infrastructure/machines/storage01/netbird/default.nix

{ config, ... }:

let
  domain = "netbird.dgnum.eu";
in
{
  imports = [ ./module.nix ];

  services.netbird-server = {
    enable = true;

    logLevel = "DEBUG";
    enableDeviceAuthorizationFlow = false;
    enableNginx = true;
    enableCoturn = true;
    setupAutoOidc = true;

    management.dnsDomain = "dgnum";

    secretFiles.AUTH_CLIENT_SECRET = config.age.secrets."netbird-auth_client_secret_file".path;

    settings = {
      NETBIRD_DOMAIN = domain;

      TURN_PASSWORD = "tototest1234";

      NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/netbird_dgn/.well-known/openid-configuration";
      NETBIRD_AUTH_PKCE_USE_ID_TOKEN = true;

      NETBIRD_AUTH_AUDIENCE = "netbird_dgn";
      NETBIRD_AUTH_CLIENT_ID = "netbird_dgn";
      NETBIRD_AUTH_USER_ID_CLAIM = "preferred_username";
      # Updates the preference to use id tokens instead of access token on dashboard
      # Okta and Gitlab IDPs can benefit from this
      NETBIRD_TOKEN_SOURCE = "idToken";

      # NETBIRD_AUTH_PKCE_REDIRECT_URLS = builtins.map (p: "http://localhost:${p}") [
      #   "53000"
      #   "54000"
      # ];

      NETBIRD_STORE_CONFIG_ENGINE = "sqlite";
    };
  };

  # age-secrets.matches."^netbird-.*$" = { owner = "netbird"; };
}
feat(netbird): Deploy management server on storage01 2023-12-03 22:13:30 +01:00			`{ config, ... }:`

			`let`
			`domain = "netbird.dgnum.eu";`
			`in`
			`{`
			`imports = [ ./module.nix ];`

			`services.netbird-server = {`
			`enable = true;`

			`logLevel = "DEBUG";`
			`enableDeviceAuthorizationFlow = false;`
			`enableNginx = true;`
feat(storage01/netbird): Enable coturn 2024-01-23 16:22:23 +01:00			`enableCoturn = true;`
feat(netbird): Deploy management server on storage01 2023-12-03 22:13:30 +01:00			`setupAutoOidc = true;`

			`management.dnsDomain = "dgnum";`

			`secretFiles.AUTH_CLIENT_SECRET = config.age.secrets."netbird-auth_client_secret_file".path;`

			`settings = {`
			`NETBIRD_DOMAIN = domain;`

			`TURN_PASSWORD = "tototest1234";`

			`NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/netbird_dgn/.well-known/openid-configuration";`
			`NETBIRD_AUTH_PKCE_USE_ID_TOKEN = true;`

			`NETBIRD_AUTH_AUDIENCE = "netbird_dgn";`
			`NETBIRD_AUTH_CLIENT_ID = "netbird_dgn";`
feat(netbird): Use preferred_username instead of uuid 2024-01-16 08:56:24 +01:00			`NETBIRD_AUTH_USER_ID_CLAIM = "preferred_username";`
feat(netbird): Deploy management server on storage01 2023-12-03 22:13:30 +01:00			`# Updates the preference to use id tokens instead of access token on dashboard`
			`# Okta and Gitlab IDPs can benefit from this`
			`NETBIRD_TOKEN_SOURCE = "idToken";`

			`# NETBIRD_AUTH_PKCE_REDIRECT_URLS = builtins.map (p: "http://localhost:${p}") [`
			`# "53000"`
			`# "54000"`
			`# ];`

			`NETBIRD_STORE_CONFIG_ENGINE = "sqlite";`
			`};`
			`};`

feat(modules): Replace dgn-secrets by age-secrets 2024-01-09 14:48:33 +01:00			`# age-secrets.matches."^netbird-.*$" = { owner = "netbird"; };`
feat(netbird): Deploy management server on storage01 2023-12-03 22:13:30 +01:00			`}`