diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index ae841b7..d650cfb 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -237,6 +237,10 @@ enableNginx = true; settings = { AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + AUTH_CLIENT_ID = "netbird"; + AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api"; + AUTH_AUDIENCE = "netbird"; + USE_AUTH0 = false; }; }; management = { @@ -264,6 +268,76 @@ }; DataStoreEncryptionKey = "770A8A65DA156D24EE2A093277530142"; + + "ReverseProxy" = { + "TrustedHTTPProxies" = [ "192.168.100.11" ]; + "TrustedHTTPProxiesCount" = 1; + }; + + "HttpConfig" = { + "Address" = "0.0.0.0:443"; + "AuthIssuer" = "https://auth.blunkall.us/realms/General"; + "AuthAudience" = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + "AuthKeysLocation" = "https://auth.blunkall.us/realms/General/protocol/openid-connect/certs"; + "AuthUserIDClaim" = ""; + "CertFile" = ""; + "CertKey" = ""; + "IdpSignKeyRefreshEnabled" = false; + "OIDCConfigEndpoint" = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + }; + + "DeviceAuthorizationFlow" = { + "Provider" = "none"; + "ProviderConfig" = { + "Audience" = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + "AuthorizationEndpoint" = ""; + "Domain" = ""; + "ClientID" = ""; + "ClientSecret" = ""; + "TokenEndpoint" = "https://auth.blunkall.us/realms/General/protocol/openid-connect/token"; + "DeviceAuthEndpoint" = "https://auth.blunkall.us/realms/General/protocol/openid-connect/auth/device"; + "Scope" = "openid"; + "UseIDToken" = false; + "RedirectURLs" = null; + }; + }; + + "IdpManagerConfig" = { + "ManagerType" = "keycloak"; + "ClientConfig" = { + "Issuer" = "https://auth.blunkall.us/realms/General"; + "TokenEndpoint" = "https://auth.blunkall.us/realms/General/protocol/openid-connect/token"; + "ClientID" = "netbird-backend"; + "ClientSecret" = "QuqjTOAHKE6N6jJqkB1F1RGo3kqUhEdg"; + "GrantType" = "client_credentials"; + }; + + "ExtraConfig" = { + "AdminEndpoint" = "https://auth.blunkall.us/admin/realms/General"; + }; + "Auth0ClientCredentials" = null; + "AzureClientCredentials" = null; + "KeycloakClientCredentials" = null; + "ZitadelClientCredentials" = null; + }; + + "PKCEAuthorizationFlow" = { + "ProviderConfig" = { + "Audience" = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration"; + "ClientID" = "netbird"; + "ClientSecret" = ""; + "Domain" = ""; + "AuthorizationEndpoint" = "https://auth.blunkall.us/realms/General/protocol/openid-connect/auth"; + "TokenEndpoint" = "https://auth.blunkall.us/realms/General/protocol/openid-connect/token"; + "Scope" = "openid profile email offline_access api"; + "RedirectURLs" = [ + "http://localhost:53000" + ]; + "UseIDToken" = false; + "DisablePromptLogin" = false; + }; + }; + }; port = 80;