Added a plugin for Netbird #4531

Gauss23 · 2025-02-04T20:44:23Z

This is an initial version of a plugin for Netbird.

I've also created a pull request for the Netbird port, as a small patch is currently needed.

hrfried · 2025-02-17T22:13:54Z

Thank you for doing this—was considering taking a hack at a netbird plugin since I also packaged/maintain it for openSUSE..but I'm very glad someone else did it. :) Really really hope it gets merged soon.

fichtner · 2025-02-18T07:36:00Z

@hrfried actually we're making it a requirement to have it included in FreeBSD ports first opnsense/ports#218 (comment)

If you know some ins and outs for maintaining a package maybe you can help out here too :)

Gauss23 · 2025-02-18T07:40:27Z

I reached out to the Netbird team to see if they have any objections on me adding the port to FreeBSD. No answer yet.
Maybe I‘ll add it and do the handover later, when Netbird wants to maintain it?

fichtner · 2025-02-18T07:44:52Z

From experience, authors do not maintain ports and packages for varying reasons and there should be no harm to go ahead with it indeed as it is in the interest of the authors, too.

Cheers,
Franco

mimugmail · 2025-02-18T07:45:12Z

Just do it, I was also maintaining Cacti port for long time not beeing the main dev over there :)

Gauss23 · 2025-02-18T17:17:40Z

Ok, out of nowhere the Netbird now submitted Netbird to the FreeBSD Ports. But they have chosen security/netbird, Tailscale is also in security/. I was using net/ because I oriented on Zerotier, which is there.

I think it needs to be consistent, right? Port is security/netbird, then the plugin would also be security/netbird?

I would need to recreate the pull request. Did you maybe already had a chance to review the code for bigger issues? I would be happy to fix them.

fichtner · 2025-02-18T18:01:49Z

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284877 looks like a netbird employee, oh well :)

yes, let's align with security/netbird then. it will save a lot of confusion later.

Gauss23 · 2025-05-11T18:40:29Z

Update: the port request was accepted.

How can we proceed here?

Do we need to change the category from network to security like in the ports tree?

fichtner · 2025-05-13T12:32:27Z

It's now in our tree via opnsense/ports@9521b10081 -- let me make a quick review here and then the process is to add the port to ports.conf in tools.git and get the plugin merged too

net/netbird/+POST_INSTALL.post

net/netbird/Makefile

net/netbird/pkg-descr

fichtner · 2025-05-13T12:36:46Z

net/netbird/src/etc/inc/plugins.inc.d/netbird.inc

@@ -0,0 +1,30 @@
+<?php
+


copyrights are important! bsd licensed of course

As this plugin is done by multiple people, I need to ask if they want to be mentioned in the copyright note. This needs to be the header in all files containing PHP code?

Hi, I added the copyright and license to all files containing PHP code and the Volt files. Please review. Thank you!

net/netbird/src/etc/inc/plugins.inc.d/netbird.inc

Start with 0.1 Co-authored-by: Franco Fichtner <[email protected]>

Co-authored-by: Franco Fichtner <[email protected]>

KeenanFalcon · 2025-05-24T18:46:29Z

Hi. i have followed this thread for some time now, and have tried it on some test vm's, to see how well it works.
But i'm curious if you have any news regarding the issue with os-release from netbird?
Have you installed it on a clean opnsense?
I can't get i to work without modifying the netbird ports rc.d script, and the config file have recently been changed to a new default location of "/var/db/netbird/config.json"

Gauss23 · 2025-05-24T18:56:42Z

Hi. i have followed this thread for some time now, and have tried it on some test vm's, to see how well it works. But i'm curious if you have any news regarding the issue with os-release from netbird? Have you installed it on a clean opnsense? I can't get i to work without modifying the netbird ports rc.d script, and the config file have recently been changed to a new default location of "/var/db/netbird/config.json"

To be honest, this process is running for a longer time now. The FreeBSD port needed to be added first. Will try the current plugin with the current port on a fresh installation.

Could you share more information about the changes you need to do to the rc.d script?

