Skip to content

feat: Add Netbird VPN support and fix Tailscale auto-connect#43

Open
zgv163 wants to merge 2 commits intoopenclaw:mainfrom
zgv163:feature/vpn-provider-netbird-support
Open

feat: Add Netbird VPN support and fix Tailscale auto-connect#43
zgv163 wants to merge 2 commits intoopenclaw:mainfrom
zgv163:feature/vpn-provider-netbird-support

Conversation

@zgv163
Copy link

@zgv163 zgv163 commented Mar 13, 2026

Summary

  • Add Netbird VPN as an alternative to Tailscale, selectable via vpn_provider variable ("tailscale", "netbird", or "")
  • Fix Tailscale auto-connect — the tailscale_authkey variable was defined and documented but never used in any task. Now it auto-connects with no_log: true for credential protection
  • Add Netbird auto-connect with setup key and optional netbird_management_url for self-hosted instances
  • Convert sudoers to Jinja2 template with conditional VPN permissions based on provider

Changes

New files

  • roles/openclaw/tasks/netbird-linux.yml — Netbird installation, service setup, auto-connect
  • roles/openclaw/templates/sudoers-openclaw.j2 — Templated sudoers with conditional VPN perms

Modified files

  • roles/openclaw/defaults/main.yml — New vpn_provider, netbird_setup_key, netbird_management_url variables
  • roles/openclaw/tasks/main.yml — VPN provider routing
  • roles/openclaw/tasks/tailscale-linux.yml — Added auto-connect task
  • roles/openclaw/tasks/firewall-linux.yml — Added Netbird UDP 51820 rule
  • roles/openclaw/tasks/user.yml — Switched from inline copy to template
  • Templates, playbooks, inventory sample, and all docs updated

Test plan

  • YAML syntax validation (all files pass)
  • ansible-playbook --syntax-check passes
  • E2E tested on Ubuntu 24.04 server with self-hosted Netbird
  • Netbird auto-connect with setup key verified (connected, 2/3 peers)
  • Sudoers template renders correctly (Netbird commands present, no Tailscale)
  • UFW firewall rule for 51820/udp added
  • Existing Docker tests unaffected (vpn_provider defaults to "")

@zgv163
feat: Add Netbird VPN support and fix Tailscale auto-connect
a538f63 
Replace tailscale_enabled with vpn_provider variable supporting
"tailscale", "netbird", or "" (disabled). Add Netbird installation
tasks with auto-connect via setup key and optional self-hosted
management URL. Fix the unused tailscale_authkey by implementing
the auto-connect task with no_log for credential protection.

Convert inline sudoers to a Jinja2 template with conditional VPN
permissions based on the selected provider.
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 13, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a538f634d3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@zgv163
fix: Install gnupg and curl before Netbird GPG key import
3d1bbf0 
On minimal Debian/Ubuntu hosts, gnupg is not preinstalled. The Netbird
setup pipes the signing key through gpg --dearmor, which fails without
it. Add a prerequisite package install step matching the Docker task
pattern.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zgv163