From a685860680ea663310a1f3d496555cc6735ae093 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sat, 24 Aug 2024 12:32:28 +0100
Subject: [PATCH] Add PKCEAuthorizationFlow to NetBird

---
 modules/networking/netbird.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/networking/netbird.nix b/modules/networking/netbird.nix
index d9ffc3c..bf74183 100644
--- a/modules/networking/netbird.nix
+++ b/modules/networking/netbird.nix
@@ -29,7 +29,10 @@ in {
       domain = cfg.coordinatorDomain;
       enable = true;
       enableNginx = true;
-      dashboard.settings.AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
+      dashboard.settings = {
+        AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
+        NETBIRD_TOKEN_SOURCE = "accessToken";
+      };
       management = rec {
         disableAnonymousMetrics = true;
         dnsDomain = cfg.meshDomain;
@@ -46,6 +49,10 @@ in {
             Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
             TimeBasedCredentials = true;
           };
+          PKCEAuthorizationFlow.ProviderConfig = {
+            AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
+            TokenEndpoint = "https://auth.vimium.com/oauth2/token";
+          };
         };
         singleAccountModeDomain = dnsDomain;
         turnDomain = config.services.coturn.realm;