diff --git a/json/netbird-server.json b/json/netbird-server.json new file mode 100644 index 00000000..8f117832 --- /dev/null +++ b/json/netbird-server.json @@ -0,0 +1,48 @@ +{ + "name": "NetBird Server", + "slug": "netbird-server", + "categories": [ + 4 + ], + "date_created": "2026-05-19", + "type": "vm", + "updateable": false, + "privileged": false, + "interface_port": 443, + "documentation": "https://docs.netbird.io/selfhosted/selfhosted-quickstart", + "website": "https://netbird.io/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/netbird.webp", + "description": "NetBird self-hosted server — the management, signal, relay and STUN services that form the backbone of a private NetBird overlay network. Deploy on a VM with a public domain and run the official getting-started wizard to complete the setup.", + "install_methods": [ + { + "type": "default", + "script": "vm/netbird-server.sh", + "config_path": "", + "resources": { + "cpu": 2, + "ram": 2048, + "hdd": 10, + "os": "Debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "After first boot, run the setup wizard inside the VM: curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started.sh | bash", + "type": "info" + }, + { + "text": "Requires a public domain pointing to the VM and open ports: 80/tcp, 443/tcp, 3478/udp.", + "type": "warning" + }, + { + "text": "Docker is pre-installed during image creation. The getting-started.sh wizard deploys NetBird via Docker Compose.", + "type": "info" + } + ] +} \ No newline at end of file diff --git a/vm/netbird-server.sh b/vm/netbird-server.sh new file mode 100644 index 00000000..a8932db2 --- /dev/null +++ b/vm/netbird-server.sh @@ -0,0 +1,808 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: MickLesk (CanbiZ) +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://netbird.io + +source <(curl -fsSL "${COMMUNITY_SCRIPTS_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/vm-core.func") +load_functions + +function header_info { + clear + cat <<"EOF" + _ _ _ ____ _ _ ____ + | \ | | ___| |_| __ )(_)_ __ __| | / ___| ___ _ ____ _____ _ __ + | \| |/ _ \ __| _ \| | '__/ _` | \___ \ / _ \ '__\ \ / / _ \ '__| + | |\ | __/ |_| |_) | | | | (_| | ___) | __/ | \ V / __/ | + |_| \_|\___|\__|____/|_|_| \__,_| |____/ \___|_| \_/ \___|_| + +EOF +} + +APP="NetBird Server" +APP_TYPE="vm" +NSAPP="netbird-server" +RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)" +METHOD="" +DISK_SIZE="10G" +GEN_MAC=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//') +USE_CLOUD_INIT="no" +OS_TYPE="" +OS_VERSION="" +OS_CODENAME="" +OS_DISPLAY="" +THIN="discard=on,ssd=1," +NETBIRD_DOMAIN_INPUT="" +NETBIRD_PROXY_TYPE_INPUT="0" +NETBIRD_EMAIL_INPUT="" + +header_info +echo -e "\n Loading..." + +set -e +trap 'error_handler $LINENO "$BASH_COMMAND"' ERR +trap cleanup EXIT +trap 'post_update_to_api "failed" "130"' SIGINT +trap 'post_update_to_api "failed" "143"' SIGTERM +trap 'post_update_to_api "failed" "129"; exit 129' SIGHUP + +TEMP_DIR=$(mktemp -d) +pushd "$TEMP_DIR" >/dev/null + +if vm_confirm_new_vm "$APP" "This will create a New $APP VM. Proceed?"; then + : +else + header_info && exit_script +fi + +check_root +arch_check +pve_check + +# ============================================================================== +# NETBIRD CONFIGURATION PROMPTS +# ============================================================================== +function configure_netbird_setup() { + while true; do + if NETBIRD_DOMAIN_INPUT=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "NETBIRD DOMAIN" \ + --inputbox "Enter the public domain for your NetBird server.