flakes/modules/nixos/networking/netbird/default.nix

{
  config,
  lib,
  pkgs,
  ...
}: {
  options.snowflake.networking.netbird.enable = lib.mkEnableOption "Enable Netbird VPN client";

  config = lib.mkIf config.snowflake.networking.netbird.enable {
    networking = {
      firewall = {
        checkReversePath = "loose";
        trustedInterfaces = ["wt0"];
        allowedUDPPorts = [config.services.netbird.tunnels.wt0.port];
      };
      # networkmanager.unmanaged = ["wt0"];

      # ref: https://github.com/NixOS/nixpkgs/issues/113589
      wireguard.enable = true;

      # netbird requires iproute2 route tables.
      # iproute2.enable = true;
    };

    services.netbird.enable = true;
    # Unmanage the `wt0` interface rules to allow reconnection after suspend.
    systemd.network.config.networkConfig.ManageForeignRoutingPolicyRules = lib.mkDefault false;
    snowflake.extraPackages = [pkgs.netbird-ui];
  };
}
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: {`
			`options.snowflake.networking.netbird.enable = lib.mkEnableOption "Enable Netbird VPN client";`

			`config = lib.mkIf config.snowflake.networking.netbird.enable {`
			`networking = {`
			`firewall = {`
			`checkReversePath = "loose";`
			`trustedInterfaces = ["wt0"];`
			`allowedUDPPorts = [config.services.netbird.tunnels.wt0.port];`
			`};`
			`# networkmanager.unmanaged = ["wt0"];`

			`# ref: https://github.com/NixOS/nixpkgs/issues/113589`
			`wireguard.enable = true;`

			`# netbird requires iproute2 route tables.`
			`# iproute2.enable = true;`
			`};`

			`services.netbird.enable = true;`
			# Unmanage the `wt0` interface rules to allow reconnection after suspend.
			`systemd.network.config.networkConfig.ManageForeignRoutingPolicyRules = lib.mkDefault false;`
			`snowflake.extraPackages = [pkgs.netbird-ui];`
			`};`
			`}`