KeenanFalcon · 2025-05-24T19:29:45Z

Hi. i have followed this thread for some time now, and have tried it on some test vm's, to see how well it works. But i'm curious if you have any news regarding the issue with os-release from netbird? Have you installed it on a clean opnsense? I can't get i to work without modifying the netbird ports rc.d script, and the config file have recently been changed to a new default location of "/var/db/netbird/config.json"

To be honest, this process is running for a longer time now. The FreeBSD port needed to be added first. Will try the current plugin with the current port on a fresh installation.

Could you share more information about the changes you need to do to the rc.d script?

I replaced it with the one you had made for the port, but i believe the least that need to be changed or added is like below.

rcvar=netbird_enable
load_rc_config $name

--config /usr/local/etc/netbird/config.json
--log-file syslog"

Also the os.release service is still being run, as it are in the template for "/etc/rc.conf.d/netbird"

Gauss23 · 2025-05-25T20:05:07Z

@KeenanFalcon thank you for clarifying. Interesting, I did not see that the port uses a different rc.d script. I tried to ship my version of the rc.d script with the plugin, but it raised a conflict during installation.
I get:

root@OPNsense:~/repo # pkg install os-netbird-devel
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating netbird-251 repository catalogue...
netbird-251 repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	netbird: 0.41.2 [netbird-251]
	os-netbird-devel: 0.2 [netbird-251]

Number of packages to be installed: 2

The process will require 26 MiB more space.
10 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching os-netbird-devel-0.2.pkg: 100%   10 KiB  10.5kB/s    00:01    
Checking integrity... done (1 conflicting)
  - netbird-0.41.2 [netbird-251] conflicts with os-netbird-devel-0.2 [netbird-251] on /usr/local/etc/rc.d/netbird
Cannot solve problem using SAT solver, trying another plan
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	netbird: 0.41.2 [netbird-251]

Number of packages to be installed: 1

The process will require 26 MiB more space.

maybe someone has a better idea? The version from FreeBSD ports may be perfect for a standard FreeBSD system, but for the OPNsense we should run our own version of the rc.d file.

This would be my version:

#!/bin/sh

# PROVIDE: netbird
# REQUIRE: FILESYSTEMS devfs
# BEFORE:  pf ipfw
# KEYWORD: shutdown

. /etc/rc.subr

name="netbird"
rcvar=netbird_enable
load_rc_config $name

pidfile="/var/run/${name}.pid"
netbird_tun_dev="wt0"
procname="/usr/local/bin/netbird"

start_cmd="${name}_start"
stop_postcmd="${name}_poststop"

# Path updated to match latest Netbird defaults
netbird_config="/usr/local/etc/netbird/config.json"
netbird_log="syslog"

netbird_start()
{
    logger -s -t netbird "Starting ${name}..."

    # Clean up stale tunnel interface, if it's orphaned
    if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then
        if ! /sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID; then
            logger -s -t netbird "Found orphaned tunnel ${netbird_tun_dev}, destroying"
            /sbin/ifconfig ${netbird_tun_dev} destroy
        fi
    fi

    /usr/sbin/daemon -p ${pidfile} -f -t ${name} \
        ${procname} service run \
        --config "${netbird_config}" \
        --log-level info \
        --log-file "${netbird_log}"
}

netbird_poststop()
{
    if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then
        logger -s -t netbird "Destroying tunnel interface ${netbird_tun_dev}"
        /sbin/ifconfig ${netbird_tun_dev} destroy || \
            logger -s -t netbird "Failed to destroy ${netbird_tun_dev}"
    fi
}

run_rc_command "$1"

Maybe @fichtner or @mimugmail have an idea for this issue?

KeenanFalcon · 2025-05-26T00:55:12Z

@Gauss23 i tried to install it with an embedded rc script file too, but faced same issue so i renamed it to "os-netbird".
But i think that it will make the need for modification of other files. Haven't checked properly yet.

My version of the script, it needs a little more polish, but maybe worth a pull-request.

