mirror of
https://github.com/JamesTurland/JimsGarage.git
synced 2024-11-28 10:50:25 +00:00
97 lines
No EOL
4.6 KiB
Bash
97 lines
No EOL
4.6 KiB
Bash
## example file, you can copy this file to setup.env and update its values
|
|
##
|
|
|
|
# Image tags
|
|
# you can force specific tags for each component; will be set to latest if empty
|
|
NETBIRD_DASHBOARD_TAG=""
|
|
NETBIRD_SIGNAL_TAG=""
|
|
NETBIRD_MANAGEMENT_TAG=""
|
|
COTURN_TAG=""
|
|
|
|
# Dashboard domain. e.g. app.mydomain.com
|
|
NETBIRD_DOMAIN="netbird.jimsgarage.co.uk"
|
|
|
|
# TURN server domain. e.g. turn.mydomain.com
|
|
# if not specified it will assume NETBIRD_DOMAIN
|
|
NETBIRD_TURN_DOMAIN=""
|
|
|
|
# TURN server public IP address
|
|
# required for a connection involving peers in
|
|
# the same network as the server and external peers
|
|
# usually matches the IP for the domain set in NETBIRD_TURN_DOMAIN
|
|
NETBIRD_TURN_EXTERNAL_IP="192.168.200.50"
|
|
|
|
# -------------------------------------------
|
|
# OIDC
|
|
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
|
|
# -------------------------------------------
|
|
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.jimsgarage.co.uk/application/o/netbird/.well-known/openid-configuration"
|
|
# The default setting is to transmit the audience to the IDP during authorization. However,
|
|
# if your IDP does not have this capability, you can turn this off by setting it to false.
|
|
#NETBIRD_DASH_AUTH_USE_AUDIENCE=false
|
|
NETBIRD_AUTH_AUDIENCE="q5oAgpeZoIRa9NV7qIm6PeHKUhVTXu2dIFWmA4nU"
|
|
# e.g. netbird-client
|
|
NETBIRD_AUTH_CLIENT_ID="q5oAgpeZoIRa9NV7qIm6PeHKUhVTXu2dIFWmA4nU"
|
|
# indicates the scopes that will be requested to the IDP
|
|
NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"
|
|
# NETBIRD_AUTH_CLIENT_SECRET is required only by Google workspace.
|
|
# NETBIRD_AUTH_CLIENT_SECRET=""
|
|
# if you want to use a custom claim for the user ID instead of 'sub', set it here
|
|
# NETBIRD_AUTH_USER_ID_CLAIM=""
|
|
# indicates whether to use Auth0 or not: true or false
|
|
NETBIRD_USE_AUTH0="false"
|
|
# if your IDP provider doesn't support fragmented URIs, configure custom
|
|
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
|
|
# NETBIRD_AUTH_REDIRECT_URI="/peers"
|
|
# NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
|
|
# Updates the preference to use id tokens instead of access token on dashboard
|
|
# Okta and Gitlab IDPs can benefit from this
|
|
# NETBIRD_TOKEN_SOURCE="idToken"
|
|
# -------------------------------------------
|
|
# OIDC Device Authorization Flow
|
|
# -------------------------------------------
|
|
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
|
|
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="q5oAgpeZoIRa9NV7qIm6PeHKUhVTXu2dIFWmA4nU"
|
|
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
|
|
# you can customize here:
|
|
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
|
|
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
|
|
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
|
|
# -------------------------------------------
|
|
# OIDC PKCE Authorization Flow
|
|
# -------------------------------------------
|
|
# Comma separated port numbers. if already in use, PKCE flow will choose an available port from the list as an alternative
|
|
# eg. 53000,54000
|
|
NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS="53000"
|
|
# -------------------------------------------
|
|
# IDP Management
|
|
# -------------------------------------------
|
|
# eg. zitadel, auth0, azure, keycloak
|
|
NETBIRD_MGMT_IDP="authentik"
|
|
# Some IDPs requires different client id and client secret for management api
|
|
NETBIRD_IDP_MGMT_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID
|
|
NETBIRD_IDP_MGMT_CLIENT_SECRET=""
|
|
NETBIRD_IDP_MGMT_EXTRA_USERNAME="Netbird"
|
|
NETBIRD_IDP_MGMT_EXTRA_PASSWORD="3oWe0Ks8CBdyY7jlxp3MFZj1fseRSXyQoR3opt2iA5PTpVEHqqHkMJcfQLzC"
|
|
# Required when setting up with Keycloak "https://<YOUR_KEYCLOAK_HOST_AND_PORT>/admin/realms/netbird"
|
|
# NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT=
|
|
# With some IDPs may be needed enabling automatic refresh of signing keys on expire
|
|
# NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=false
|
|
# NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice.
|
|
# -------------------------------------------
|
|
# Letsencrypt
|
|
# -------------------------------------------
|
|
# Disable letsencrypt
|
|
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
|
|
NETBIRD_DISABLE_LETSENCRYPT=true
|
|
# e.g. hello@mydomain.com
|
|
NETBIRD_LETSENCRYPT_EMAIL=""
|
|
# -------------------------------------------
|
|
# Extra settings
|
|
# -------------------------------------------
|
|
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
|
|
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
|
|
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
|
|
NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted
|
|
NETBIRD_MGMT_API_PORT=443
|
|
NETBIRD_SIGNAL_PORT=443 |