patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: netbird working

Browse source
This commit is contained in:
Patrick 2024-03-24 21:06:11 +01:00
parent 03e0b54183
commit e9dcc564f0
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
8 changed files with 47 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/elisabeth/guests.nix
View file

@ -103,6 +103,8 @@ in {
}; };
extraConfig = '' extraConfig = ''
client_max_body_size 500M ; client_max_body_size 500M ;
client_header_timeout 1d;
client_body_timeout 1d;
''; '';
}; };
} }

BIN
hosts/elisabeth/secrets/kanidm/secrets.nix.age
View file

Binary file not shown.

BIN
hosts/elisabeth/secrets/netbird/generated/dhparams.pem.age Normal file
View file

Binary file not shown.

5
hosts/patricknix/default.nix
View file

@ -40,8 +40,10 @@
}; };
hidpi = true; hidpi = true;
services.xserver = { services.xserver = {
xkb = {
layout = "de"; layout = "de";
xkbVariant = "bone"; variant = "bone";
};
libinput = { libinput = {
touchpad = lib.mkForce { touchpad = lib.mkForce {
accelSpeed = "0.5"; accelSpeed = "0.5";
@ -54,4 +56,5 @@
nixpkgs.config.permittedInsecurePackages = lib.trace "remove when possible" [ nixpkgs.config.permittedInsecurePackages = lib.trace "remove when possible" [
"nix-2.16.2" "nix-2.16.2"
]; ];
services.netbird.enable = true;
} }

6
hosts/patricknix/net.nix
View file

@ -35,7 +35,7 @@
systemd.network.networks = { systemd.network.networks = {
"01-lan1" = { "01-lan1" = {
DHCP = "yes"; DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.lan1.mac; matchConfig.MACAddress = config.secrets.secrets.local.networking.lan01.mac;
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
MulticastDNS = true; MulticastDNS = true;
@ -46,7 +46,7 @@
}; };
"02-lan1" = { "02-lan1" = {
DHCP = "yes"; DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.lan2.mac; matchConfig.MACAddress = config.secrets.secrets.local.networking.lan02.mac;
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
MulticastDNS = true; MulticastDNS = true;
@ -57,7 +57,7 @@
}; };
"01-wlan1" = { "01-wlan1" = {
DHCP = "yes"; DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan1.mac; matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan01.mac;
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
MulticastDNS = true; MulticastDNS = true;

12
modules/netbird-dashboard.nix
View file

@ -55,8 +55,8 @@ in {
USE_AUTH0 = false; #${USE_AUTH0:-true} USE_AUTH0 = false; #${USE_AUTH0:-true}
AUTH_SUPPORTED_SCOPES = "openid profile email"; #${AUTH_SUPPORTED_SCOPES:-openid profile email api offline_access email_verified} AUTH_SUPPORTED_SCOPES = "openid profile email"; #${AUTH_SUPPORTED_SCOPES:-openid profile email api offline_access email_verified}
NETBIRD_MGMT_API_ENDPOINT = config.services.netbird-server.domain; #$(echo $NETBIRD_MGMT_API_ENDPOINT | sed -E 's/(:80|:443)$//') NETBIRD_MGMT_API_ENDPOINT = "https://${config.services.netbird-server.domain}"; #$(echo $NETBIRD_MGMT_API_ENDPOINT | sed -E 's/(:80|:443)$//')
NETBIRD_MGMT_GRPC_API_ENDPOINT = config.services.netbird-server.domain; #${NETBIRD_MGMT_GRPC_API_ENDPOINT} NETBIRD_MGMT_GRPC_API_ENDPOINT = "https://${config.services.netbird-server.domain}"; #${NETBIRD_MGMT_GRPC_API_ENDPOINT}
#NETBIRD_HOTJAR_TRACK_ID=${NETBIRD_HOTJAR_TRACK_ID} #NETBIRD_HOTJAR_TRACK_ID=${NETBIRD_HOTJAR_TRACK_ID}
#NETBIRD_GOOGLE_ANALYTICS_ID=${NETBIRD_GOOGLE_ANALYTICS_ID} #NETBIRD_GOOGLE_ANALYTICS_ID=${NETBIRD_GOOGLE_ANALYTICS_ID}
NETBIRD_TOKEN_SOURCE = "idToken"; NETBIRD_TOKEN_SOURCE = "idToken";
@ -97,9 +97,15 @@ in {
locations = { locations = {
"/" = { "/" = {
root = "${deriv}/"; root = "${deriv}/";
tryFiles = "$uri /index.html"; tryFiles = "$uri $uri.html $uri/ =404";
}; };
}; };
extraConfig = ''
error_page 404 /404.html;
location = /404.html {
internal;
}
'';
}; };
}; };
}; };

