# netbird-claude-install.ps1 # Установка Netbird на Windows + регистрация в tenant netbird.io (группа Claude-Diag) # + включение RDP и WinRM для удалённой диагностики через Netbird-интерфейс. # # Запуск: PowerShell от администратора # iwr -useb https://git.dttb.ru/oleg/knowledge-base/raw/branch/main/snippets/netbird-claude-install.ps1 | iex # Или скачать и выполнить локально: # powershell -ExecutionPolicy Bypass -File .\netbird-claude-install.ps1 # # Идемпотентно: можно запускать повторно. $ErrorActionPreference = "Stop" # ===== Параметры ===== $SETUP_KEY = "83301E74-6F86-4CBD-AF77-0C65730103CA" # Claude-Diag, истекает 2026-05-21 $NETBIRD_CIDR = "100.70.0.0/16" # адресное пространство tenant'а $NETBIRD_EXE = "C:\Program Files\Netbird\netbird.exe" # ===== 1. Проверка прав ===== $isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-not $isAdmin) { Write-Error "Нужен PowerShell от администратора." exit 1 } Write-Host "=== Netbird Claude-Diag setup ===" -ForegroundColor Cyan # ===== 2. Установка Netbird ===== if (-not (Test-Path $NETBIRD_EXE)) { Write-Host "[1/5] Скачиваю Netbird MSI..." $msi = "$env:TEMP\netbird.msi" Invoke-WebRequest -UseBasicParsing -Uri "https://pkgs.netbird.io/windows/x64" -OutFile $msi Write-Host "[2/5] Устанавливаю (silent)..." Start-Process msiexec.exe -ArgumentList "/i `"$msi`" /qn" -Wait Start-Sleep 5 } else { Write-Host "[1-2/5] Netbird уже установлен: $NETBIRD_EXE" } # ===== 3. Регистрация ===== Write-Host "[3/5] Регистрация в tenant с Claude-Diag ключом..." & $NETBIRD_EXE up --setup-key $SETUP_KEY Start-Sleep 3 # ===== 4. RDP ===== Write-Host "[4/5] Включаю RDP..." Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -ErrorAction SilentlyContinue # ===== 5. WinRM + firewall только для Netbird-подсети ===== Write-Host "[5/5] Включаю WinRM и правила firewall для $NETBIRD_CIDR..." try { Enable-PSRemoting -Force -SkipNetworkProfileCheck | Out-Null } catch { winrm quickconfig -force -q | Out-Null } Set-Item WSMan:\localhost\Service\Auth\Basic -Value $true -Force Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $true -Force $rules = @( @{Name = "Claude-Diag-RDP"; Port = 3389}, @{Name = "Claude-Diag-WinRM-HTTP"; Port = 5985}, @{Name = "Claude-Diag-WinRM-HTTPS";Port = 5986} ) foreach ($r in $rules) { Get-NetFirewallRule -DisplayName $r.Name -ErrorAction SilentlyContinue | Remove-NetFirewallRule New-NetFirewallRule -DisplayName $r.Name ` -Direction Inbound -Protocol TCP -LocalPort $r.Port ` -RemoteAddress $NETBIRD_CIDR -Action Allow | Out-Null } # ===== Итог ===== Write-Host "" Write-Host "=== Статус ===" -ForegroundColor Green & $NETBIRD_EXE status $nbIp = (Get-NetIPAddress -AddressFamily IPv4 -ErrorAction SilentlyContinue | Where-Object {$_.IPAddress -like "100.70.*"} | Select-Object -First 1).IPAddress Write-Host "" Write-Host "=== Данные для Claude ===" -ForegroundColor Yellow Write-Host "Netbird IP : $nbIp" Write-Host "Hostname : $env:COMPUTERNAME" Write-Host "User : $env:USERNAME" Write-Host "RDP : mstsc /v:$nbIp (логин $env:USERNAME)" Write-Host "WinRM : 5985/tcp (HTTP), 5986/tcp (HTTPS) — доступны с 100.70.0.0/16" Write-Host "" Write-Host "Пришли Claude: IP $nbIp + пароль пользователя $env:USERNAME"