chore: netbird module optimized

hosts/AZ-CLD-1/services/containers/litellm.nix

@@ -9,7 +9,7 @@
 in {
   virtualisation.oci-containers.containers.${serviceName} = {
     #image = "ghcr.io/berriai/litellm:v1.78.5-stable";
-    image = "docker.litellm.ai/berriai/litellm:v1.81.12-stable";
+    image = "docker.litellm.ai/berriai/litellm:v1.81.14-stable.gpt-5.4_patch";
     ports = ["127.0.0.1:${toString servicePort}:4000"];
     environmentFiles = [config.age.secrets.litellm-env.path];
     environment = {

hosts/AZ-CLD-1/services/containers/netbird.nix

@@ -15,12 +15,18 @@
   ipBase = "10.89.0";
   ipOffset = 50;
 
+  # Derived IPs
+  gatewayIp = "${ipBase}.1";
+  dashboardIp = "${ipBase}.${toString ipOffset}";
+  serverIp = "${ipBase}.${toString (ipOffset + 1)}";
+  proxyIp = "${ipBase}.${toString (ipOffset + 2)}";
+
   # Database configuration
   dbName = "netbird";
   dbUser = "netbird";
-  dbHost = "${ipBase}.1";
+  dbHost = gatewayIp;
 
-  # NetBird config als Nix attribute set
+  # NetBird config as Nix attribute set
   netbirdConfig = {
     server = {
       listenAddress = ":80";
@@ -44,7 +50,7 @@
       };
 
       reverseProxy = {
-        trustedHTTPProxies = ["${ipBase}.1/32"];
+        trustedHTTPProxies = ["${gatewayIp}/32"];
       };
 
       # Proxy Feature
@@ -65,11 +71,11 @@
     };
   };
 
-  # YAML generieren
+  # Generate YAML config
   yamlFormat = pkgs.formats.yaml {};
   configYamlBase = yamlFormat.generate "netbird-config-base.yaml" netbirdConfig;
 
-  # Script das Secrets zur Runtime injiziert
+  # Script to inject secrets at runtime
   configGenScript = pkgs.writeShellScript "netbird-gen-config" ''
     set -euo pipefail
 
@@ -91,7 +97,7 @@ in {
   age.secrets."${serviceName}-server-env".file = ../../../../secrets/${serviceName}-server-env.age;
   age.secrets."${serviceName}-proxy-env".file = ../../../../secrets/${serviceName}-proxy-env.age;
 
-  # Systemd oneshot Service der die Config generiert
+  # Systemd oneshot service to generate config with secrets
   systemd.services."${serviceName}-config" = {
     description = "Generate NetBird config with secrets";
     wantedBy = ["multi-user.target"];
@@ -117,9 +123,10 @@ in {
     "${serviceName}-dashboard" = {
       image = "netbirdio/dashboard:latest";
       autoStart = true;
+      ports = ["127.0.0.1:${toString servicePort}:80"];
       environmentFiles = [config.age.secrets."${serviceName}-dashboard-env".path];
       extraOptions = [
-        "--ip=${ipBase}.${toString ipOffset}"
+        "--ip=${dashboardIp}"
         "--network=web"
       ];
     };
@@ -135,7 +142,7 @@ in {
       ];
       cmd = ["--config" "/etc/netbird/config.yaml"];
       extraOptions = [
-        "--ip=${ipBase}.${toString (ipOffset + 1)}"
+        "--ip=${serverIp}"
         "--network=web"
       ];
     };
@@ -149,35 +156,35 @@ in {
       ];
       environmentFiles = [config.age.secrets."${serviceName}-proxy-env".path];
       cmd = [
-        "--domain=p.az-gruppe.com"
+        "--domain=${proxyDomain}"
         "--mgmt=https://${domain}:443"
         "--addr=:8443"
         "--cert-dir=/certs"
         "--acme-certs"
-        "--trusted-proxies=${ipBase}.1/32"
+        "--trusted-proxies=${gatewayIp}/32"
       ];
       dependsOn = ["${serviceName}-server"];
       extraOptions = [
-        "--ip=${ipBase}.${toString (ipOffset + 2)}"
+        "--ip=${proxyIp}"
         "--network=web"
       ];
     };
   };
 
   services.traefik.dynamicConfigOptions = {
-    # HTTP Services und Routers
+    # HTTP services and routers
     http = {
       services = {
         "${serviceName}-dashboard".loadBalancer.servers = [
-          {url = "http://${ipBase}.${toString ipOffset}:80/";}
+          {url = "http://localhost:${toString servicePort}/";}
         ];
 
         "${serviceName}-server".loadBalancer.servers = [
-          {url = "http://${ipBase}.${toString (ipOffset + 1)}:80/";}
+          {url = "http://${serverIp}:80/";}
         ];
 
         "${serviceName}-server-h2c".loadBalancer.servers = [
-          {url = "h2c://${ipBase}.${toString (ipOffset + 1)}:80";}
+          {url = "h2c://${serverIp}:80";}
         ];
       };
 
@@ -199,7 +206,7 @@ in {
           priority = 100;
         };
 
-        # Dashboard (catch-all, niedrigste Priorität)
+        # Dashboard (catch-all, lowest priority)
         "${serviceName}-dashboard" = {
           rule = "Host(`${domain}`)";
           entrypoints = "websecure";
@@ -210,10 +217,10 @@ in {
       };
     };
 
-    # TCP für Proxy TLS Passthrough
+    # TCP for proxy TLS passthrough
     tcp = {
       services."${serviceName}-proxy-tls".loadBalancer.servers = [
-        {address = "${ipBase}.${toString (ipOffset + 2)}:8443";}
+        {address = "${proxyIp}:8443";}
       ];
 
       routers."${serviceName}-proxy-passthrough" = {
@@ -225,7 +232,7 @@ in {
       };
     };
 
-    # ServersTransport für Proxy Protocol v2 (optional)
+    # ServersTransport for proxy protocol v2 (optional)
     serversTransports."pp-v2" = {
       proxyProtocol.version = 2;
     };
@@ -233,6 +240,6 @@ in {
 
   networking.firewall.allowedUDPPorts = [
     3478 # STUN
-    51820 # WireGuard für Proxy
+    51820 # WireGuard for proxy
   ];
 }

hosts/AZ-PRM-1/services/default.nix

@@ -3,6 +3,7 @@
     ./containers
 
     ./n8n.nix
+    ./netbird.nix
     ./pgadmin.nix
     ./postgres.nix
     ./traefik.nix

hosts/AZ-PRM-1/services/netbird.nix

@@ -1,5 +1,8 @@
 {pkgs, ...}: {
-  services.netbird.enable = true;
+  services.netbird = {
+    enable = true;
+    package = pkgs.unstable.netbird;
+  };
 
   systemd.services.netbird = {
     environment = {

lib/ports.nix

@@ -16,6 +16,7 @@
     ntfy-sh = 3033;
     it-tools = 3035;
     zammad-hr = 3036;
+    netbird = 3038;
     zammad-hr-elasticsearch = 3037;
 
     # Docker services (3100-3199 range)