Enable netbird-docker on srv03

2026-04-25 23:58:47 +02:00 · 2026-04-25 23:58:47 +02:00 · f7c4620378
commit f7c4620378
parent d1cfaf7acf
2 changed files with 21 additions and 0 deletions
--- a/hosts/srv03/default.nix
+++ b/hosts/srv03/default.nix
@ -16,6 +16,7 @@
      ../../modules/docker.nix
      ../../modules/traefik.nix
      ../../modules/pocket-id.nix
+      ../../modules/netbird-docker.nix
      ../../modules/auto-upgrade.nix
      "${inputs.secrets}/modules/opkssh.nix"
      # Include the results of the hardware scan.
@ -42,6 +43,24 @@
      };
      environmentFile = config.age.secrets.pocket-id.path;
    };
+
+    netbird-docker = {
+      enable = true;
+      secrets = config.age.secrets.netbird-server;
+      proxy = {
+        domain = "netbird.jfreudenberger.de";
+        token-secret = config.age.secrets.netbird-proxy;
+      };
+    };
+    netbird.server = let
+      domain = "netbird.jfreudenberger.de";
+    in {
+      domain = domain;
+      management.domain = domain;
+      dashboard.domain = domain;
+      signal.domain = domain;
+      management.oidcConfigEndpoint = "https://login.jfreudenberger.de/.well-known/openid-configuration";
+    };
  };

  systemd.network = {
--- a/hosts/srv03/secrets.nix
+++ b/hosts/srv03/secrets.nix
@ -3,5 +3,7 @@
  age.secrets = {
    inwx.file = "${inputs.secrets}/secrets/dns-management/inwx";
    pocket-id.file = "${inputs.secrets}/secrets/srv03/pocket-id";
+    netbird-server.file = "${inputs.secrets}/secrets/srv03/netbird-server";
+    netbird-proxy.file = "${inputs.secrets}/secrets/srv03/netbird-proxy";
  };
 }