\n(DNS A record must point to this VM's public IP)\n\ne.g. netbird.my-domain.com" 11 65 "" \ + --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [[ -z "$NETBIRD_DOMAIN_INPUT" ]] || [[ "$NETBIRD_DOMAIN_INPUT" == "netbird.example.com" ]]; then + whiptail --backtitle "Proxmox VE Helper Scripts" --title "INVALID DOMAIN" \ + --msgbox "Please enter a valid domain name." 8 50 + continue + fi + echo -e "${INFO}${BOLD}${DGN}NetBird Domain: ${BGN}${NETBIRD_DOMAIN_INPUT}${CL}" + break + else + exit_script + fi + done + + if NETBIRD_PROXY_TYPE_INPUT=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "REVERSE PROXY" --radiolist \ + "Select the reverse proxy for NetBird" 14 70 4 \ + "0" "Traefik (recommended, built-in with auto TLS)" ON \ + "2" "Nginx (generates config template)" OFF \ + "3" "Nginx Proxy Manager" OFF \ + "5" "Other/Manual" OFF \ + 3>&1 1>&2 2>&3); then + echo -e "${INFO}${BOLD}${DGN}Reverse Proxy: ${BGN}${NETBIRD_PROXY_TYPE_INPUT}${CL}" + else + exit_script + fi + + if [[ "$NETBIRD_PROXY_TYPE_INPUT" == "0" ]]; then + while true; do + if NETBIRD_EMAIL_INPUT=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "LETSENCRYPT EMAIL" \ + --inputbox "Enter your email for Let's Encrypt certificates:" 8 65 "" \ + --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [[ -z "$NETBIRD_EMAIL_INPUT" ]]; then + whiptail --backtitle "Proxmox VE Helper Scripts" --title "INVALID EMAIL" \ + --msgbox "Email is required for Let's Encrypt." 8 50 + continue + fi + echo -e "${INFO}${BOLD}${DGN}Let's Encrypt Email: ${BGN}${NETBIRD_EMAIL_INPUT}${CL}" + break + else + exit_script + fi + done + fi +} + +# ============================================================================== +# OS SELECTION +# ============================================================================== +function select_os() { + if OS_CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SELECT OS" --radiolist \ + "Choose Operating System for NetBird Server VM" 14 68 3 \ + "debian13" "Debian 13 (Trixie) - Latest" ON \ + "debian12" "Debian 12 (Bookworm) - Stable" OFF \ + "ubuntu2404" "Ubuntu 24.04 LTS (Noble)" OFF \ + 3>&1 1>&2 2>&3); then + case $OS_CHOICE in + debian13) + OS_TYPE="debian" + OS_VERSION="13" + OS_CODENAME="trixie" + OS_DISPLAY="Debian 13 (Trixie)" + ;; + debian12) + OS_TYPE="debian" + OS_VERSION="12" + OS_CODENAME="bookworm" + OS_DISPLAY="Debian 12 (Bookworm)" + ;; + ubuntu2404) + OS_TYPE="ubuntu" + OS_VERSION="24.04" + OS_CODENAME="noble" + OS_DISPLAY="Ubuntu 24.04 LTS" + ;; + esac + echo -e "${OS}${BOLD}${DGN}Operating System: ${BGN}${OS_DISPLAY}${CL}" + else + exit_script + fi +} + +function select_cloud_init() { + if [ "$OS_TYPE" = "ubuntu" ]; then + USE_CLOUD_INIT="yes" + echo -e "${CLOUD:- }${BOLD}${DGN}Cloud-Init: ${BGN}yes (Ubuntu requires Cloud-Init)${CL}" + return + fi + + if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "CLOUD-INIT" \ + --yesno "Enable Cloud-Init for VM configuration?\n\nAllows automatic configuration of user accounts, SSH keys, and network settings.\n\nDebian without Cloud-Init uses nocloud image with console auto-login." 14 68); then + USE_CLOUD_INIT="yes" + echo -e "${CLOUD:- }${BOLD}${DGN}Cloud-Init: ${BGN}yes${CL}" + else + USE_CLOUD_INIT="no" + echo -e "${CLOUD:- }${BOLD}${DGN}Cloud-Init: ${BGN}no${CL}" + fi +} + +function get_image_url() { + local arch + arch=$(dpkg --print-architecture) + case $OS_TYPE in + debian) + if [ "$USE_CLOUD_INIT" = "yes" ]; then + echo "https://cloud.debian.org/images/cloud/${OS_CODENAME}/latest/debian-${OS_VERSION}-generic-${arch}.qcow2" + else + echo "https://cloud.debian.org/images/cloud/${OS_CODENAME}/latest/debian-${OS_VERSION}-nocloud-${arch}.qcow2" + fi + ;; + ubuntu) + echo "https://cloud-images.ubuntu.com/${OS_CODENAME}/current/${OS_CODENAME}-server-cloudimg-${arch}.img" + ;; + esac +} + +# ============================================================================== +# SETTINGS +# ============================================================================== +function default_settings() { + configure_netbird_setup + select_os + select_cloud_init + + VMID=$(get_valid_nextid) + FORMAT="" + MACHINE=" -machine q35" + DISK_CACHE="" + DISK_SIZE="10G" + HN="netbird" + CPU_TYPE=" -cpu host" + CORE_COUNT="2" + RAM_SIZE="2048" + BRG="vmbr0" + MAC="$GEN_MAC" + VLAN="" + MTU="" + START_VM="yes" + METHOD="default" + + echo -e "${CONTAINERID}${BOLD}${DGN}Virtual Machine ID: ${BGN}${VMID}${CL}" + echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}Q35 (Modern)${CL}" + echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE}${CL}" + echo -e "${DISKSIZE}${BOLD}${DGN}Disk Cache: ${BGN}None${CL}" + echo -e "${HOSTNAME}${BOLD}${DGN}Hostname: ${BGN}${HN}${CL}" + echo -e "${OS}${BOLD}${DGN}CPU Model: ${BGN}Host${CL}" + echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}" + echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE}${CL}" + echo -e "${BRIDGE}${BOLD}${DGN}Bridge: ${BGN}${BRG}${CL}" + echo -e "${MACADDRESS}${BOLD}${DGN}MAC Address: ${BGN}${MAC}${CL}" + echo -e "${VLANTAG}${BOLD}${DGN}VLAN: ${BGN}Default${CL}" + echo -e "${DEFAULT}${BOLD}${DGN}Interface MTU Size: ${BGN}Default${CL}" + echo -e "${GATEWAY}${BOLD}${DGN}Start VM when completed: ${BGN}yes${CL}" + echo -e "${CREATING}${BOLD}${DGN}Creating a NetBird Server VM using the above default settings${CL}" +} + +function advanced_settings() { + configure_netbird_setup + select_os + select_cloud_init + + METHOD="advanced" + [ -z "${VMID:-}" ] && VMID=$(get_valid_nextid) + + while true; do + if VMID=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Virtual Machine ID" 8 58 $VMID --title "VIRTUAL MACHINE ID" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z "$VMID" ]; then VMID=$(get_valid_nextid); fi + if pct status "$VMID" &>/dev/null || qm status "$VMID" &>/dev/null; then + echo -e "${CROSS}${RD} ID $VMID is already in use${CL}" + sleep 2 + continue + fi + echo -e "${CONTAINERID}${BOLD}${DGN}Virtual Machine ID: ${BGN}$VMID${CL}" + break + else + exit_script + fi + done + + if MACH=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "MACHINE TYPE" --radiolist --cancel-button Exit-Script "Choose Type" 10 58 2 \ + "q35" "Q35 (Modern, PCIe)" ON \ + "i440fx" "i440fx (Legacy, PCI)" OFF \ + 3>&1 1>&2 2>&3); then + if [ $MACH = q35 ]; then + echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}Q35 (Modern)${CL}" + FORMAT="" + MACHINE=" -machine q35" + else + echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}i440fx (Legacy)${CL}" + FORMAT=",efitype=4m" + MACHINE="" + fi + else + exit_script + fi + + if DISK_SIZE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Disk Size in GiB (e.g., 10, 20)" 8 58 "10" --title "DISK SIZE" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + DISK_SIZE=$(echo "$DISK_SIZE" | tr -d ' ') + if [[ "$DISK_SIZE" =~ ^[0-9]+$ ]]; then + DISK_SIZE="${DISK_SIZE}G" + elif [[ ! "$DISK_SIZE" =~ ^[0-9]+G$ ]]; then + echo -e "${DISKSIZE}${BOLD}${RD}Invalid Disk Size.