+2

nixos/doc/manual/release-notes/rl-2511.section.md

··· 187 187 188 188 - `services.monero` now includes the `environmentFile` option for adding secrets to the Monero daemon config. 189 189 190 190 + - `services.netbird.server` now uses dedicated packages split out due to relicensing of server components to AGPLv3 with version `0.53.0`, 191 191 + 190 192 - The new option [networking.ipips](#opt-networking.ipips) has been added to create IP within IP kind of tunnels (including 4in6, ip6ip6 and ipip). 191 193 With the existing [networking.sits](#opt-networking.sits) option (6in4), it is now possible to create all combinations of IPv4 and IPv6 encapsulation. 192 194

+1 -1

nixos/modules/services/networking/netbird/management.nix

··· 139 139 options.services.netbird.server.management = { 140 140 enable = mkEnableOption "Netbird Management Service"; 141 141 142 142 - package = mkPackageOption pkgs "netbird" { }; 142 142 + package = mkPackageOption pkgs "netbird-management" { }; 143 143 144 144 domain = mkOption { 145 145 type = str;

+1 -1

nixos/modules/services/networking/netbird/signal.nix

··· 31 31 options.services.netbird.server.signal = { 32 32 enable = mkEnableOption "Netbird's Signal Service"; 33 33 34 34 - package = mkPackageOption pkgs "netbird" { }; 34 34 + package = mkPackageOption pkgs "netbird-signal" { }; 35 35 36 36 enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird signal service"; 37 37