5
modules/netbird-server.nix
View file

@ -117,10 +117,11 @@ in {
}; };
HttpConfig = { HttpConfig = {
Address = "0.0.0.0:${toString cfg.port}"; Address = "0.0.0.0:${toString cfg.port}";
AuthAudience = "netbird";
#"AuthIssuer" = "$NETBIRD_AUTH_AUTHORITY"; #"AuthIssuer" = "$NETBIRD_AUTH_AUTHORITY";
#"AuthAudience" = "$NETBIRD_AUTH_AUDIENCE"; #"AuthAudience" = "$NETBIRD_AUTH_AUDIENCE";
#"AuthKeysLocation" = "$NETBIRD_AUTH_JWT_CERTS"; #"AuthKeysLocation" = "$NETBIRD_AUTH_JWT_CERTS";
AuthUserIDClaim = "sub"; AuthUserIDClaim = "preferred_username";
#"CertFile" = "$NETBIRD_MGMT_API_CERT_FILE"; #"CertFile" = "$NETBIRD_MGMT_API_CERT_FILE";
#"CertKey" = "$NETBIRD_MGMT_API_CERT_KEY_FILE"; #"CertKey" = "$NETBIRD_MGMT_API_CERT_KEY_FILE";
#"IdpSignKeyRefreshEnabled" = "$NETBIRD_MGMT_IDP_SIGNKEY_REFRESH"; #"IdpSignKeyRefreshEnabled" = "$NETBIRD_MGMT_IDP_SIGNKEY_REFRESH";
@ -229,7 +230,7 @@ in {
} \ } \
--idp-sign-key-refresh-enabled \ --idp-sign-key-refresh-enabled \
--port ${builtins.toString cfg.port} \ --port ${builtins.toString cfg.port} \
--log-file consolef --log-file console
''; '';
# TODO add extraCOmmandLine option # TODO add extraCOmmandLine option
Restart = "always"; Restart = "always";

40
modules/services/netbird.nix
View file

@ -25,31 +25,41 @@
# TODO remove # TODO remove
oidcConfigEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/.well-known/openid-configuration"; oidcConfigEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/.well-known/openid-configuration";
singleAccountModeDomain = "netbird.patrick"; singleAccountModeDomain = "netbird.patrick";
# todo disabel metrics
settings = { settings = {
HttpConfig = { HttpConfig = {
AuthIssuer = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird"; #AuthIssuer = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";
AuthKeysLocation = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/public_key.jwk"; #AuthKeysLocation = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/public_key.jwk";
AuthAudience = "netbird";
}; };
# Seems to be only useful for idp that netbird supports # Seems to be only useful for idp that netbird supports
IdpManagerConfig.ClientConfig = { IdpManagerConfig.ClientConfig = {
Issuer = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird"; #Issuer = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";
TokenEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/token"; #TokenEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/token";
};
DeviceAuthorizationFlow = {
Provider = "none";
ProviderConfig = {
AuthorizationEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/ui/oauth2/";
ClientID = "netbird";
#ClientSecret = "";
TokenEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/token";
#RedirectURLs = ["http://localhost:53000"];
};
}; };
#DeviceAuthorizationFlow = {
# Provider = "none";
# ProviderConfig = {
# AuthorizationEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/ui/oauth2/";
# ClientID = "netbird";
# #ClientSecret = "";
# TokenEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/token";
# #RedirectURLs = ["http://localhost:53000"];
# };
#};
PKCEAuthorizationFlow.ProviderConfig = { PKCEAuthorizationFlow.ProviderConfig = {
AuthorizationEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/ui/oauth2/"; #AuthorizationEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/ui/oauth2/";
}; };
}; };
}; };
environment.persistence."/persist".directories = [
{
directory = "/var/lib/netbird-mgmt";
mode = "440";
user = "netbird";
}
];
services.nginx.recommendedSetup = true;
services.coturn = { services.coturn = {
enable = true; enable = true;