MyNixOS website logo
MyNixOS website logo
Flakes
Categories
Options
Packages
option

services.netbird.server.management.settings

Configuration of the netbird management server. Options containing secret data should be set to an attribute set containing the attribute _secret

  • a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting management.json file, the DataStoreEncryptionKey key will be set to the contents of the /run/agenix/netbird_mgmt-data_store_encryption_key file.
Declarations
nixos/modules/services/networking/netbird/management.nix
Type
JSON value
Default
defaultSettings = {
  Stuns = [
    {
      Proto = "udp";
      URI = "stun:${cfg.turnDomain}:3478";
      Username = "";
      Password = null;
    }
  ];

  TURNConfig = {
    Turns = [
      {
        Proto = "udp";
        URI = "turn:${cfg.turnDomain}:3478";
        Username = "netbird";
        Password = "netbird";
      }
    ];

    CredentialsTTL = "12h";
    Secret = "not-secure-secret";
    TimeBasedCredentials = false;
  };

  Signal = {
    Proto = "https";
    URI = "${cfg.domain}:443";
    Username = "";
    Password = null;
  };

  ReverseProxy = {
    TrustedHTTPProxies = [ ];
    TrustedHTTPProxiesCount = 0;
    TrustedPeers = [ "0.0.0.0/0" ];
  };

  Datadir = "${stateDir}/data";
  DataStoreEncryptionKey = "genEVP6j/Yp2EeVujm0zgqXrRos29dQkpvX0hHdEUlQ=";
  StoreConfig = { Engine = "sqlite"; };

  HttpConfig = {
    Address = "127.0.0.1:${builtins.toString cfg.port}";
    IdpSignKeyRefreshEnabled = true;
    OIDCConfigEndpoint = cfg.oidcConfigEndpoint;
  };

  IdpManagerConfig = {
    ManagerType = "none";
    ClientConfig = {
      Issuer = "";
      TokenEndpoint = "";
      ClientID = "netbird";
      ClientSecret = "";
      GrantType = "client_credentials";
    };

    ExtraConfig = { };
    Auth0ClientCredentials = null;
    AzureClientCredentials = null;
    KeycloakClientCredentials = null;
    ZitadelClientCredentials = null;
  };

  DeviceAuthorizationFlow = {
    Provider = "none";
    ProviderConfig = {
      Audience = "netbird";
      Domain = null;
      ClientID = "netbird";
      TokenEndpoint = null;
      DeviceAuthEndpoint = "";
      Scope = "openid profile email offline_access api";
      UseIDToken = false;
    };
  };

  PKCEAuthorizationFlow = {
    ProviderConfig = {
      Audience = "netbird";
      ClientID = "netbird";
      ClientSecret = "";
      AuthorizationEndpoint = "";
      TokenEndpoint = "";
      Scope = "openid profile email offline_access api";
      RedirectURLs = "http://localhost:53000";
      UseIDToken = false;
    };
  };
};
Example
{
  DataStoreEncryptionKey = {
    _secret = "/run/agenix/netbird_mgmt-data_store_encryption_key";
  };
}