fix(netbird): add systemd ordering to start after Docker (#11716)

When Docker is installed in the same LXC, Docker sets the FORWARD chain policy to DROP on startup. If Netbird starts before Docker finishes initializing its iptables rules, Docker overrides the Netbird routing rules, causing traffic routing to fail despite the tunnel being up. Add a systemd drop-in override that ensures netbird.service starts after docker.service (only if Docker is installed). This prevents the race condition and ensures correct iptables ordering after reboot. Closes #11354
2026-02-13 08:43:25 +01:00 · 2026-02-09 14:11:07 +01:00
parent d21df736fd
commit c2cb89ddc5
1 changed files with 9 additions and 0 deletions
--- a/tools/addon/add-netbird-lxc.sh
+++ b/tools/addon/add-netbird-lxc.sh
@@ -84,6 +84,15 @@ curl -fsSL "https://pkgs.netbird.io/debian/public.key" | gpg --dearmor >/usr/sha
 echo "deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main" >/etc/apt/sources.list.d/netbird.list
 apt-get update &>/dev/null
 apt-get install -y netbird-ui &>/dev/null
+if systemctl list-unit-files docker.service &>/dev/null; then
+  mkdir -p /etc/systemd/system/netbird.service.d
+  cat <<OVERRIDE >/etc/systemd/system/netbird.service.d/after-docker.conf
+[Unit]
+After=docker.service
+Wants=docker.service
+OVERRIDE
+  systemctl daemon-reload
+fi
 '
 msg "\e[1;32m ✔ Installed NetBird.\e[0m"
 sleep 2