diff --git a/system-config/services/containers/gitea/default.nix b/system-config/services/containers/gitea/default.nix index 167b432..564e0ac 100644 --- a/system-config/services/containers/gitea/default.nix +++ b/system-config/services/containers/gitea/default.nix @@ -66,7 +66,7 @@ stateDir = "/etc/gitea/data"; - dump.enable = true; + dump.enable = false; appName = "Gitea"; diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index cbe6c3e..9757907 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -87,6 +87,7 @@ management = { enable = true; dnsDomain = ".vpn"; + oidcConfigEndpoint = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; #turnDomain = "localhost"; @@ -97,9 +98,26 @@ enable = true; #managementServer = "localhost"; settings = { - AUTH_AUTHORITY = ""; + AUTH_AUTHORITY = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; NETBIRD_USE_AUTH0 = false; - NETBIRD_AUTH_DEVICE_AUTH_PROVIDER = "none"; + NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://auth.blunkall.us/application/o/netbird/.well-known/openid-configuration"; + NETBIRD_AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api"; + NETBIRD_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; + NETBIRD_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; + NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; + NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID = "wXR2HlT7fOmDGRbB8FOJP4BaX1u0UF1mo2hLrFlD"; + + NETBIRD_MGMT_IDP = "authentik"; + NETBIRD_IDP_MGMT_CLIENT_ID = ""; + NETBIRD_IDP_MGMT_EXTRA_USERNAME = "Netbird"; + NETBIRD_IDP_MGMT_EXTRA_PASSWORD = "jfdkhsjlkasdhfklslhflhljksd"; + + NETBIRD_AUTH_PKCE_DISABLE_PROMPT_LOGIN = true; + + NETBIRD_DISABLE_LETSENCRYPT = true; + NETBIRD_MGMT_API_ENDPOINT = "https://netbirdapi.blunkall.us:443"; + NETBIRD_MGMT_GRPC_API_ENDPOINT = "https://netbirdapi.blunkall.us:443"; + }; }; diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index 467f33b..ff32671 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -223,6 +223,24 @@ service = "netbird"; tls.certResolver = "cloudflare"; }; + netbirdApi = { + entryPoints = [ "websecure" ]; + rule = "Host(`netbirdapi.blunkall.us`) && PathPrefix(`/api`)"; + service = "netbirdApi"; + tls.certResolver = "cloudflare"; + }; + netbirdMgmt = { + entryPoints = [ "websecure" ]; + rule = "Host(`netbirdapi.blunkall.us`) && PathPrefix(`/management`)"; + service = "netbirdMgmt"; + tls.certResolver = "cloudflare"; + }; + netbirdSignal = { + entryPoints = [ "websecure" ]; + rule = "Host(`netbirdapi.blunkall.us`) && PathPrefix(`/signalexchange`)"; + service = "netbirdSignal"; + tls.certResolver = "cloudflare"; + }; }; middlewares = { @@ -269,7 +287,13 @@ ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ]; - netbird.loadBalancer.servers = [ { url = "http://192.168.100.21"; } ]; + netbird.loadBalancer = { + passHostHeader = true; + servers = [ { url = "http://192.168.100.21"; } ]; + }; + netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ]; + netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ]; + netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ]; homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];