services.netbird.server.management.settings

Configuration of the netbird management server. Options containing secret data should be set to an attribute set containing the attribute _secret

• a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting management.json file, the DataStoreEncryptionKey key will be set to the contents of the /run/agenix/netbird_mgmt-data_store_encryption_key file.

Type

JSON value

Default

defaultSettings = {
  Stuns = [
    {
      Proto = "udp";
      URI = "stun:${cfg.turnDomain}:3478";
      Username = "";
      Password = null;
    }
  ];

  TURNConfig = {
    Turns = [
      {
        Proto = "udp";
        URI = "turn:${cfg.turnDomain}:3478";
        Username = "netbird";
        Password = "netbird";
      }
    ];

    CredentialsTTL = "12h";
    Secret = "not-secure-secret";
    TimeBasedCredentials = false;
  };

  Signal = {
    Proto = "https";
    URI = "${cfg.domain}:443";
    Username = "";
    Password = null;
  };

  ReverseProxy = {
    TrustedHTTPProxies = [ ];
    TrustedHTTPProxiesCount = 0;
    TrustedPeers = [ "0.0.0.0/0" ];
  };

  Datadir = "${stateDir}/data";
  DataStoreEncryptionKey = "genEVP6j/Yp2EeVujm0zgqXrRos29dQkpvX0hHdEUlQ=";
  StoreConfig = { Engine = "sqlite"; };

  HttpConfig = {
    Address = "127.0.0.1:${toString cfg.port}";
    IdpSignKeyRefreshEnabled = true;
    OIDCConfigEndpoint = cfg.oidcConfigEndpoint;
  };

  IdpManagerConfig = {
    ManagerType = "none";
    ClientConfig = {
      Issuer = "";
      TokenEndpoint = "";
      ClientID = "netbird";
      ClientSecret = "";
      GrantType = "client_credentials";
    };

    ExtraConfig = { };
    Auth0ClientCredentials = null;
    AzureClientCredentials = null;
    KeycloakClientCredentials = null;
    ZitadelClientCredentials = null;
  };

  DeviceAuthorizationFlow = {
    Provider = "none";
    ProviderConfig = {
      Audience = "netbird";
      Domain = null;
      ClientID = "netbird";
      TokenEndpoint = null;
      DeviceAuthEndpoint = "";
      Scope = "openid profile email offline_access api";
      UseIDToken = false;
    };
  };

  PKCEAuthorizationFlow = {
    ProviderConfig = {
      Audience = "netbird";
      ClientID = "netbird";
      ClientSecret = "";
      AuthorizationEndpoint = "";
      TokenEndpoint = "";
      Scope = "openid profile email offline_access api";
      RedirectURLs = "http://localhost:53000";
      UseIDToken = false;
    };
  };
};

Example

{
  DataStoreEncryptionKey = {
    _secret = "/run/agenix/netbird_mgmt-data_store_encryption_key";
  };
}

Declared

<nixpkgs/nixos/modules/services/networking/netbird/management.nix>