infrastructure/machines/storage01/netbird/default.nix
Tom Hubrecht b07e0294aa
All checks were successful
build configuration / build_web02 (push) Successful in 58s
build configuration / build_vault01 (push) Successful in 1m0s
build configuration / build_compute01 (push) Successful in 1m7s
build configuration / build_storage01 (push) Successful in 1m12s
lint / check (push) Successful in 19s
build configuration / build_web01 (push) Successful in 1m23s
feat(netbird): Switch back to sub for ids
2024-02-20 09:44:46 +01:00

47 lines
1.2 KiB
Nix

{ config, ... }:
let
domain = "netbird.dgnum.eu";
in
{
imports = [ ./module.nix ];
services.netbird-server = {
enable = true;
logLevel = "DEBUG";
enableDeviceAuthorizationFlow = false;
enableNginx = true;
enableCoturn = true;
setupAutoOidc = true;
management.dnsDomain = "dgnum";
secretFiles.AUTH_CLIENT_SECRET = config.age.secrets."netbird-auth_client_secret_file".path;
settings = {
NETBIRD_DOMAIN = domain;
TURN_PASSWORD = "tototest1234";
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/netbird_dgn/.well-known/openid-configuration";
NETBIRD_AUTH_PKCE_USE_ID_TOKEN = true;
NETBIRD_AUTH_AUDIENCE = "netbird_dgn";
NETBIRD_AUTH_CLIENT_ID = "netbird_dgn";
NETBIRD_AUTH_USER_ID_CLAIM = "sub";
# Updates the preference to use id tokens instead of access token on dashboard
# Okta and Gitlab IDPs can benefit from this
NETBIRD_TOKEN_SOURCE = "idToken";
# NETBIRD_AUTH_PKCE_REDIRECT_URLS = builtins.map (p: "http://localhost:${p}") [
# "53000"
# "54000"
# ];
NETBIRD_STORE_CONFIG_ENGINE = "sqlite";
};
};
# age-secrets.autoMatch = [ "netbird" ];
}