patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity
nix-config/config/services/netbird.nix

76 lines
2.1 KiB
Nix
Raw Blame History

{
config,
lib,
...
}: {
wireguard.elisabeth = {
client.via = "elisabeth";
firewallRuleForNode.elisabeth.allowedTCPPorts = [80 3000 3001];
};
age.secrets.coturnPassword = {
generator.script = "alnum";
group = "netbird";
};
age.secrets.coturnSecret = {
generator.script = "alnum";
owner = "turnserver";
};
age.secrets.dataEnc = {
generator.script = {pkgs, ...}: ''
${lib.getExe pkgs.openssl} rand -base64 32
'';
group = "netbird";
};
networking.firewall.allowedTCPPorts = [80 3000 3001];
networking.firewall.allowedUDPPorts = [3478];
services.netbird = {
server = {
enable = true;
domain = "netbird.${config.secrets.secrets.global.domains.web}";
dashboard = {
enableNginx = true;
settings = {
AUTH_AUTHORITY = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";
};
};
coturn = {
enable = true;
passwordFile = config.age.secrets.coturnPassword.path;
};
management = {
port = 3000;
dnsDomain = "internal.${config.secrets.secrets.global.domains.web}";
singleAccountModeDomain = "netbird.patrick";
oidcConfigEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/.well-known/openid-configuration";
settings = {
TURNConfig = {
Secret._secret = config.age.secrets.coturnSecret.path;
};
HttpConfig = {
# This is not possible
# failed validating JWT token sent from peer y1ParZkbzVMQGeU/KMycYl75v90i2O6EwgO1YQZnSFs= with error rpc error: code = Internal desc = unable to fetch account with claims, err: user ID is empty
#AuthUserIDClaim = "preferred_username";
AuthAudience = "netbird";
};
DataStoreEncryptionKey._secret = config.age.secrets.dataEnc.path;
};
};
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/netbird-mgmt";
mode = "440";
user = "netbird";
}
];
}
Reference in a new issue View git blame Copy permalink