+72 -28

nixos/tests/netbird.nix

··· 7 7 ]; 8 8 9 9 nodes = { 10 10 - clients = 10 10 + node = 11 11 { ... }: 12 12 { 13 13 services.netbird.enable = true; ··· 15 15 }; 16 16 }; 17 17 18 18 - # TODO: confirm the whole solution is working end-to-end when netbird server is implemented 19 19 - testScript = '' 20 20 - start_all() 21 21 - def did_start(node, name, interval=0.5, timeout=10): 22 22 - node.wait_for_unit(f"{name}.service") 23 23 - node.wait_for_file(f"/var/run/{name}/sock") 24 24 - # `netbird status` returns a full "Disconnected" status during initialization 25 25 - # only after a while passes it starts returning "NeedsLogin" help message 26 26 - 27 27 - start = time.time() 28 28 - output = node.succeed(f"{name} status") 29 29 - while "Disconnected" in output and (time.time() - start) < timeout: 30 30 - time.sleep(interval) 31 31 - output = node.succeed(f"{name} status") 32 32 - assert "NeedsLogin" in output 33 33 - 34 34 - did_start(clients, "netbird") 35 35 - did_start(clients, "netbird-custom") 36 36 - ''; 37 37 - 38 18 /* 39 39 - `netbird status` used to print `Daemon status: NeedsLogin` 40 40 - https://github.com/netbirdio/netbird/blob/23a14737974e3849fa86408d136cc46db8a885d0/client/cmd/status.go#L154-L164 41 41 - as the first line, but now it is just: 19 19 + Historically waiting for the NetBird client daemon initialization helped catch number of bugs with the service, 20 20 + so we keep try to keep it here in as much details as it makes sense. 42 21 43 43 - Daemon version: 0.26.3 44 44 - CLI version: 0.26.3 45 45 - Management: Disconnected 22 22 + Initially `netbird status` returns a "Disconnected" messages: 23 23 + OS: linux/amd64 24 24 + Daemon version: 0.54.0 25 25 + CLI version: 0.54.0 26 26 + Profile: default 27 27 + Management: Disconnected, reason: rpc error: code = FailedPrecondition desc = failed connecting to Management Service : context deadline exceeded 46 28 Signal: Disconnected 47 29 Relays: 0/0 Available 48 30 Nameservers: 0/0 Available ··· 50 32 NetBird IP: N/A 51 33 Interface type: N/A 52 34 Quantum resistance: false 53 53 - Routes: - 35 35 + Lazy connection: false 36 36 + Networks: - 37 37 + Forwarding rules: 0 54 38 Peers count: 0/0 Connected 39 39 + 40 40 + After a while passes it should start returning "NeedsLogin" help message. 41 41 + 42 42 + As of ~0.53.0+ in ~30 second intervals the `netbird status` instead of "NeedsLogin" it briefly (for under 2 seconds) crashes with: 43 43 + 44 44 + Error: status failed: failed connecting to Management Service : context deadline exceeded 45 45 + 46 46 + This might be related to the following log line: 47 47 + 48 48 + 2025-08-11T15:03:25Z ERRO shared/management/client/grpc.go:65: failed creating connection to Management Service: context deadline exceeded 55 49 */ 50 50 + # TODO: confirm the whole solution is working end-to-end when netbird server is implemented 51 51 + testScript = '' 52 52 + import textwrap 53 53 + import time 54 54 + 55 55 + start_all() 56 56 + 57 57 + def run_with_debug(node, cmd, check=True, display=True, **kwargs): 58 58 + cmd = f"{cmd} 2>&1" 59 59 + start = time.time() 60 60 + ret, output = node.execute(cmd, **kwargs) 61 61 + duration = time.time() - start 62 62 + txt = f">>> {cmd=} {ret=} {duration=:.2f}:\n{textwrap.indent(output, '... ')}" 63 63 + if check: 64 64 + assert ret == 0, txt 65 65 + if display: 66 66 + print(txt) 67 67 + return ret, output 68 68 + 69 69 + def wait_until_rcode(node, cmd, rcode=0, retries=30, **kwargs): 70 70 + def check_success(_last_try): 71 71 + nonlocal output 72 72 + ret, output = run_with_debug(node, cmd, **kwargs) 73 73 + return ret == rcode 74 74 + 75 75 + kwargs.setdefault('check', False) 76 76 + output = None 77 77 + with node.nested(f"waiting for {cmd=} to exit with {rcode=}"): 78 78 + retry(check_success, retries) 79 79 + return output 80 80 + 81 81 + instances = ["netbird", "netbird-custom"] 82 82 + 83 83 + for name in instances: 84 84 + node.wait_for_unit(f"{name}.service") 85 85 + node.wait_for_file(f"/var/run/{name}/sock") 86 86 + 87 87 + for name in instances: 88 88 + wait_until_rcode(node, f"{name} status |& grep -C20 Disconnected", 0, retries=5) 89 89 + '' 90 90 + # The status used to turn into `NeedsLogin`, but recently started crashing instead. 91 91 + # leaving the snippets in here, in case some update goes back to the old behavior and can be tested again 92 92 + + lib.optionalString false '' 93 93 + for name in instances: 94 94 + #wait_until_rcode(node, f"{name} status |& grep -C20 NeedsLogin", 0, retries=20) 95 95 + output = wait_until_rcode(node, f"{name} status", 1, retries=61) 96 96 + msg = "Error: status failed: failed connecting to Management Service : context deadline exceeded" 97 97 + assert output.strip() == msg, f"expected {msg=}, got {output=} instead" 98 98 + wait_until_rcode(node, f"{name} status |& grep -C20 Disconnected", 0, retries=10) 99 99 + ''; 56 100 }

+5

pkgs/by-name/ne/netbird-management/package.nix

··· 1 1 + { netbird }: 2 2 + 3 3 + netbird.override { 4 4 + componentName = "management"; 5 5 + }

+5

pkgs/by-name/ne/netbird-relay/package.nix

··· 1 1 + { netbird }: 2 2 + 3 3 + netbird.override { 4 4 + componentName = "relay"; 5 5 + }

+5

pkgs/by-name/ne/netbird-signal/package.nix

··· 1 1 + { netbird }: 2 2 + 3 3 + netbird.override { 4 4 + componentName = "signal"; 5 5 + }

+1 -1

pkgs/by-name/ne/netbird-ui/package.nix

··· 1 1 { netbird }: 2 2 3 3 netbird.override { 4 4 - ui = true; 4 4 + componentName = "ui"; 5 5 }

