nix-config/config/services/netbird.nix

{
  config,
  lib,
  ...
}: {
  wireguard.elisabeth = {
    client.via = "elisabeth";
    firewallRuleForNode.elisabeth.allowedTCPPorts = [80 3000 3001];
  };

  age.secrets.coturnPassword = {
    generator.script = "alnum";
    group = "netbird";
  };

  age.secrets.coturnSecret = {
    generator.script = "alnum";
    owner = "turnserver";
  };

  age.secrets.dataEnc = {
    generator.script = {pkgs, ...}: ''
      ${lib.getExe pkgs.openssl} rand -base64 32
    '';
    group = "netbird";
  };

  networking.firewall.allowedTCPPorts = [80 3000 3001];
  networking.firewall.allowedUDPPorts = [3478];
  services.netbird = {
    server = {
      enable = true;
      domain = "netbird.${config.secrets.secrets.global.domains.web}";

      dashboard = {
        enableNginx = true;
        settings = {
          AUTH_AUTHORITY = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";
        };
      };

      coturn = {
        enable = true;
        passwordFile = config.age.secrets.coturnPassword.path;
      };

      management = {
        port = 3000;
        dnsDomain = "internal.${config.secrets.secrets.global.domains.web}";
        singleAccountModeDomain = "netbird.patrick";
        oidcConfigEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/.well-known/openid-configuration";
        settings = {
          TURNConfig = {
            Secret._secret = config.age.secrets.coturnSecret.path;
          };
          HttpConfig = {
            # This is not possible
            # failed validating JWT token sent from peer y1ParZkbzVMQGeU/KMycYl75v90i2O6EwgO1YQZnSFs= with error rpc error: code = Internal desc = unable to fetch account with claims, err: user ID is empty
            #AuthUserIDClaim = "preferred_username";
            AuthAudience = "netbird";
          };

          DataStoreEncryptionKey._secret = config.age.secrets.dataEnc.path;
        };
      };
    };
  };
  environment.persistence."/persist".directories = [
    {
      directory = "/var/lib/netbird-mgmt";
      mode = "440";
      user = "netbird";
    }
  ];
}
feat: netbird/firefly upstream 2024-04-24 01:00:57 +02:00			`{`
			`config,`
			`lib,`
			`...`
			`}: {`
WIP: netbird 2024-03-21 20:39:59 +01:00			`wireguard.elisabeth = {`
			`client.via = "elisabeth";`
			`firewallRuleForNode.elisabeth.allowedTCPPorts = [80 3000 3001];`
			`};`

feat: netbird/firefly upstream 2024-04-24 01:00:57 +02:00			`age.secrets.coturnPassword = {`
			`generator.script = "alnum";`
			`group = "netbird";`
			`};`

			`age.secrets.coturnSecret = {`
			`generator.script = "alnum";`
fix: netbird secret and inotify 2024-04-24 15:50:56 +02:00			`owner = "turnserver";`
feat: netbird/firefly upstream 2024-04-24 01:00:57 +02:00			`};`

			`age.secrets.dataEnc = {`
fix: netbird secret and inotify 2024-04-24 15:50:56 +02:00			`generator.script = {pkgs, ...}: ''`
			`${lib.getExe pkgs.openssl} rand -base64 32`
			`'';`
feat: netbird/firefly upstream 2024-04-24 01:00:57 +02:00			`group = "netbird";`
			`};`

WIP: netbird 2024-03-21 20:39:59 +01:00			`networking.firewall.allowedTCPPorts = [80 3000 3001];`
			`networking.firewall.allowedUDPPorts = [3478];`
feat: netbird/firefly upstream 2024-04-24 01:00:57 +02:00			`services.netbird = {`
			`server = {`
			`enable = true;`
			`domain = "netbird.${config.secrets.secrets.global.domains.web}";`

			`dashboard = {`
chore: netbird pull test 2024-05-25 21:12:15 +02:00			`enableNginx = true;`
feat: netbird/firefly upstream 2024-04-24 01:00:57 +02:00			`settings = {`
			`AUTH_AUTHORITY = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";`
			`};`
			`};`

			`coturn = {`
			`enable = true;`
			`passwordFile = config.age.secrets.coturnPassword.path;`
			`};`

			`management = {`
			`port = 3000;`
			`dnsDomain = "internal.${config.secrets.secrets.global.domains.web}";`
			`singleAccountModeDomain = "netbird.patrick";`
			`oidcConfigEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/.well-known/openid-configuration";`
			`settings = {`
			`TURNConfig = {`
			`Secret._secret = config.age.secrets.coturnSecret.path;`
			`};`
fix: netbird 2024-05-26 16:26:36 +02:00			`HttpConfig = {`
			`# This is not possible`
			`# failed validating JWT token sent from peer y1ParZkbzVMQGeU/KMycYl75v90i2O6EwgO1YQZnSFs= with error rpc error: code = Internal desc = unable to fetch account with claims, err: user ID is empty`
			`#AuthUserIDClaim = "preferred_username";`
			`AuthAudience = "netbird";`
			`};`

feat: netbird/firefly upstream 2024-04-24 01:00:57 +02:00			`DataStoreEncryptionKey._secret = config.age.secrets.dataEnc.path;`
			`};`
			`};`
WIP: netbird 2024-03-21 20:39:59 +01:00			`};`
			`};`
feat: netbird working 2024-03-24 21:06:11 +01:00			`environment.persistence."/persist".directories = [`
			`{`
			`directory = "/var/lib/netbird-mgmt";`
			`mode = "440";`
			`user = "netbird";`
			`}`
			`];`
WIP: netbird 2024-03-21 20:39:59 +01:00			`}`