nixos/netbird: fix defaults (#314656)

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-09-29 23:52:55 +00:00 · 2024-06-06 22:02:06 +00:00 · 2024-06-06 22:02:06 +00:00 · 0fdf6e2917
commit 0fdf6e2917
parent 4f06a00fa9
2 changed files with 33 additions and 7 deletions
--- a/nixos/modules/services/networking/netbird/coturn.nix
+++ b/nixos/modules/services/networking/netbird/coturn.nix
@ -60,6 +60,7 @@ in
      default = null;
      description = ''
        The password of the user used by netbird to connect to the coturn server.
+        Be advised this will be world readable in the nix store.
      '';
    };

@ -142,7 +143,11 @@ in
          ];
        });

-      security.acme.certs.${cfg.domain}.postRun = optionalString cfg.useAcmeCertificates "systemctl restart coturn.service";
+      security.acme.certs = mkIf cfg.useAcmeCertificates {
+        ${cfg.domain}.postRun = ''
+          systemctl restart coturn.service
+        '';
+      };

      networking.firewall = {
        allowedUDPPorts = cfg.openPorts;
--- a/nixos/modules/services/networking/netbird/server.nix
+++ b/nixos/modules/services/networking/netbird/server.nix
@ -2,6 +2,7 @@

 let
  inherit (lib)
+    mkDefault
    mkEnableOption
    mkIf
    mkOption
@ -15,7 +16,7 @@ in

 {
  meta = {
-    maintainers = with lib.maintainers; [ thubrecht ];
+    maintainers = with lib.maintainers; [thubrecht patrickdag];
    doc = ./server.md;
  };

@ -41,26 +42,46 @@ in
  config = mkIf cfg.enable {
    services.netbird.server = {
      dashboard = {
-        inherit (cfg) enable domain enableNginx;
+        domain = mkDefault cfg.domain;
+        enable = mkDefault cfg.enable;
+        enableNginx = mkDefault cfg.enableNginx;

        managementServer = "https://${cfg.domain}";
      };

      management =
        {
-          inherit (cfg) enable domain enableNginx;
+          domain = mkDefault cfg.domain;
+          enable = mkDefault cfg.enable;
+          enableNginx = mkDefault cfg.enableNginx;
        }
-        // (optionalAttrs cfg.coturn.enable {
+        // (optionalAttrs cfg.coturn.enable rec {
          turnDomain = cfg.domain;
          turnPort = config.services.coturn.tls-listening-port;
+          # We cannot merge a list of attrsets so we have to redefine the whole list
+          settings = {
+            TURNConfig.Turns = mkDefault [
+              {
+                Proto = "udp";
+                URI = "turn:${turnDomain}:${builtins.toString turnPort}";
+                Username = "netbird";
+                Password =
+                  if (cfg.coturn.password != null)
+                  then cfg.coturn.password
+                  else {_secret = cfg.coturn.passwordFile;};
+              }
+            ];
+          };
        });

      signal = {
-        inherit (cfg) enable domain enableNginx;
+        domain = mkDefault cfg.domain;
+        enable = mkDefault cfg.enable;
+        enableNginx = mkDefault cfg.enableNginx;
      };

      coturn = {
-        inherit (cfg) domain;
+        domain = mkDefault cfg.domain;
      };
    };
  };