${CL}" + exit_script + fi + echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}$DISK_SIZE${CL}" + else + exit_script + fi + + if DISK_CACHE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "DISK CACHE" --radiolist "Choose" --cancel-button Exit-Script 10 58 2 \ + "0" "None (Default)" ON \ + "1" "Write Through" OFF \ + 3>&1 1>&2 2>&3); then + if [ $DISK_CACHE = "1" ]; then + echo -e "${DISKSIZE}${BOLD}${DGN}Disk Cache: ${BGN}Write Through${CL}" + DISK_CACHE="cache=writethrough," + else + echo -e "${DISKSIZE}${BOLD}${DGN}Disk Cache: ${BGN}None${CL}" + DISK_CACHE="" + fi + else + exit_script + fi + + if VM_NAME=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Hostname" 8 58 netbird --title "HOSTNAME" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z $VM_NAME ]; then + HN="netbird" + else + HN=$(echo "${VM_NAME,,}" | tr -cs 'a-z0-9-' '-' | sed 's/^-//;s/-$//') + fi + echo -e "${HOSTNAME}${BOLD}${DGN}Hostname: ${BGN}$HN${CL}" + else + exit_script + fi + + if CPU_TYPE1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "CPU MODEL" --radiolist "Choose" --cancel-button Exit-Script 10 58 2 \ + "1" "Host (Recommended)" ON \ + "0" "KVM64" OFF \ + 3>&1 1>&2 2>&3); then + if [ $CPU_TYPE1 = "1" ]; then + echo -e "${OS}${BOLD}${DGN}CPU Model: ${BGN}Host${CL}" + CPU_TYPE=" -cpu host" + else + echo -e "${OS}${BOLD}${DGN}CPU Model: ${BGN}KVM64${CL}" + CPU_TYPE="" + fi + else + exit_script + fi + + while true; do + if CORE_COUNT=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Allocate CPU Cores" 8 58 2 --title "CORE COUNT" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z "$CORE_COUNT" ]; then CORE_COUNT="2"; fi + if [[ "$CORE_COUNT" =~ ^[1-9][0-9]*$ ]]; then + echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}$CORE_COUNT${CL}" + break + fi + else + exit_script + fi + done + + while true; do + if RAM_SIZE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Allocate RAM in MiB (min 2048)" 8 58 2048 --title "RAM" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z "$RAM_SIZE" ]; then RAM_SIZE="2048"; fi + if [[ "$RAM_SIZE" =~ ^[1-9][0-9]*$ ]]; then + echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}$RAM_SIZE${CL}" + break + fi + else + exit_script + fi + done + + if BRG=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set a Bridge" 8 58 vmbr0 --title "BRIDGE" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z $BRG ]; then BRG="vmbr0"; fi + echo -e "${BRIDGE}${BOLD}${DGN}Bridge: ${BGN}$BRG${CL}" + else + exit_script + fi + + while true; do + if MAC1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set a MAC Address" 8 58 $GEN_MAC --title "MAC ADDRESS" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z "$MAC1" ]; then + MAC="$GEN_MAC" + echo -e "${MACADDRESS}${BOLD}${DGN}MAC Address: ${BGN}$MAC${CL}" + break + fi + if [[ "$MAC1" =~ ^([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}$ ]]; then + MAC="$MAC1" + echo -e "${MACADDRESS}${BOLD}${DGN}MAC Address: ${BGN}$MAC${CL}" + break + fi + else + exit_script + fi + done + + while true; do + if VLAN1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set a Vlan (leave blank for default)" 8 58 --title "VLAN" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z "$VLAN1" ]; then + VLAN="" + echo -e "${VLANTAG}${BOLD}${DGN}VLAN: ${BGN}Default${CL}" + break + fi + if [[ "$VLAN1" =~ ^[0-9]+$ ]] && [ "$VLAN1" -ge 1 ] && [ "$VLAN1" -le 4094 ]; then + VLAN=",tag=$VLAN1" + echo -e "${VLANTAG}${BOLD}${DGN}VLAN: ${BGN}$VLAN1${CL}" + break + fi + else + exit_script + fi + done + + while true; do + if MTU1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Interface MTU Size (leave blank for default)" 8 58 --title "MTU SIZE" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then + if [ -z "$MTU1" ]; then + MTU="" + echo -e "${DEFAULT}${BOLD}${DGN}Interface MTU Size: ${BGN}Default${CL}" + break + fi + if [[ "$MTU1" =~ ^[0-9]+$ ]] && [ "$MTU1" -ge 576 ] && [ "$MTU1" -le 65520 ]; then + MTU=",mtu=$MTU1" + echo -e "${DEFAULT}${BOLD}${DGN}Interface MTU Size: ${BGN}$MTU1${CL}" + break + fi + else + exit_script + fi + done + + if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "START VIRTUAL MACHINE" --yesno "Start VM when completed?" 