GUI client | ||
| Line 34: | Line 41: | ||
The above configuration will create a command called <code>netbird-wt0</code> available on PATH. | The above configuration will create a command called <code>netbird-wt0</code> available on PATH. | ||
If you did not enable the <code>login</code> configuration above, you will need to manually login using the command: <code>netbird-wt0 login</code> | |||
Once logged in, you can confirm the peer's connection using the command: <code>netbird-wt0 status</code> | |||
=== Routing Peer Setup === | === Routing Peer Setup === | ||
| Line 53: | Line 60: | ||
== Configuration == | == Configuration == | ||
==== DNS ==== | ==== DNS Resolution ==== | ||
To get [https://docs.netbird.io/manage/dns#client-side-how-peers-resolve-dns Netbird's client-side DNS resolution] to work, you must | To get [https://docs.netbird.io/manage/dns#client-side-how-peers-resolve-dns Netbird's client-side DNS resolution] to work, you must use [[Systemd/resolved|systemd-resolved]] for your system's DNS by adding: | ||
<syntaxhighlight> | <syntaxhighlight> | ||
services.resolved.enable = true; | services.resolved.enable = true; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Troubleshooting == | == Troubleshooting == | ||
| Line 67: | Line 72: | ||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Networking]] | |||
[[Category:Server]] | |||
Latest revision as of 00:10, 2 February 2026
Netbird is an open-source, peer-to-peer VPN powered by Wireguard. The network's access controls and coordination are handled by a management server, which can either be the Netbird company's instance or a self-hosted instance.
Setup
Basic Client Setup
To set up a Netbird client (peer), you will need to first create a setup key as described in the Netbird setup key documentation.
Then, add the following to your NixOS module and rebuild your system:
{
services.netbird.clients.wt0 = {
# Automatically login to your Netbird network with a setup key
# This is mostly useful for server computers.
# For manual setup instructions, see the wiki page section below.
login = {
enable = true;
# Path to a file containing the setup key for your peer
# NOTE: if your setup key is reusable, make sure it is not copied to the Nix store.
setupKeyFile = "/path/to/your/setup-key";
};
# Port used to listen to wireguard connections
port = 51821;
# Set this to true if you want the GUI client
ui.enable = false;
# This opens ports required for direct connection without a relay
openFirewall = true;
# This opens necessary firewall ports in the Netbird client's network interface
openInternalFirewall = true;
};
}
The above configuration will create a command called netbird-wt0 available on PATH.
If you did not enable the login configuration above, you will need to manually login using the command: netbird-wt0 login
Once logged in, you can confirm the peer's connection using the command: netbird-wt0 status
Routing Peer Setup
To set up a routing peer, follow the #Basic Client Setup, then add the following line to your NixOS module:
services.netbird.useRoutingFeatures = "both";
This enables IP forwarding, which is required for routing peers.
Management Server Setup
Configuration
DNS Resolution
To get Netbird's client-side DNS resolution to work, you must use systemd-resolved for your system's DNS by adding:
services.resolved.enable = true;Troubleshooting
For issues setting up a client, consult the official Netbird "Troubleshooting client issues" documentation.