Netbird
services.netbird.enable
Whether to enable Netbird daemon.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird.nix
services.netbird.package
The netbird package to use.
Type: package
Default
pkgs.netbird
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird.nix
services.netbird.server.coturn.domain
The domain under which the coturn server runs.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/coturn.nix
services.netbird.server.coturn.enable
Whether to enable a Coturn server for Netbird, will also open the firewall on the configured range.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/coturn.nix
services.netbird.server.coturn.openPorts
The list of ports used by coturn for listening to open in the firewall.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
with config.services.coturn; [listening-portalt-listening-porttls-listening-portalt-tls-listening-port];
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/coturn.nix
services.netbird.server.coturn.password
The password of the user used by netbird to connect to the coturn server. Be advised this will be world readable in the nix store.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/coturn.nix
services.netbird.server.coturn.passwordFile
The path to a file containing the password of the user used by netbird to connect to the coturn server.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/coturn.nix
services.netbird.server.coturn.useAcmeCertificates
Whether to use ACME certificates corresponding to the given domain for the server.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/coturn.nix
services.netbird.server.coturn.user
The username used by netbird to connect to the coturn server.
Type: string
Default
"netbird"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/coturn.nix
services.netbird.server.dashboard.domain
The domain under which the dashboard runs.
Type: string
Default
"localhost"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/dashboard.nix
services.netbird.server.dashboard.enable
Whether to enable the static netbird dashboard frontend.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/dashboard.nix
services.netbird.server.dashboard.enableNginx
Whether to enable Nginx reverse-proxy to serve the dashboard.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/dashboard.nix
services.netbird.server.dashboard.finalDrv
The derivation containing the final templated dashboard.
Type: package
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/dashboard.nix
services.netbird.server.dashboard.managementServer
The address of the management server, used for the API endpoints.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/dashboard.nix
services.netbird.server.dashboard.package
The netbird-dashboard package to use.
Type: package
Default
pkgs.netbird-dashboard
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/dashboard.nix
services.netbird.server.dashboard.settings
An attribute set that will be used to substitute variables when building the dashboard. Any values set here will be templated into the frontend and be public for anyone that can reach your website. The exact values sadly aren't documented anywhere. A starting point when searching for valid values is this script The only mandatory value is 'AUTH_AUTHORITY' as we cannot set a default value here.
Type: attribute set of (string or boolean)
Default
'' { AUTH_AUDIENCE = "netbird"; AUTH_CLIENT_ID = "netbird"; AUTH_SUPPORTED_SCOPES = "openid profile email"; NETBIRD_TOKEN_SOURCE = "idToken"; USE_AUTH0 = false; }''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/dashboard.nix
services.netbird.server.domain
The domain under which the netbird server runs.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/server.nix
services.netbird.server.enable
Whether to enable Netbird Server stack, comprising the dashboard, management API and signal service.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/server.nix
services.netbird.server.enableNginx
Whether to enable Nginx reverse-proxy for the netbird server services.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/server.nix
services.netbird.server.management.disableAnonymousMetrics
Disables push of anonymous usage metrics to NetBird.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.disableSingleAccountMode
If set to true, disables single account mode.
The singleAccountModeDomain property will be ignored and every new user will have a separate NetBird account.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.dnsDomain
Domain used for peer resolution.
Type: string
Default
"netbird.selfhosted"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.domain
The domain under which the management API runs.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.enable
Whether to enable Netbird Management Service.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.enableNginx
Whether to enable Nginx reverse-proxy for the netbird management service.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.extraOptions
Additional options given to netbird-mgmt as commandline arguments.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.logLevel
Log level of the netbird services.
Type: one of "ERROR", "WARN", "INFO", "DEBUG"
Default
"INFO"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.oidcConfigEndpoint
The oidc discovery endpoint.
Type: string
Example
"https://example.eu.auth0.com/.well-known/openid-configuration"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.package
The netbird package to use.
Type: package
Default
pkgs.netbird
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.port
Internal port of the management server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
8011
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.settings
Configuration of the netbird management server.
Options containing secret data should be set to an attribute set containing the attribute _secret
- a string pointing to a file containing the value the option should be set to.
See the example to get a better picture of this: in the resulting management.json file,
the DataStoreEncryptionKey key will be set to the contents of the /run/agenix/netbird_mgmt-data_store_encryption_key file.