10 58); then + echo -e "${GATEWAY}${BOLD}${DGN}Start VM when completed: ${BGN}yes${CL}" + START_VM="yes" + else + echo -e "${GATEWAY}${BOLD}${DGN}Start VM when completed: ${BGN}no${CL}" + START_VM="no" + fi + + if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "ADVANCED SETTINGS COMPLETE" --yesno "Ready to create a NetBird Server VM?" --no-button Do-Over 10 58); then + echo -e "${CREATING}${BOLD}${DGN}Creating a NetBird Server VM using the above advanced settings${CL}" + else + header_info + echo -e "${ADVANCED}${BOLD}${RD}Using Advanced Settings${CL}" + advanced_settings + fi +} + +function start_script() { + if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "SETTINGS" --yesno "Use Default Settings?" --no-button Advanced 10 58); then + header_info + echo -e "${DEFAULT}${BOLD}${BL}Using Default Settings${CL}" + default_settings + else + header_info + echo -e "${ADVANCED}${BOLD}${RD}Using Advanced Settings${CL}" + advanced_settings + fi +} + +# ============================================================================== +# MAIN EXECUTION +# ============================================================================== +start_script +post_to_api_vm + +# ============================================================================== +# STORAGE SELECTION +# ============================================================================== +msg_info "Validating Storage" +while read -r line; do + TAG=$(echo $line | awk '{print $1}') + TYPE=$(echo $line | awk '{printf "%-10s", $2}') + FREE=$(echo $line | numfmt --field 4-6 --from-unit=K --to=iec --format %.2f | awk '{printf( "%9sB", $6)}') + ITEM=" Type: $TYPE Free: $FREE " + OFFSET=2 + if [[ $((${#ITEM} + $OFFSET)) -gt ${MSG_MAX_LENGTH:-} ]]; then + MSG_MAX_LENGTH=$((${#ITEM} + $OFFSET)) + fi + STORAGE_MENU+=("$TAG" "$ITEM" "OFF") +done < <(pvesm status -content images | awk 'NR>1') + +VALID=$(pvesm status -content images | awk 'NR>1') +if [ -z "$VALID" ]; then + msg_error "Unable to detect a valid storage location." + exit +elif [ $((${#STORAGE_MENU[@]} / 3)) -eq 1 ]; then + STORAGE=${STORAGE_MENU[0]} +else + while [ -z "${STORAGE:+x}" ]; do + STORAGE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Storage Pools" --radiolist \ + "Which storage pool would you like to use for ${HN}?\nTo make a selection, use the Spacebar.\n" \ + 16 $(($MSG_MAX_LENGTH + 23)) 6 \ + "${STORAGE_MENU[@]}" 3>&1 1>&2 2>&3) + done +fi +msg_ok "Using ${CL}${BL}$STORAGE${CL} ${GN}for Storage Location." +msg_ok "Virtual Machine ID is ${CL}${BL}$VMID${CL}." + +# ============================================================================== +# PREREQUISITES +# ============================================================================== +if ! command -v virt-customize &>/dev/null; then + msg_info "Installing libguestfs-tools" + apt-get -qq update >/dev/null + apt-get -qq install libguestfs-tools -y >/dev/null + msg_ok "Installed libguestfs-tools" +fi + +# ============================================================================== +# IMAGE DOWNLOAD +# ============================================================================== +msg_info "Retrieving the URL for the ${OS_DISPLAY} Disk Image" +URL=$(get_image_url) +CACHE_DIR="/var/lib/vz/template/cache" +CACHE_FILE="$CACHE_DIR/$(basename "$URL")" +mkdir -p "$CACHE_DIR" +msg_ok "${CL}${BL}${URL}${CL}" + +if [[ ! -s "$CACHE_FILE" ]]; then + curl -f#SL -o "$CACHE_FILE" "$URL" + echo -en "\e[1A\e[0K" + msg_ok "Downloaded ${CL}${BL}$(basename "$CACHE_FILE")${CL}" +else + msg_ok "Using cached image ${CL}${BL}$(basename "$CACHE_FILE")${CL}" +fi + +# ============================================================================== +# STORAGE