Replace netstack (full userspace) mode with userspace WireGuard + real
kernel TUN interface. This gives proper network performance for game
streaming (Moonlight/Sunshine) while still keeping all files in /home.
Uses sudo setcap to grant CAP_NET_ADMIN and CAP_NET_RAW on the binary
instead of running as root. Capabilities are applied at install and
reapplied on each update.
In netstack mode with local forwarding enabled, ICMP packets get
replied to by both the gVisor netstack and the native OS (via the
forwarder), causing duplicate ping responses. Local forwarding is
only needed when remote peers must reach host-local services, so
it should not be on by default.
The CLI defaults to /var/run/netbird.sock which doesn't exist in our
rootless setup. Export NB_DAEMON_ADDR and NB_CONFIG in .bashrc so the
CLI automatically connects to the user-level daemon socket.
Verify SHA-256 checksums from the release checksums.txt before
installing. In do_update, download and verify the new binary to a
staging directory before stopping the running service so a failed
download leaves the existing installation untouched.
Standalone installer for Steam Deck / SteamOS that runs NetBird
entirely from /home using netstack mode — no root, no sysext, no
TUN device required. Survives all OS updates without intervention.
Fixes#4808 by extracting the full username by:
- Get PID using pgrep
- Get UID from PID using /proc/${PID}/loginuid
- Get user name from UID using id
Also replaces "complex" pipe from ps to sed with a (hopefully) "simpler" (as in requiring less knowledge about the arguments of ps and regexps) invocation of cat and id.
* Remove aur support and start service on ostree
The aur installation was adding many packages and installing more than just the client. For now is best to remove it and rely on binary install
Some users complained about ostree installation not starting the client, we add two explicit commands to it
* use ${SUDO}
* fix if closure
* Made changes to the peer install script that makes it work on alpine linux without changes
* fix small oversight with doas fix
* use try catch approach when curling binaries
Periodically fetch the latest available version, and the UI will shows a new menu for the download link. It checks both the daemon version and the UI version.
For installations using the binary release method (using the official installer script), it would be nice to be able to define a specific version to install.
A user/developer can choose to define the NETBIRD_RELEASE variable during installation, to pin a specific version during installation.
If NETBIRD_RELEASE is not defined, we default to the current behavior of latest
Resolve the problem with the update script that prevents netbird-ui from updating during binary installation.
Introduce the variable UPDATE_NETBIRD. Now we can upgrade the binary installation with
A function stop_running_netbird_ui has been added which checks if NetBird UI is currently running. If so, it stops the UI to allow the application update process to proceed smoothly. This was necessary to prevent conflicts or errors during updates if the UI was running.
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
This commit modifies the install.sh script to improve compatibility with systems lacking the sudo command. A conditional check is added at the beginning of the script to see if the sudo command exists. If it does, operations in the script that previously required sudo would proceed as normal, using the sudo command. If the system does not have sudo, the shell would execute these operations without it. This change enhances the usability of this script in restricted environments where sudo is not installed or available to users.
This pull request addresses the need to enhance the installer script by introducing a new parameter --update to trigger updates. The goal is to streamline the update process for binary installations and provide a better experience for users.