Type: JSON value
Default
`#!nix defaultSettings = { Stuns = [ { Proto = "udp"; URI = "stun:${cfg.turnDomain}:3478"; Username = ""; Password = null; } ];
TURNConfig = { Turns = [ { Proto = "udp"; URI = "turn:${cfg.turnDomain}:3478"; Username = "netbird"; Password = "netbird"; } ];
CredentialsTTL = "12h";
Secret = "not-secure-secret";
TimeBasedCredentials = false;
};
Signal = { Proto = "https"; URI = "${cfg.domain}:443"; Username = ""; Password = null; };
ReverseProxy = { TrustedHTTPProxies = [ ]; TrustedHTTPProxiesCount = 0; TrustedPeers = [ "0.0.0.0/0" ]; };
Datadir = "${stateDir}/data"; DataStoreEncryptionKey = "genEVP6j/Yp2EeVujm0zgqXrRos29dQkpvX0hHdEUlQ="; StoreConfig = { Engine = "sqlite"; };
HttpConfig = { Address = "127.0.0.1:${builtins.toString cfg.port}"; IdpSignKeyRefreshEnabled = true; OIDCConfigEndpoint = cfg.oidcConfigEndpoint; };
IdpManagerConfig = { ManagerType = "none"; ClientConfig = { Issuer = ""; TokenEndpoint = ""; ClientID = "netbird"; ClientSecret = ""; GrantType = "client_credentials"; };
ExtraConfig = { };
Auth0ClientCredentials = null;
AzureClientCredentials = null;
KeycloakClientCredentials = null;
ZitadelClientCredentials = null;
};
DeviceAuthorizationFlow = { Provider = "none"; ProviderConfig = { Audience = "netbird"; Domain = null; ClientID = "netbird"; TokenEndpoint = null; DeviceAuthEndpoint = ""; Scope = "openid profile email offline_access api"; UseIDToken = false; }; };
PKCEAuthorizationFlow = { ProviderConfig = { Audience = "netbird"; ClientID = "netbird"; ClientSecret = ""; AuthorizationEndpoint = ""; TokenEndpoint = ""; Scope = "openid profile email offline_access api"; RedirectURLs = "http://localhost:53000"; UseIDToken = false; }; }; }; `
Example
{DataStoreEncryptionKey = {_secret = "/run/agenix/netbird_mgmt-data_store_encryption_key";};}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.singleAccountModeDomain
Enables single account mode. This means that all the users will be under the same account grouped by the specified domain. If the installation has more than one account, the property is ineffective.
Type: string
Default
"netbird.selfhosted"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.turnDomain
The domain of the TURN server to use.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.management.turnPort
The port of the TURN server to use.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
3478
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/management.nix
services.netbird.server.signal.domain
The domain name for the signal service.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/signal.nix
services.netbird.server.signal.enable
Whether to enable Netbird's Signal Service.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/signal.nix
services.netbird.server.signal.enableNginx
Whether to enable Nginx reverse-proxy for the netbird signal service.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/signal.nix
services.netbird.server.signal.logLevel
Log level of the netbird signal service.
Type: one of "ERROR", "WARN", "INFO", "DEBUG"
Default
"INFO"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/signal.nix
services.netbird.server.signal.package
The netbird package to use.
Type: package
Default
pkgs.netbird
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/signal.nix
services.netbird.server.signal.port
Internal port of the signal server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
8012
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird/signal.nix
services.netbird.tunnels
Attribute set of Netbird tunnels, each one will spawn a daemon listening on ...
Type: attribute set of (submodule)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird.nix
services.netbird.tunnels.<name>.environment
Environment for the netbird service, used to pass configuration options.
Type: attribute set of string
Default
{NB_CONFIG = "/var/lib/${stateDir}/config.json";NB_LOG_FILE = "console";NB_WIREGUARD_PORT = builtins.toString port;NB_INTERFACE_NAME = name;NB_DAMEON_ADDR = "/var/run/${stateDir}"}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird.nix
services.netbird.tunnels.<name>.port
Port for the ‹name› netbird interface.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
51820
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird.nix
services.netbird.tunnels.<name>.stateDir
Directory storing the netbird configuration.
Type: string
Default
"netbird-‹name›"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/netbird.nix