NetBird - FOSS noconf Mesh VPN using Wireguard, alternative to ZeroTier, Tailscale, OmniEdge, Netmaker etc

Starting again, fresh start.
Will update.

@IniBudi said in What's Your Antivirus Recommendation?:

I got a new insight here. I don't recognize that Mac and iOS are better than Windows and Android in terms of malware infection.

Well Mac and iOS are not immune - best approach is AV is still needed - but I think it is fair to say that they are less targeted and more robust.

My 'ha ha ha' comment was not intended as gloating, but scepticism. Hope I did not give the wrong impression.

Testing on a real Cloudron instance (I haven't done this yet -- the packaging is based on docs and the combined container architecture)

I don't know how this is possible - I always need to do multiple builds to get a working package.

I started building from @marcusquinn repo.
I needed to make some changes. Currently app builds and installs but have hit a circular dependency ("Catch-22") regarding authentication.

The Goal: Configure NetBird to use Cloudron's OIDC service as its Identity Provider.

The Problem:

1. Configuration requires Login: To add Cloudron OIDC as an IdP, I need to log in to the NetBird dashboard (or use the API, which requires a token).
2. Initial Login requires Embedded Dex: Since Cloudron OIDC isn't configured yet, I must use the embedded Dex IdP for the first login.
3. Embedded Dex Fails: The embedded IdP is configured strictly according to the "combined server" docs (v0.36+). The dashboard loads, redirects to the embedded auth flow, but fails at the final step:
   • POST /oauth2/token returns 401 Unauthorized .
   • Browser console shows: storage[oidc.login.default] is empty and Token request failed .
   • Logs show no specific server-side error, just the 401.

The Catch-22: I cannot log in (via embedded Dex) to configure the external IdP (Cloudron OIDC). I cannot configure the external IdP via files/env vars to bypass the broken embedded login.

I will try a hack to get past this.

@IniBudi I took Sophos as a personal but multi device plan. Years ago. Seems to have rolled on.

I use Mac and iOS so no viruses there (ha ha ha).
But I need to review.

Don’t generally use android but just got new tablet, so need to review for that.

Great work @marcusquinn

Will try to test it out, been wanting NetBird, currently running it on a separate VPS

I ran into similar issues about routing of traffic when I was packaging Agate+. But I don’t recall the solution (and may not be a solution) - will try to check it out.

I use Sophos, for my Mac desktop and laptop. I probably need to review this so I’m interested in others’ answers.

Works for me (from UK)

Docs could benefit from having girish explanation added, maybe with a nice Escalidraw diagram.
When there is time available (ha!)

My docker registry app has ballooned in size to 333 Gb.

Docs say garbage collector :
/usr/local/bin/gosu cloudron:cloudron /app/code/registry garbage-collect /app/data/config.yml

But that doesn't seem to clean up.
GPT5.1 says that command is outdated and says it should be :
/app/code/registry garbage-collect --delete-untagged /app/data/config.yml

When I run that 'new' style command, disk usage drops to 14Gb.

I don't know which is right, just going by the results.

Can [@]staff please confirm which is right, and update app docs garbage collector section if needed.

I can’t keep up !
Great to see all the innovation, would be nice to have to get on top of stuff before the next generation comes along 🥴

@3246 nice simple approach, good for end-users.

Limited online so have not checked - have you excluded apps which have licence restrictions, no managed service. Forget which, but there are a few.

Weird
I don’t have any of that.

Right now I can't seem to browse to anywhere and it keeps asking for the UI pw for every zite. Missing plugins.

• Strange
  I have been clicking away randomly without any real issues - just sites that seems to have no new content for 5+ years

• ZeroBlog (on original home page) : no new content since December 31, 2019

• I haven't been asked for the password once after initial login

Changing it removes that magic.

My homepage keeps track of where I visited
Not sure of new blog posts as I haven't joined any yet

It's the lifeblood of the Zeronet experience.

But it is so darned ugly !

Will do some more investigating, but back on trying to make Dify work in Cloudron

The original home page is still available as link from my home page - maybe that will provide the blog post stuff ? Will try to check

released v1.0.76

• 'data' folder was not missing - just mapped directly to (i.e. included in /app/data) - but changed to /app/data/data - "clumsy" but more conventional for zeronet maybe

• Tor enabled in / out

I dislike the conventional 0net approach of hosting a default standard home page from another site - confusing to new users in my view - so I made my own home page which is clearer (but can be fleshed out or adapted further if needed), with links to the standard sites included for conventionality.

Highly recommend a new install in new container for testing (and live use) as many small changes. 1 line install :

curl -fsSL https://customappgateway.appx.uk/install.sh | bash -s -- --install-app "zeronet"

@creative567145 thanks for reporting

I should have clarified moltbot is unfinished
And may never be finished as I am packaging openclaw

Apologies if this caused you wasted time

@robi investigating ....

@robi sorry for confusion
"CCAI" as a whole is not gone
Just the original browser-centric version requiring users to put auth creds in my site (yuk!)

CustomAppGateway lives on, to install CCAI-P and individual apps.
https://customgateway.appx.uk

This will live for a while, definitely for a month after 9.1 is released, maybe as long as 3-6 months after 9.1.

pushed a new version v1.0.63

Test site : 191CazMVNaAcT9Y1zhkxd9ixMBPs59g2um

tweaked : v1.0.64

@IniBudi I didn’t make a video as the process is simple, and Cloudron 9.1 will take over soon.

As @humptydumpty (thank you for stepping in) said, the process is guided.

Some important points :

• CCAI original version is dead : site now directs you to CustomAppGateway which is the new start point
• CustomAppGateway gives you choice of installing individual apps from there, or installing CCAI-P which is maybe more useful if installing multiple custom apps
• for individual installations, CustomAppGateway shows a catalogue, pick an item, popup shows a description and a curl one line installation command. Copy that and paste into your desktop/laptop terminal. It will :
  • prompt for your Cloudron, e.g. my.domain.tld
  • prompt for a token (create this in your Cloudron dashboard | Profile | Tokens
  • prompt for app location, eg myapp.mydomain.tld
  • invoke the installation : note that it will likely complete quickly but your Cloudron needs another couple minutes to install the app
• for multiple custom apps, use CustomAppGateway to install CCAI-P : same process as above.
  • you will then have an app in your Cloudron which can install further apps (displays the same catalog as CustomAppGateway but no more curl download links)
  • store your creds in /app/data
  • pick an app and watch installation proceed
  • wait for completion notice.

Note : your auth creds are now always input in your control (your desktop or your own Cloudron environment), never in a 3rd party site.

Let me know if any other questions

@Elephant
away for <1 week, will on return