depot/nixos/modules/services/networking/netbird/server.nix

{ config, lib, ... }:

let
  inherit (lib)
    mkDefault
    mkEnableOption
    mkIf
    mkOption
    optionalAttrs
    ;

  inherit (lib.types) str;

  cfg = config.services.netbird.server;
in

{
  meta = {
    maintainers = with lib.maintainers; [patrickdag];
    doc = ./server.md;
  };

  # Import the separate components
  imports = [
    ./coturn.nix
    ./dashboard.nix
    ./management.nix
    ./signal.nix
  ];

  options.services.netbird.server = {
    enable = mkEnableOption "Netbird Server stack, comprising the dashboard, management API and signal service";

    enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird server services";

    domain = mkOption {
      type = str;
      description = "The domain under which the netbird server runs.";
    };
  };

  config = mkIf cfg.enable {
    services.netbird.server = {
      dashboard = {
        domain = mkDefault cfg.domain;
        enable = mkDefault cfg.enable;
        enableNginx = mkDefault cfg.enableNginx;

        managementServer = "https://${cfg.domain}";
      };

      management =
        {
          domain = mkDefault cfg.domain;
          enable = mkDefault cfg.enable;
          enableNginx = mkDefault cfg.enableNginx;
        }
        // (optionalAttrs cfg.coturn.enable rec {
          turnDomain = cfg.domain;
          turnPort = config.services.coturn.tls-listening-port;
          # We cannot merge a list of attrsets so we have to redefine the whole list
          settings = {
            TURNConfig.Turns = mkDefault [
              {
                Proto = "udp";
                URI = "turn:${turnDomain}:${builtins.toString turnPort}";
                Username = "netbird";
                Password =
                  if (cfg.coturn.password != null)
                  then cfg.coturn.password
                  else {_secret = cfg.coturn.passwordFile;};
              }
            ];
          };
        });

      signal = {
        domain = mkDefault cfg.domain;
        enable = mkDefault cfg.enable;
        enableNginx = mkDefault cfg.enableNginx;
      };

      coturn = {
        domain = mkDefault cfg.domain;
      };
    };
  };
}
Squashed 'third_party/nixpkgs/' content from commit 76612b17c0ce git-subtree-dir: third_party/nixpkgs git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2 2024-11-10 23:59:47 +00:00			`{ config, lib, ... }:`

			`let`
			`inherit (lib)`
			`mkDefault`
			`mkEnableOption`
			`mkIf`
			`mkOption`
			`optionalAttrs`
			`;`

			`inherit (lib.types) str;`

			`cfg = config.services.netbird.server;`
			`in`

			`{`
			`meta = {`
			`maintainers = with lib.maintainers; [patrickdag];`
			`doc = ./server.md;`
			`};`

			`# Import the separate components`
			`imports = [`
			`./coturn.nix`
			`./dashboard.nix`
			`./management.nix`
			`./signal.nix`
			`];`

			`options.services.netbird.server = {`
			`enable = mkEnableOption "Netbird Server stack, comprising the dashboard, management API and signal service";`

			`enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird server services";`

			`domain = mkOption {`
			`type = str;`
			`description = "The domain under which the netbird server runs.";`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`services.netbird.server = {`
			`dashboard = {`
			`domain = mkDefault cfg.domain;`
			`enable = mkDefault cfg.enable;`
			`enableNginx = mkDefault cfg.enableNginx;`

			`managementServer = "https://${cfg.domain}";`
			`};`

			`management =`
			`{`
			`domain = mkDefault cfg.domain;`
			`enable = mkDefault cfg.enable;`
			`enableNginx = mkDefault cfg.enableNginx;`
			`}`
			`// (optionalAttrs cfg.coturn.enable rec {`
			`turnDomain = cfg.domain;`
			`turnPort = config.services.coturn.tls-listening-port;`
			`# We cannot merge a list of attrsets so we have to redefine the whole list`
			`settings = {`
			`TURNConfig.Turns = mkDefault [`
			`{`
			`Proto = "udp";`
			`URI = "turn:${turnDomain}:${builtins.toString turnPort}";`
			`Username = "netbird";`
			`Password =`
			`if (cfg.coturn.password != null)`
			`then cfg.coturn.password`
			`else {_secret = cfg.coturn.passwordFile;};`
			`}`
			`];`
			`};`
			`});`

			`signal = {`
			`domain = mkDefault cfg.domain;`
			`enable = mkDefault cfg.enable;`
			`enableNginx = mkDefault cfg.enableNginx;`
			`};`

			`coturn = {`
			`domain = mkDefault cfg.domain;`
			`};`
			`};`
			`};`
			`}`