Adding Netbird service.

2025-01-21 16:40:33 -05:00
parent 157f2590f3
commit 44266c9eaa
4 changed files with 1069 additions and 0 deletions
@@ -3202,6 +3202,122 @@ services:
        type: bind
        bind:
          create_host_path: true
+  netbird-dashboard:
+    container_name: netbird-dashboard
+    environment:
+      # Endpoints
+      NETBIRD_MGMT_API_ENDPOINT: https://netbird.${MY_TLD}:33073
+      NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.${MY_TLD}:33073
+      # OIDC
+      AUTH_AUDIENCE: ${NETBIRD_ZITADEL_CLIENT_ID}
+      AUTH_CLIENT_ID: ${NETBIRD_ZITADEL_CLIENT_ID}
+      AUTH_CLIENT_SECRET: ${NETBIRD_ZITADEL_CLIENT_SECRET}
+      AUTH_AUTHORITY: https://id.${MY_TLD}
+      USE_AUTH0: false
+      AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
+      AUTH_REDIRECT_URI: /auth
+      AUTH_SILENT_REDIRECT_URI: /silent-auth
+      NETBIRD_TOKEN_SOURCE: accessToken
+      # SSL
+      NGINX_SSL_PORT: 443
+      # Letsencrypt
+      LETSENCRYPT_DOMAIN:
+      LETSENCRYPT_EMAIL:
+    image: netbirdio/dashboard:latest
+    labels:
+      homepage.group: Privacy/Security
+      homepage.name: Netbird
+      homepage.href: https://netbird.${MY_TLD}
+      homepage.icon: netbird.svg
+      homepage.description: Peer-to-peer private network and centralized access control system
+      swag: enable
+      swag_proto: http
+      swag_port: 80
+      swag_auth: authelia
+      swag_url: netbird.${MY_TLD}
+      swag_server_custom_directive: |
+        location /signalexchange.SignalExchange/ {
+            grpc_pass grpc://netbird-signal;
+            #grpc_ssl_verify off;
+            grpc_read_timeout 1d;
+            grpc_send_timeout 1d;
+            grpc_socket_keepalive on;
+        }
+        # Proxy Management http endpoint
+        location /api {
+            proxy_pass http://netbird-management;
+        }
+        # Proxy Management grpc endpoint
+        location /management.ManagementService/ {
+            grpc_pass grpc://netbird-management;
+            #grpc_ssl_verify off;
+            grpc_read_timeout 1d;
+            grpc_send_timeout 1d;
+            grpc_socket_keepalive on;
+        }
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://netbird.${MY_TLD}
+    ports:
+      - 32908:80
+      - 36610:443
+    restart: unless-stopped
+    volumes:
+      - netbird-letsencrypt:/etc/letsencrypt/
+  netbird-signal:
+    container_name: netbird-signal
+    image: netbirdio/signal:latest
+    ports:
+      - 10001:80
+    restart: unless-stopped
+    volumes:
+      - netbird-signal:/var/lib/netbird
+  netbird-relay:
+    image: netbirdio/relay:latest
+    restart: unless-stopped
+    environment:
+      NB_LOG_LEVEL: info
+      NB_LISTEN_ADDRESS: :33080
+      NB_EXPOSED_ADDRESS: netbird.${MY_TLD}:33080
+      # todo: change to a secure secret
+      NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET}
+    ports:
+      - 33080:33080
+  netbird-management:
+    command: [
+      "--port", "443",
+      "--log-file", "console",
+      "--log-level", "info",
+      "--disable-anonymous-metrics=false",
+      "--single-account-mode-domain=netbird.${MY_TLD}",
+      "--dns-domain=netbird.selfhosted"
+      ]
+    container_name: netbird-management
+    depends_on:
+      netbird-dashboard:
+        condition: service_started
+    environment:
+      NETBIRD_STORE_ENGINE_POSTGRES_DSN:
+      NETBIRD_STORE_ENGINE_MYSQL_DSN:
+    image: netbirdio/management:latest
+    restart: unless-stopped
+    volumes:
+      - netbird-mgmt:/var/lib/netbird
+      - netbird-letsencrypt:/etc/letsencrypt:ro
+      - ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json
+    ports:
+      - 33073:443 #API port
+  netbird-coturn:
+    command:
+      - -c /etc/turnserver.conf
+    container_name: netbird-coturn
+    image: coturn/coturn:latest
+    restart: unless-stopped
+    #domainname: netbird.${MY_TLD} # only needed when TLS is enabled
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro
+    #      - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro
+    #      - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro
+    network_mode: host
  netbox:
    container_name: netbox
    depends_on: