feat: netbird

2026-01-08 14:21:53 +08:00 · 2026-01-08 14:21:53 +08:00 · ea118b7995
commit ea118b7995
parent 53b83b3471
64 changed files with 1088 additions and 665 deletions
--- a/system/dev/dn-pre7780/expr/default.nix
+++ b/system/dev/dn-pre7780/expr/default.nix
@ -1,6 +1,5 @@
 {
  imports = [
-    # ./netbird.nix
    # ./osx-kvm.nix
  ];
 }
--- a/system/dev/dn-pre7780/expr/netbird.nix
+++ b/system/dev/dn-pre7780/expr/netbird.nix
@ -1,65 +0,0 @@
-{
-  domain,
-  idpSecret,
-  dataStoreEncryptionKey,
-  coturnPassFile,
-  ...
-}:
-let
-  port = 51820;
-in
-{
-  services.netbird = {
-    server = {
-      enable = true;
-      domain = "netbird.${domain}";
-      enableNginx = true;
-      management = {
-        oidcConfigEndpoint = "https://keycloak.net.dn/realms/master/.well-known/openid-configuration";
-        settings = {
-          DataStoreEncryptionKey = {
-            _secret = dataStoreEncryptionKey;
-          };
-          TURNConfig = {
-            Secret = {
-              _secret = idpSecret;
-            };
-          };
-          IdpManagerConfig = {
-            ClientConfig = {
-              ClientID = "netbird-backend";
-              ClientSecret = {
-                _secret = idpSecret;
-              };
-            };
-          };
-        };
-      };
-      coturn = {
-        user = "netbird";
-        passwordFile = coturnPassFile;
-        enable = true;
-      };
-      dashboard.settings = {
-        USE_AUTH0 = false;
-        AUTH_AUTHORITY = "https://keycloak.net.dn/realms/master";
-        AUTH_CLIENT_ID = "netbird";
-        AUTH_AUDIENCE = "netbird";
-        AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api";
-      };
-    };
-    clients.default = {
-      inherit port;
-      openFirewall = true;
-      name = "netbird";
-      interface = "wt0";
-      hardened = true;
-      dns-resolver.address = "10.0.0.1";
-    };
-  };
-
-  services.nginx.virtualHosts."netbird.${domain}" = {
-    enableACME = true;
-    forceSSL = true;
-  };
-}