{ config, ... }: let domain = "netbird.dgnum.eu"; in { imports = [ ./module.nix ]; services.netbird-server = { enable = true; logLevel = "DEBUG"; enableDeviceAuthorizationFlow = false; enableNginx = true; enableCoturn = true; setupAutoOidc = true; management.dnsDomain = "dgnum"; secretFiles.AUTH_CLIENT_SECRET = config.age.secrets."netbird-auth_client_secret_file".path; settings = { NETBIRD_DOMAIN = domain; TURN_PASSWORD = "tototest1234"; NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/netbird_dgn/.well-known/openid-configuration"; NETBIRD_AUTH_PKCE_USE_ID_TOKEN = true; NETBIRD_AUTH_AUDIENCE = "netbird_dgn"; NETBIRD_AUTH_CLIENT_ID = "netbird_dgn"; NETBIRD_AUTH_USER_ID_CLAIM = "preferred_username"; # Updates the preference to use id tokens instead of access token on dashboard # Okta and Gitlab IDPs can benefit from this NETBIRD_TOKEN_SOURCE = "idToken"; # NETBIRD_AUTH_PKCE_REDIRECT_URLS = builtins.map (p: "http://localhost:${p}") [ # "53000" # "54000" # ]; NETBIRD_STORE_CONFIG_ENGINE = "sqlite"; }; }; # age-secrets.autoMatch = [ "netbird" ]; }