#!/bin/sh
#
# PROVIDE: netbird
# REQUIRE: SERVERS  ## REQUIRE: FILESYSTEMS devfs  ## REQUIRE: NETWORKING
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# netbird_enable (bool):        Set it to YES to enable Netbird.
#                                   Default is "NO".
# netbird_config_file (str):	Set Netbird config file location.
#                                   Default is "/var/db/netbird/config.json"
# netbird_hostname (str):       Set a custom hostname for the device
#                                   Default is "".
# netbird_daemon_addr (str):    Set Daemon service address to serve CLI requests.
#                                   Pattern to use [unix|tcp]://[path|host:port].
#                                   Default is "unix:///var/run/netbird.sock".
# netbird_log_file (str):       Set Netbird log path.
#                                   If console is specified the log will be output to stdout.
#                                   If syslog is specified the log will be sent to syslog daemon.
#                                   Default is "/var/log/netbird/client.log".
# netbird_log_level (str):      Set Netbird log level
#                                   Default is "info".
# netbird_tun_dev (str):        Set the name of the tun interface Netbird creates.
#                                   Default is "wt0"
# netbird_args (str):           Additional arguments to pass to Netbird
#                                   Default is "" (empty string).

. /etc/rc.subr

name="netbird"
rcvar=netbird_enable

load_rc_config $name

: ${netbird_enable:="NO"}
: ${netbird_config_file:="/var/db/netbird/config.json"}
: ${netbird_daemon_addr:="unix:///var/run/netbird.sock"}
: ${netbird_hostname:=""}
: ${netbird_log_file:="/var/log/netbird/client.log"}
: ${netbird_log_level:="info"}
: ${netbird_tun_dev:="wt0"}
: ${netbird_args:=""}

netbird_env="IS_DAEMON=1"

pidfile="/var/run/${name}.pid"
procname="/usr/local/bin/${name}"

# command="/usr/sbin/daemon"
# daemon_args="-P ${pidfile} -r -t \"${name}: daemon\""

start_cmd="${name}_start"
stop_postcmd="${name}_poststop"

netbird_start()
{
    # Check for orphaned netbird network interface
    # And if it exists, then destroy it
    logger -s -t netbird "Starting ${name}."
    /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1 && (
        /sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID ||
        /sbin/ifconfig ${netbird_tun_dev} destroy
    )

    /usr/sbin/daemon -p ${pidfile} -f -t ${name} ${procname} service run --config ${netbird_config_file} --log-level ${netbird_log_level} --log-file ${netbird_log_file}
    # command_args="${daemon_args} ${procname} service run --config ${netbird_config_file} --log-level ${netbird_log_level} --daemon-addr ${netbird_daemon_addr} --log-file ${netbird_log_file}"
}

netbird_poststop()
{
    /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1 && (
        logger -s -t netbird "Destroying ${netbird_tun_dev} adapter"
        /sbin/ifconfig ${netbird_tun_dev} destroy || logger -s -t netbird "Failed to destroy ${netbird_tun_dev} adapter"
    )
}

run_rc_command "$1"

I tried to add your repo, after i forked the master from opnsense/plugins, but didn't got it done quite right.
But the repo i work on is placed here: https://github.com/KeenanFalcon/OPNsensePlugins/tree/Netbird-devel

hakansa · 2025-06-23T16:22:12Z

@Gauss23 @KeenanFalcon hey guys, I'm the maintainer of the FreeBSD port of NetBird.

@KeenanFalcon is the last rc.d that you've shared works fine? If yes, I will test it in a pure freebsd and commit to our freebsd port.

Is os-release still an issue? What could be the alternative so I can update the codebase?

KeenanFalcon · 2025-06-23T21:02:23Z

@hakansa i made an comment about a posible fix here netbirdio/netbird#2200 (comment)

The rc.d i posted here, i have worked some more on, as it didn't worked correctly with opnsense, and i have made an PR here freebsd/freebsd-ports#404

About the os-release issue i worked on a possible fix here netbirdio/netbird@main...KeenanFalcon:netbird:opnsense-devel but i havn't made any pull requests for this one

hakansa · 2025-06-24T10:04:40Z

I've created a submission for the rc.conf hooks.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287762

Also I'm going to check os-release thing, it should not be blocker for now.

Added a plugin for Netbird

96a9151

This was referenced Feb 4, 2025

Allow Route to FreeBSD client netbirdio/netbird#2200

Open

Documentation for Netbird opnsense/docs#667

Open

Add Netbird to FreeBSD Ports netbirdio/netbird#3306

Closed

fichtner self-assigned this May 13, 2025