feat: add netbird for homelab, keep tailscale for work (#225)

2026-04-17 14:39:44 +02:00 · 2025-10-02 11:49:05 +08:00
parent 7885d10e29
commit 5479ea26cd
8 changed files with 106 additions and 58 deletions
--- a/hosts/idols-ai/preservation.nix
+++ b/hosts/idols-ai/preservation.nix
@@ -72,6 +72,7 @@ in

      # network
      "/var/lib/tailscale"
+      "/var/lib/netbird-homelab" # netbird's homelab client
      "/var/lib/bluetooth"
      "/var/lib/NetworkManager"
      "/var/lib/iwd"
--- a/hosts/idols-aquamarine/tailscale.nix
+++ b/hosts/idols-aquamarine/tailscale.nix
@@ -1,11 +0,0 @@
-{
-  # enable tailscale on aquamarine
-  services.tailscale = {
-    enable = true;
-    useRoutingFeatures = "server";
-    extraSetFlags = [
-      # access home network via tailscale
-      "--advertise-routes=192.168.5.0/24"
-    ];
-  };
-}
--- a/hosts/idols-aquamarine/vpn.nix
+++ b/hosts/idols-aquamarine/vpn.nix
@@ -0,0 +1,28 @@
+{
+  # tailscale do not support running multiple clients on the same host,
+  # so we use netbird for homelab instead.
+  #
+  # services.tailscale = {
+  #   enable = true;
+  #   port = 41641;
+  #   interfaceName = "tailscale0";
+  #   # allow the Tailscale UDP port through the firewall
+  #   openFirewall = true;
+  #
+  #   useRoutingFeatures = "server";
+  #   extraSetFlags = [
+  #     # access home network via tailscale
+  #     "--advertise-routes=192.168.5.0/24"
+  #     "--accept-routes=false"
+  #   ];
+  # };
+
+  services.netbird.useRoutingFeatures = "server";
+  services.netbird.clients.homelab = {
+    port = 51820;
+    name = "homelab";
+    interface = "netbird-homelab";
+    hardened = true;
+    autoStart = true;
+  };
+}