pyrox.dev
1{ config, lib, ... }:
2
3let
4 inherit (lib)
5 mkDefault
6 mkEnableOption
7 mkIf
8 mkOption
9 optionalAttrs
10 ;
11
12 inherit (lib.types) str;
13
14 cfg = config.services.netbird.server;
15in
16
17{
18 meta = {
19 maintainers = with lib.maintainers; [ patrickdag ];
20 doc = ./server.md;
21 };
22
23 # Import the separate components
24 imports = [
25 ./coturn.nix
26 ./dashboard.nix
27 ./management.nix
28 ./signal.nix
29 ];
30
31 options.services.netbird.server = {
32 enable = mkEnableOption "Netbird Server stack, comprising the dashboard, management API and signal service";
33
34 enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird server services";
35
36 domain = mkOption {
37 type = str;
38 description = "The domain under which the netbird server runs.";
39 };
40 };
41
42 config = mkIf cfg.enable {
43 services.netbird.server = {
44 dashboard = {
45 domain = mkDefault cfg.domain;
46 enable = mkDefault cfg.enable;
47 enableNginx = mkDefault cfg.enableNginx;
48
49 managementServer = "https://${cfg.domain}";
50 };
51
52 management = {
53 domain = mkDefault cfg.domain;
54 enable = mkDefault cfg.enable;
55 enableNginx = mkDefault cfg.enableNginx;
56 }
57 // (optionalAttrs cfg.coturn.enable rec {
58 turnDomain = cfg.domain;
59 turnPort = config.services.coturn.tls-listening-port;
60 # We cannot merge a list of attrsets so we have to redefine the whole list
61 settings = {
62 TURNConfig.Turns = mkDefault [
63 {
64 Proto = "udp";
65 URI = "turn:${turnDomain}:${builtins.toString turnPort}";
66 Username = "netbird";
67 Password =
68 if (cfg.coturn.password != null) then
69 cfg.coturn.password
70 else
71 { _secret = cfg.coturn.passwordFile; };
72 }
73 ];
74 };
75 });
76
77 signal = {
78 domain = mkDefault cfg.domain;
79 enable = mkDefault cfg.enable;
80 enableNginx = mkDefault cfg.enableNginx;
81 };
82
83 coturn = {
84 domain = mkDefault cfg.domain;
85 };
86 };
87 };
88}