TYPE DETECTION +# ============================================================================== +STORAGE_TYPE=$(pvesm status -storage "$STORAGE" | awk 'NR>1 {print $2}') +case $STORAGE_TYPE in +nfs | dir) + DISK_EXT=".qcow2" + DISK_REF="$VMID/" + DISK_IMPORT="--format qcow2" + THIN="" + ;; +btrfs) + DISK_EXT=".raw" + DISK_REF="$VMID/" + DISK_IMPORT="--format raw" + FORMAT=",efitype=4m" + THIN="" + ;; +*) + DISK_EXT="" + DISK_REF="" + DISK_IMPORT="--format raw" + ;; +esac + +# ============================================================================== +# IMAGE CUSTOMIZATION +# ============================================================================== +msg_info "Preparing ${OS_DISPLAY} image with Docker & prerequisites" + +WORK_FILE=$(mktemp --suffix=.qcow2) +cp "$CACHE_FILE" "$WORK_FILE" + +export LIBGUESTFS_BACKEND_SETTINGS=dns=8.8.8.8,1.1.1.1 + +DOCKER_PREINSTALLED="no" + +msg_info "Installing base packages (qemu-guest-agent, curl, ca-certificates, jq)" +if virt-customize -a "$WORK_FILE" --install qemu-guest-agent,curl,ca-certificates,jq >/dev/null 2>&1; then + msg_ok "Installed base packages" + + msg_info "Installing Docker (this may take 2-5 minutes)" + if virt-customize -q -a "$WORK_FILE" --run-command "curl -fsSL https://get.docker.com | sh" >/dev/null 2>&1 && + virt-customize -q -a "$WORK_FILE" --run-command "systemctl enable docker" >/dev/null 2>&1; then + msg_ok "Installed Docker" + + msg_info "Configuring Docker daemon" + virt-customize -q -a "$WORK_FILE" --run-command "mkdir -p /etc/docker" >/dev/null 2>&1 + virt-customize -q -a "$WORK_FILE" --run-command 'cat > /etc/docker/daemon.json << EOF +{ + "storage-driver": "overlay2", + "log-driver": "json-file", + "log-opts": { + "max-size": "10m", + "max-file": "3" + } +} +EOF' >/dev/null 2>&1 + DOCKER_PREINSTALLED="yes" + msg_ok "Configured Docker daemon" + else + msg_ok "Docker will be installed on first boot" + fi +else + msg_ok "Packages will be installed on first boot" +fi + +# Write NetBird env file (host variables expanded into the image) +msg_info "Writing NetBird configuration" +NETBIRD_ENV_TMP=$(mktemp) +cat >"$NETBIRD_ENV_TMP" </dev/null 2>&1 +rm -f "$NETBIRD_ENV_TMP" + +# Write first-boot setup script (no host variable expansion needed — single-quoted heredoc) +NETBIRD_SETUP_TMP=$(mktemp) +cat >"$NETBIRD_SETUP_TMP" <<'SETUPEOF' +#!/bin/bash +exec > /var/log/netbird-setup.log 2>&1 +set -e + +echo "[$(date)] Starting NetBird automated setup" + +# Wait for Docker (up to 5 minutes) +for i in {1..60}; do + docker info >/dev/null 2>&1 && break + sleep 5 +done +docker info >/dev/null 2>&1 || { echo "[$(date)] ERROR: Docker not ready after 5 min"; exit 1; } + +# Load pre-configured values +set -a +source /root/netbird.env +set +a + +# Download getting-started.sh +curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started.sh \ + -o /root/getting-started.sh + +# Patch interactive reads to prefer pre-set env vars +sed -i \ + -e 's/REVERSE_PROXY_TYPE=$(read_reverse_proxy_type)/REVERSE_PROXY_TYPE="${REVERSE_PROXY_TYPE:-$(read_reverse_proxy_type)}"/' \ + -e 's/TRAEFIK_ACME_EMAIL=$(read_traefik_acme_email)/TRAEFIK_ACME_EMAIL="${TRAEFIK_ACME_EMAIL:-$(read_traefik_acme_email)}"/' \ + -e 's/ENABLE_PROXY=$(read_enable_proxy)/ENABLE_PROXY="${ENABLE_PROXY:-$(read_enable_proxy)}"/' \ + -e 's/ENABLE_CROWDSEC=$(read_enable_crowdsec)/ENABLE_CROWDSEC="${ENABLE_CROWDSEC:-$(read_enable_crowdsec)}"/' \ + /root/getting-started.sh + +echo "[$(date)] Running NetBird getting-started.sh" +bash /root/getting-started.sh + +touch /root/.netbird-setup-done +echo "[$(date)] NetBird setup completed" +SETUPEOF +virt-customize -q -a "$WORK_FILE" \ + --upload "${NETBIRD_SETUP_TMP}:/root/netbird-setup.sh" \ + --run-command "chmod +x /root/netbird-setup.sh" >/dev/null 2>&1 +rm -f "$NETBIRD_SETUP_TMP" + +# Write first-boot systemd service +NETBIRD_SVC_TMP=$(mktemp) +cat >"$NETBIRD_SVC_TMP" <<'SVCEOF' +[Unit] +Description=NetBird Initial Setup +After=network-online.target docker.service +Wants=network-online.target +ConditionPathExists=!