+5

pkgs/by-name/ne/netbird-upload/package.nix

··· 1 1 + { netbird }: 2 2 + 3 3 + netbird.override { 4 4 + componentName = "upload"; 5 5 + }

+74 -39

pkgs/by-name/ne/netbird/package.nix

··· 12 12 libX11, 13 13 libXcursor, 14 14 libXxf86vm, 15 15 - ui ? false, 16 15 netbird-ui, 17 16 versionCheckHook, 17 17 + componentName ? "client", 18 18 }: 19 19 let 20 20 - modules = 21 21 - if ui then 22 22 - { 23 23 - "client/ui" = "netbird-ui"; 24 24 - } 25 25 - else 26 26 - { 27 27 - client = "netbird"; 28 28 - management = "netbird-mgmt"; 29 29 - signal = "netbird-signal"; 30 30 - }; 20 20 + /* 21 21 + License tagging is based off: 22 22 + - https://github.com/netbirdio/netbird/blob/9e95841252c62b50ae93805c8dfd2b749ac95ea7/LICENSES/REUSE.toml 23 23 + - https://github.com/netbirdio/netbird/blob/9e95841252c62b50ae93805c8dfd2b749ac95ea7/LICENSE#L1-L2 24 24 + */ 25 25 + availableComponents = { 26 26 + client = { 27 27 + module = "client"; 28 28 + binaryName = "netbird"; 29 29 + license = lib.licenses.bsd3; 30 30 + versionCheckProgramArg = "version"; 31 31 + hasCompletion = true; 32 32 + }; 33 33 + ui = { 34 34 + module = "client/ui"; 35 35 + binaryName = "netbird-ui"; 36 36 + license = lib.licenses.bsd3; 37 37 + }; 38 38 + upload = { 39 39 + module = "upload-server"; 40 40 + binaryName = "netbird-upload"; 41 41 + license = lib.licenses.bsd3; 42 42 + }; 43 43 + management = { 44 44 + module = "management"; 45 45 + binaryName = "netbird-mgmt"; 46 46 + license = lib.licenses.agpl3Only; 47 47 + versionCheckProgramArg = "--version"; 48 48 + hasCompletion = true; 49 49 + }; 50 50 + signal = { 51 51 + module = "signal"; 52 52 + binaryName = "netbird-signal"; 53 53 + license = lib.licenses.agpl3Only; 54 54 + hasCompletion = true; 55 55 + }; 56 56 + relay = { 57 57 + module = "relay"; 58 58 + binaryName = "netbird-relay"; 59 59 + license = lib.licenses.agpl3Only; 60 60 + }; 61 61 + }; 62 62 + isUI = componentName == "ui"; 63 63 + component = availableComponents.${componentName}; 31 64 in 32 65 buildGoModule (finalAttrs: { 33 33 - pname = "netbird"; 34 34 - version = "0.49.0"; 66 66 + pname = "netbird-${componentName}"; 67 67 + version = "0.54.0"; 35 68 36 69 src = fetchFromGitHub { 37 70 owner = "netbirdio"; 38 71 repo = "netbird"; 39 72 tag = "v${finalAttrs.version}"; 40 40 - hash = "sha256-Hv0A9/NTMzRAf9YvYGvRLyy2gdigF9y2NfylE8bLcTw="; 73 73 + hash = "sha256-qKYJa7q7scEbbxLHaosaurrjXR5ABxCAnuUcy80yKEc="; 41 74 }; 42 75 43 43 - vendorHash = "sha256-t/X/muMwHVwg8Or+pFTSEQEsnkKLuApoVUmMhyCImWI="; 76 76 + vendorHash = "sha256-uVVm+iDGP2eZ5GVXWJrWZQ7LpHdZccRIiHPIFs6oAPo="; 44 77 45 45 - nativeBuildInputs = [ installShellFiles ] ++ lib.optional ui pkg-config; 78 78 + nativeBuildInputs = [ installShellFiles ] ++ lib.optional isUI pkg-config; 46 79 47 47 - buildInputs = lib.optionals (stdenv.hostPlatform.isLinux && ui) [ 80 80 + buildInputs = lib.optionals (stdenv.hostPlatform.isLinux && isUI) [ 48 81 gtk3 49 82 libayatana-appindicator 50 83 libX11 ··· 52 85 libXxf86vm 53 86 ]; 54 87 55 55 - subPackages = lib.attrNames modules; 88 88 + subPackages = [ component.module ]; 56 89 57 90 ldflags = [ 58 91 "-s" ··· 73 106 ''; 74 107 75 108 postInstall = 76 76 - lib.concatStringsSep "\n" ( 77 77 - lib.mapAttrsToList ( 78 78 - module: binary: 79 79 - '' 80 80 - mv $out/bin/${lib.last (lib.splitString "/" module)} $out/bin/${binary} 109 109 + let 110 110 + builtBinaryName = lib.last (lib.splitString "/" component.module); 111 111 + in 112 112 + '' 113 113 + mv $out/bin/${builtBinaryName} $out/bin/${component.binaryName} 114 114 + '' 115 115 + + 116 116 + lib.optionalString 117 117 + (stdenv.buildPlatform.canExecute stdenv.hostPlatform && (component.hasCompletion or false)) 81 118 '' 82 82 - + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform && !ui) '' 83 83 - installShellCompletion --cmd ${binary} \ 84 84 - --bash <($out/bin/${binary} completion bash) \ 85 85 - --fish <($out/bin/${binary} completion fish) \ 86 86 - --zsh <($out/bin/${binary} completion zsh) 119 119 + installShellCompletion --cmd ${component.binaryName} \ 120 120 + --bash <($out/bin/${component.binaryName} completion bash) \ 121 121 + --fish <($out/bin/${component.binaryName} completion fish) \ 122 122 + --zsh <($out/bin/${component.binaryName} completion zsh) 87 123 '' 88 88 - ) modules 89 89 - ) 90 90 - + lib.optionalString (stdenv.hostPlatform.isLinux && ui) '' 124 124 + # assemble & adjust netbird.desktop files for the GUI 125 125 + + lib.optionalString (stdenv.hostPlatform.isLinux && isUI) '' 91 126 install -Dm644 "$src/client/ui/assets/netbird-systemtray-connected.png" "$out/share/pixmaps/netbird.png" 92 127 install -Dm644 "$src/client/ui/build/netbird.desktop" "$out/share/applications/netbird.desktop" 93 128 94 129 substituteInPlace $out/share/applications/netbird.desktop \ 95 95 - --replace-fail "Exec=/usr/bin/netbird-ui" "Exec=$out/bin/netbird-ui" 130 130 + --replace-fail "Exec=/usr/bin/netbird-ui" "Exec=$out/bin/${component.binaryName}" 96 131 ''; 97 132 98 133 nativeInstallCheckInputs = [ 99 134 versionCheckHook 100 135 ]; 101 101 - versionCheckProgram = "${placeholder "out"}/bin/${finalAttrs.meta.mainProgram}"; 102 102 - versionCheckProgramArg = "version"; 103 103 - # Disabled for the `netbird-ui` version because it does a network request. 104 104 - doInstallCheck = !ui; 136 136 + versionCheckProgram = "${placeholder "out"}/bin/${component.binaryName}"; 137 137 + versionCheckProgramArg = component.versionCheckProgramArg or "version"; 138 138 + doInstallCheck = component ? versionCheckProgramArg; 105 139 106 140 passthru = { 107 141 tests = { ··· 115 149 homepage = "https://netbird.io"; 116 150 changelog = "https://github.com/netbirdio/netbird/releases/tag/v${finalAttrs.version}"; 117 151 description = "Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls"; 118 118 - license = lib.licenses.bsd3; 152 152 + license = component.license; 119 153 maintainers = with lib.maintainers; [ 154 154 + nazarewk 120 155 saturn745 121 156 loc 122 157 ]; 123 123 - mainProgram = if ui then "netbird-ui" else "netbird"; 158 158 + mainProgram = component.binaryName; 124 159 }; 125 160 })