netbird: remove

2025-03-10 16:11:39 +00:00 · 2025-03-10 16:11:39 +00:00 · d77edfab75
commit d77edfab75
parent 68506d4868
1 changed files with 0 additions and 77 deletions
--- a/modules/nixos/services/netbird.nix
+++ b/modules/nixos/services/netbird.nix
@ -1,77 +0,0 @@
 {
  config,
  lib,
  self,
  ...
 }:
 let
  cfg = config.modules.services.netbird;
 in
 {
  options.modules.services.netbird = {
    enable = lib.mkEnableOption "netbird";
    coordinatorDomain = lib.mkOption {
      type = lib.types.str;
      default = "netbird.vimium.net";
    };
    meshDomain = lib.mkOption {
      type = lib.types.str;
      default = "mesh.vimium.net";
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets."passwords/services/netbird/data-store-encryption-key" = {
      file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
    };
    services.netbird = {
      enable = true;
    };
    services.netbird.server = {
      domain = cfg.coordinatorDomain;
      enable = true;
      enableNginx = true;
      dashboard.settings = {
        AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
      };
      management = rec {
        disableAnonymousMetrics = true;
        dnsDomain = cfg.meshDomain;
        oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
        settings = {
          DataStoreEncryptionKey = {
            _secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
          };
          HttpConfig = {
            AuthAudience = "netbird";
          };
          StoreConfig = {
            Engine = "sqlite";
          };
          TURNConfig = {
            Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
            TimeBasedCredentials = true;
          };
          PKCEAuthorizationFlow.ProviderConfig = {
            AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
            TokenEndpoint = "https://auth.vimium.com/oauth2/token";
          };
        };
        singleAccountModeDomain = dnsDomain;
        turnDomain = config.services.coturn.realm;
        turnPort = config.services.coturn.listening-port;
      };
    };
    systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
    systemd.services.netbird-management.serviceConfig.RestartSec = "60";
    services.nginx.virtualHosts."netbird.vimium.net" = {
      enableACME = true;
      forceSSL = true;
    };
  };
 }