/root/.netbird-setup-done + +[Service] +Type=oneshot +ExecStart=/root/netbird-setup.sh +RemainAfterExit=yes +StandardOutput=journal+console +StandardError=journal+console +TimeoutStartSec=600 + +[Install] +WantedBy=multi-user.target +SVCEOF +virt-customize -q -a "$WORK_FILE" \ + --upload "${NETBIRD_SVC_TMP}:/etc/systemd/system/netbird-setup.service" \ + --run-command "systemctl enable netbird-setup.service" >/dev/null 2>&1 +rm -f "$NETBIRD_SVC_TMP" +msg_ok "Configured NetBird first-boot automation" + +msg_info "Finalizing image" +virt-customize -q -a "$WORK_FILE" --hostname "${HN}" >/dev/null 2>&1 || true +virt-customize -q -a "$WORK_FILE" --run-command "truncate -s 0 /etc/machine-id" >/dev/null 2>&1 || true +virt-customize -q -a "$WORK_FILE" --run-command "rm -f /var/lib/dbus/machine-id" >/dev/null 2>&1 || true + +if [ "$USE_CLOUD_INIT" = "yes" ]; then + virt-customize -q -a "$WORK_FILE" --run-command "sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config" >/dev/null 2>&1 || true + virt-customize -q -a "$WORK_FILE" --run-command "sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config" >/dev/null 2>&1 || true +else + virt-customize -q -a "$WORK_FILE" --run-command "mkdir -p /etc/systemd/system/serial-getty@ttyS0.service.d" >/dev/null 2>&1 || true + virt-customize -q -a "$WORK_FILE" --run-command 'cat > /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf << EOF +[Service] +ExecStart= +ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM +EOF' >/dev/null 2>&1 || true +fi +msg_ok "Finalized image" + +if [ "$DOCKER_PREINSTALLED" = "no" ]; then + DOCKER_INSTALL_TMP=$(mktemp) + cat >"$DOCKER_INSTALL_TMP" <<'DOCKEREOF' +#!/bin/bash +exec > /var/log/install-docker.log 2>&1 +echo "[$(date)] Starting Docker installation" +for i in {1..30}; do + ping -c 1 8.8.8.8 >/dev/null 2>&1 && break + sleep 2 +done +apt-get update +apt-get install -y qemu-guest-agent curl ca-certificates jq +curl -fsSL https://get.docker.com | sh +systemctl enable docker +systemctl start docker +touch /root/.docker-installed +echo "[$(date)] Docker installation completed" +DOCKEREOF + DOCKER_SVC_TMP=$(mktemp) + cat >"$DOCKER_SVC_TMP" <<'DOCKERSVCEOF' +[Unit] +Description=Install Docker on First Boot +After=network-online.target +Wants=network-online.target +ConditionPathExists=!/root/.docker-installed + +[Service] +Type=oneshot +ExecStart=/root/install-docker.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +DOCKERSVCEOF + virt-customize -q -a "$WORK_FILE" \ + --upload "${DOCKER_INSTALL_TMP}:/root/install-docker.sh" \ + --upload "${DOCKER_SVC_TMP}:/etc/systemd/system/install-docker.service" \ + --run-command "chmod +x /root/install-docker.sh" \ + --run-command "systemctl enable install-docker.service" >/dev/null 2>&1 || true + rm -f "$DOCKER_INSTALL_TMP" "$DOCKER_SVC_TMP" +fi + +msg_info "Resizing disk image to ${DISK_SIZE}" +qemu-img resize "$WORK_FILE" "${DISK_SIZE}" >/dev/null 2>&1 +msg_ok "Resized disk image" + +# ============================================================================== +# VM CREATION +# ============================================================================== +msg_info "Creating NetBird Server VM shell" +qm create $VMID -agent 1${MACHINE} -tablet 0 -localtime 1 -bios ovmf${CPU_TYPE} -cores $CORE_COUNT -memory $RAM_SIZE \ + -name $HN -tags community-script -net0 virtio,bridge=$BRG,macaddr=$MAC$VLAN$MTU -onboot 1 -ostype l26 -scsihw virtio-scsi-pci >/dev/null +msg_ok "Created VM shell" + +# ============================================================================== +# DISK IMPORT +# ============================================================================== +msg_info "Importing disk into storage ($STORAGE)" +if qm disk import --help >/dev/null 2>&1; then + IMPORT_CMD=(qm disk import) +else + IMPORT_CMD=(qm importdisk) +fi + +IMPORT_OUT="$("${IMPORT_CMD[@]}" "$VMID" "$WORK_FILE" "$STORAGE" ${DISK_IMPORT:-} 2>&1 || true)" +DISK_REF_IMPORTED="$(printf '%s\n' "$IMPORT_OUT" | sed -n "s/.*successfully imported disk '\([^']\+\)'.*/\1/p" | tr -d "\r\"'")" +[[ -z "$DISK_REF_IMPORTED" ]] && DISK_REF_IMPORTED="$(pvesm list "$STORAGE" | awk -v id="$VMID" '$5 ~ ("vm-"id"-disk-") {print $1":"$5}' | sort | tail -n1)" +[[ -z "$DISK_REF_IMPORTED" ]] && { + msg_error "Unable to determine imported disk reference." + echo "$IMPORT_OUT" + exit 226 +} +msg_ok "Imported disk (${CL}${BL}${DISK_REF_IMPORTED}${CL})" + +rm -f "$WORK_FILE" + +# ============================================================================== +# VM CONFIGURATION +# ============================================================================== +msg_info "Attaching EFI and root disk" +qm set "$VMID" \ + --efidisk0 "${STORAGE}:0,efitype=4m" \ + --scsi0 "${DISK_REF_IMPORTED},${DISK_CACHE}${THIN%,}" \ + --boot order=scsi0 \ + --serial0 socket >/dev/null +qm set $VMID --agent enabled=1 >/dev/null +msg_ok "Attached EFI and root disk" + +set_description + +if [ "$USE_CLOUD_INIT" = "yes" ]; then + msg_info "Configuring Cloud-Init" + setup_cloud_init "$VMID" "$STORAGE" "$HN" "yes" + msg_ok "Cloud-Init configured" +fi + +# ============================================================================== +# START VM +# ============================================================================== +if [ "$START_VM" == "yes" ]; then + msg_info "Starting NetBird Server VM" + qm start $VMID >/dev/null 2>&1 + msg_ok "Started NetBird Server VM" +fi + +# ============================================================================== +# FINAL OUTPUT +# ============================================================================== +VM_IP="" +if [ "$START_VM" == "yes" ]; then + set +e + for i in {1..10}; do + VM_IP=$(qm guest cmd "$VMID" network-get-interfaces 2>/dev/null | + jq -r '.[] | select(.name != "lo") | ."ip-addresses"[]? | select(."ip-address-type" == "ipv4") | ."ip-address"' 2>/dev/null | + grep -v "^127\." | head -1) || true + [ -n "$VM_IP" ] && break + sleep 3 + done + set -e +fi + +echo -e "\n${INFO}${BOLD}${GN}NetBird Server VM Summary:${CL}" +echo -e "${TAB}${DGN}VM ID: ${BGN}${VMID}${CL}" +echo -e "${TAB}${DGN}Hostname: ${BGN}${HN}${CL}" +echo -e "${TAB}${DGN}OS: ${BGN}${OS_DISPLAY}${CL}" +[ -n "$VM_IP" ] && echo -e "${TAB}${DGN}IP Address: ${BGN}${VM_IP}${CL}" + +if [ "$DOCKER_PREINSTALLED" = "yes" ]; then + echo -e "${TAB}${DGN}Docker: ${BGN}Pre-installed${CL}" +else + echo -e "${TAB}${DGN}Docker: ${BGN}Installing on first boot — check: ${BL}journalctl -u netbird-setup${CL}" +fi + +echo -e "" +echo -e "${INFO}${BOLD}${GN}NetBird is being configured automatically on first boot!${CL}" +echo -e "${TAB}${DGN}Domain: ${BGN}https://${NETBIRD_DOMAIN_INPUT}${CL}" +echo -e "${TAB}${DGN}Setup log: ${BGN}journalctl -u netbird-setup -f${CL}" +echo -e "${TAB}${DGN}Required open ports: ${BGN}80/tcp, 443/tcp, 3478/udp${CL}" + +if [ "$USE_CLOUD_INIT" = "yes" ]; then + display_cloud_init_info "$VMID" "$HN" 2>/dev/null || true +fi + +post_update_to_api "done" "none" +msg_ok "Completed successfully!\n"