NetBird is a WireGuard-based mesh VPN. Every device you want to access the home or farm LAN from joins a peer-to-peer mesh. Once connected:

• Clean URLs: https://immich.edmd.me, https://portainer.edmd.me, etc.
• Real HTTPS (wildcard *.edmd.me cert from Let’s Encrypt)
• Works from anywhere — home wifi, LTE, hotel, anywhere
• No split-tunnel issues: the mesh only routes mesh-specific traffic

Laptop (anywhere) → WireGuard → [P2P direct OR relayed]
    ↓
  hpve peer (Proxmox at 192.168.8.221)
    ↓ (LAN)
  CT103 Caddy (192.168.8.54)
    ↓ (wildcard HTTPS + reverse proxy)
  Services on CT100 (192.168.8.100), CT101, etc.

The magic: DNS for *.edmd.me resolves to 192.168.8.54 (CT103). Your device reaches 192.168.8.54 through the NetBird mesh. Caddy on CT103 looks at the Host header and proxies to the right backend.

8 peers as of May 2026 (verified against netbird.list_peers):

Because hpve and fpve are subnet routers, any peer with the right route enabled reaches both LANs through them — you don’t need a peer on each LAN, just the mesh.

Add more peers in the NetBird dashboard. For details on per-peer setup, group membership, and routing, see NetBird Reference.

1. Install the NetBird client — netbird.io/download for Mac/Windows/Linux, App Store for iOS/Android
2. Sign in with the same account that owns the existing peers
3. On the laptop: netbird up (Mac/Linux) or click Connect in the tray app
4. Verify: curl -s https://hub.edmd.me/ | head — should return Bee Hub HTML

That’s it. DNS, routing, and certs are all automatic — Pi-hole serves the right addresses, Caddy serves the right certs.

Once connected, use any of the 41 HTTPS URLs at *.edmd.me:

Media & Arr: plex · calibre · lidarr · sonarr · radarr · prowlarr · bookshelf · audiobookshelf · navidrome · kiwix

Automation & Monitoring: n8n · kuma · gotify · grafana · prometheus · dozzle

Reading & Content: freshrss · wallabag · immich · shelfmark · aurral

Utilities: homepage · convertx · flaresolverr

Infrastructure Admin: portainer · proxmox · cockpit · pihole

This site: hub

See the Caddy page for the full catalog with aliases.

1. Install the NetBird app from App Store or Play Store
2. Sign in with your NetBird account
3. Tap Connect

Same URLs work from mobile. For Navidrome in Subsonic-compatible music apps (Amperfy, play:Sub, iSub):

NetBird advertises LAN routes (192.168.8.0/24) to peers. Unlike Pangolin, this works transparently whether you’re at home or not — packets to the LAN stay on the LAN when possible, and tunnel through when remote.

You can leave NetBird connected all the time on your laptop, phone, iPad. It won’t interfere with local networking.

To force P2P (avoid relays): enable IPv6 on both ends, or port forward UDP 51820 on the home router to Proxmox.