77 lines
3.6 KiB
Django/Jinja
77 lines
3.6 KiB
Django/Jinja
{
|
|
"Stuns": [
|
|
{
|
|
"Proto": "udp",
|
|
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
|
"Username": "",
|
|
"Password": null
|
|
}
|
|
],
|
|
"TURNConfig": {
|
|
"Turns": [
|
|
{
|
|
"Proto": "udp",
|
|
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
|
"Username": "self",
|
|
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
|
|
}
|
|
],
|
|
"CredentialsTTL": "12h",
|
|
"Secret": "secret",
|
|
"TimeBasedCredentials": false
|
|
},
|
|
"Relay": {
|
|
"Addresses": [
|
|
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
|
|
],
|
|
"CredentialsTTL": "24h",
|
|
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
|
|
},
|
|
"Signal": {
|
|
"Proto": "https",
|
|
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
|
|
"Username": "",
|
|
"Password": null
|
|
},
|
|
"ReverseProxy": {
|
|
"TrustedHTTPProxies": [],
|
|
"TrustedHTTPProxiesCount": 0,
|
|
"TrustedPeers": [
|
|
"0.0.0.0/0"
|
|
]
|
|
},
|
|
"Datadir": "",
|
|
"DataStoreEncryptionKey": "",
|
|
"StoreConfig": {
|
|
"Engine": "sqlite"
|
|
},
|
|
"HttpConfig": {
|
|
"Address": "0.0.0.0:33073",
|
|
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
|
"AuthAudience": "netbird",
|
|
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
|
|
"AuthUserIDClaim": "",
|
|
"CertFile": "",
|
|
"CertKey": "",
|
|
"IdpSignKeyRefreshEnabled": true,
|
|
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
|
},
|
|
"IdpManagerConfig": {},
|
|
"DeviceAuthorizationFlow": {},
|
|
"PKCEAuthorizationFlow": {
|
|
"ProviderConfig": {
|
|
"Audience": "netbird",
|
|
"ClientID": "netbird",
|
|
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
|
"Domain": "",
|
|
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
|
|
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
|
|
"Scope": "openid profile email offline_access api",
|
|
"RedirectURLs": [
|
|
"http://localhost:53000"
|
|
],
|
|
"UseIDToken": true
|
|
}
|
|
}
|
|
}
|