[Backport release-24.11] nixos/netbird: fix port conflict on metrics …

…endpoint (#358231)
NixOS · Nov 22, 2024 · b23b72c · b23b72c
2 parents fb384a9 + c5f764a
commit b23b72c
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 14 deletions.
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -41,6 +41,8 @@
 - `authelia` has been upgraded to version 4.38. This version brings several features and improvements which are detailed in the [release blog post](https://www.authelia.com/blog/4.38-release-notes/).
   This release also deprecates some configuration keys which are likely to be removed in version 5.0.0.
 
+- `netbird` has been updated to 0.31.1. This adds a built-in relay server which is not yet supported by the NixOS module, as well as a metrics endpoint for both the management and signal services. The default metrics port for the `signal` service has been changed from `9090` to `9091` to prevent a port conflict with the management server. This can be changed with their respective `metricsPort` as needed. Refer to the [release notes](https://github.com/netbirdio/netbird/releases/tag/v0.31.1) and [this pull request](https://github.com/NixOS/nixpkgs/pull/354032#issuecomment-2480925927) for more information.
+
 - `compressDrv` can compress selected files in a derivation. `compressDrvWeb` compresses files for common web server usage (`.gz` with `zopfli`, `.br` with `brotli`).
 
 - [`hardware.display`](#opt-hardware.display.edid.enable) is a new module implementing workarounds for misbehaving monitors

diff --git a/nixos/modules/services/networking/netbird/management.nix b/nixos/modules/services/networking/netbird/management.nix
@@ -196,6 +196,12 @@ in
       description = "Internal port of the management server.";
     };
 
+    metricsPort = mkOption {
+      type = port;
+      default = 9090;
+      description = "Internal port of the metrics server.";
+    };
+
     extraOptions = mkOption {
       type = listOf str;
       default = [ ];
@@ -360,6 +366,13 @@ in
           }
         ];
 
+    assertions = [
+      {
+        assertion = cfg.port != cfg.metricsPort;
+        message = "The primary listen port cannot be the same as the listen port for the metrics endpoint";
+      }
+    ];
+
     systemd.services.netbird-management = {
       description = "The management server for Netbird, a wireguard VPN";
       documentation = [ "https://netbird.io/docs/" ];
@@ -387,6 +400,9 @@ in
             # Port to listen on
             "--port"
             cfg.port
+            # Port the internal prometheus server listens on
+            "--metrics-port"
+            cfg.metricsPort
             # Log to stdout
             "--log-file"
             "console"

diff --git a/nixos/modules/services/networking/netbird/signal.nix b/nixos/modules/services/networking/netbird/signal.nix
@@ -15,7 +15,12 @@ let
     mkOption
     ;
 
-  inherit (lib.types) enum port str;
+  inherit (lib.types)
+    listOf
+    enum
+    port
+    str
+    ;
 
   inherit (utils) escapeSystemdExecArgs;
 
@@ -41,6 +46,20 @@ in
       description = "Internal port of the signal server.";
     };
 
+    metricsPort = mkOption {
+      type = port;
+      default = 9091;
+      description = "Internal port of the metrics server.";
+    };
+
+    extraOptions = mkOption {
+      type = listOf str;
+      default = [ ];
+      description = ''
+        Additional options given to netbird-signal as commandline arguments.
+      '';
+    };
+
     logLevel = mkOption {
       type = enum [
         "ERROR"
@@ -54,24 +73,38 @@ in
   };
 
   config = mkIf cfg.enable {
+
+    assertions = [
+      {
+        assertion = cfg.port != cfg.metricsPort;
+        message = "The primary listen port cannot be the same as the listen port for the metrics endpoint";
+      }
+    ];
+
     systemd.services.netbird-signal = {
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
-        ExecStart = escapeSystemdExecArgs [
-          (getExe' cfg.package "netbird-signal")
-          "run"
-          # Port to listen on
-          "--port"
-          cfg.port
-          # Log to stdout
-          "--log-file"
-          "console"
-          # Log level
-          "--log-level"
-          cfg.logLevel
-        ];
+        ExecStart = escapeSystemdExecArgs (
+          [
+            (getExe' cfg.package "netbird-signal")
+            "run"
+            # Port to listen on
+            "--port"
+            cfg.port
+            # Port the internal prometheus server listens on
+            "--metrics-port"
+            cfg.metricsPort
+            # Log to stdout
+            "--log-file"
+            "console"
+            # Log level
+            "--log-level"
+            cfg.logLevel
+          ]
+          ++ cfg.extraOptions
+        );
 
         Restart = "always";
         RuntimeDirectory = "netbird-mgmt";