Netbird

Netbird is an open-source, peer-to-peer VPN powered by Wireguard. The network's access controls and coordination are handled by a management server, which can either be the Netbird company's instance or a self-hosted instance.

Setup

Basic Client Setup

To set up a Netbird client (peer), add the following to your NixOS module:

{
  services.netbird.clients.wt0 = {

    # Automatically login to your Netbird network with a setup key
    login = {
      enable = true;

      # Path to a file containing the setup key for your peer
      # NOTE: if your setup key is reusable, make sure it is not copied to the Nix store.
      setupKeyFile = "/path/to/your/setup-key";
    };

    # Set this to true if you want the GUI client
    ui.enable = false;

    # This opens ports required for direct connection without a relay
    openFirewall = true;

    # This opens necessary firewall ports in the Netbird client's network interface
    openInternalFirewall = true;
  };
}

The above configuration will create a command called netbird-wt0 available on PATH.

You can confirm the peer's connection using the command: netbird-wt0 status

Routing Peer Setup

To set up a routing peer, follow the #Basic Client Setup, then add the following line to your NixOS module:

services.netbird.useRoutingFeatures = "both";

This enables IP forwarding, which is required for routing peers.

Management Server Setup

☶︎

This article or section needs to be expanded. Further information may be found in the related discussion page. Please consult the pedia article metapage for guidelines on contributing.

Configuration

DNS

To get Netbird's client-side DNS resolution to work, you must enable use systemd-resolved for your system's DNS by adding:

services.resolved.enable = true;

Troubleshooting

For issues setting up a client, consult the official Netbird "Troubleshooting client issues" documentation.