--- # ============================================================================= # NetBird v1.6 Deployment - No-SSL Mode (HTTP only) # ============================================================================= # Lightweight deployment for LAN/air-gapped networks. # Access dashboard by IP address only. # # WARNING: All traffic is unencrypted. Only use on isolated networks. # # Prerequisites: # 1. VPS/server accessible on local network # 2. Update inventory.yml with your server IP # 3. Create group_vars/vault.yml from vault.yml.example # # Run: # ansible-playbook -i inventory.yml playbook-no-ssl.yml --ask-vault-pass # ============================================================================= - name: Deploy NetBird v1.6 (No-SSL Mode) hosts: netbird_servers become: true gather_facts: true vars_files: - group_vars/netbird_servers.yml - group_vars/vault.yml pre_tasks: - name: Set no-SSL variables (override group_vars) ansible.builtin.set_fact: netbird_domain: "{{ ansible_default_ipv4.address }}" netbird_protocol: "http" relay_protocol: "rel" relay_port: 80 signal_port: 80 single_account_domain: "netbird.local" tasks: # ========================================================================= # Prerequisites # ========================================================================= - name: Update apt cache ansible.builtin.apt: update_cache: true cache_valid_time: 3600 - name: Install prerequisites ansible.builtin.apt: name: - apt-transport-https - ca-certificates - curl - gnupg - lsb-release - jq state: present # ========================================================================= # Docker Installation # ========================================================================= - name: Check if Docker is installed ansible.builtin.command: docker --version register: docker_installed changed_when: false failed_when: false - name: Create keyrings directory ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: "0755" when: docker_installed.rc != 0 - name: Add Docker GPG key ansible.builtin.shell: | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg args: creates: /etc/apt/keyrings/docker.gpg when: docker_installed.rc != 0 - name: Add Docker repository ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present filename: docker when: docker_installed.rc != 0 - name: Install Docker packages ansible.builtin.apt: name: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin state: present update_cache: true when: docker_installed.rc != 0 - name: Start and enable Docker ansible.builtin.systemd: name: docker state: started enabled: true # ========================================================================= # NetBird Directory Structure # ========================================================================= - name: Create NetBird directory ansible.builtin.file: path: "{{ netbird_base_dir }}" state: directory mode: "0755" # ========================================================================= # Deploy Configuration Files # ========================================================================= - name: Deploy docker-compose.yml ansible.builtin.template: src: templates/docker-compose.yml.j2 dest: "{{ netbird_base_dir }}/docker-compose.yml" mode: "0644" - name: Deploy Caddyfile (No-SSL mode) ansible.builtin.template: src: templates/Caddyfile-no-ssl.j2 dest: "{{ netbird_base_dir }}/Caddyfile" mode: "0644" - name: Deploy management.json ansible.builtin.template: src: templates/management.json.j2 dest: "{{ netbird_base_dir }}/management.json" mode: "0644" - name: Deploy dashboard.env ansible.builtin.template: src: templates/dashboard.env.j2 dest: "{{ netbird_base_dir }}/dashboard.env" mode: "0640" - name: Deploy relay.env ansible.builtin.template: src: templates/relay.env.j2 dest: "{{ netbird_base_dir }}/relay.env" mode: "0640" - name: Deploy turnserver.conf ansible.builtin.template: src: templates/turnserver.conf.j2 dest: "{{ netbird_base_dir }}/turnserver.conf" mode: "0644" # ========================================================================= # Firewall (UFW) # ========================================================================= - name: Install UFW ansible.builtin.apt: name: ufw state: present - name: Allow SSH community.general.ufw: rule: allow port: "22" proto: tcp - name: Allow HTTP community.general.ufw: rule: allow port: "80" proto: tcp - name: Allow TURN UDP community.general.ufw: rule: allow port: "3478" proto: udp - name: Allow TURN TCP community.general.ufw: rule: allow port: "3478" proto: tcp - name: Enable UFW community.general.ufw: state: enabled policy: deny # ========================================================================= # Start Services # ========================================================================= - name: Pull Docker images ansible.builtin.command: cmd: docker compose pull chdir: "{{ netbird_base_dir }}" changed_when: true - name: Start NetBird services ansible.builtin.command: cmd: docker compose up -d chdir: "{{ netbird_base_dir }}" changed_when: true # ========================================================================= # Wait for Services # ========================================================================= - name: Wait for Management API to be available ansible.builtin.uri: url: "http://{{ netbird_domain }}/api/users" method: GET status_code: [200, 401, 403] register: api_check until: api_check.status in [200, 401, 403] retries: 30 delay: 10 # ========================================================================= # Display Summary # ========================================================================= - name: Display deployment status ansible.builtin.debug: msg: | ============================================ NetBird v1.6 Deployed Successfully! (No-SSL) ============================================ WARNING: Running in HTTP mode - traffic is unencrypted! Only use on isolated/air-gapped networks. Dashboard: http://{{ netbird_domain }} Initial Setup: 1. Access the dashboard by IP 2. Create your first user (admin) 3. Generate setup keys for battalions Connect peers with: netbird up --management-url http://{{ netbird_domain }} --setup-key View logs: ssh root@{{ ansible_host }} "cd {{ netbird_base_dir }} && docker compose logs -f" ============================================