From 15abca47bd3b43f78e4b34524b7c0e085cbf9e44 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Fri, 6 Feb 2026 12:27:10 +0100 Subject: [PATCH] Add NetBird server add-on --- netbird/Dockerfile | 107 ++++++++++++++++++ netbird/README.md | 99 ++++++++++++++++ netbird/build.json | 6 + netbird/config.json | 90 +++++++++++++++ .../etc/cont-init.d/00-netbird-config.sh | 101 +++++++++++++++++ .../etc/cont-init.d/01-dashboard-config.sh | 15 +++ netbird/rootfs/etc/services.d/netbird/finish | 5 + netbird/rootfs/etc/services.d/netbird/run | 56 +++++++++ .../usr/share/netbird/management.json.tmpl | 31 +++++ 9 files changed, 510 insertions(+) create mode 100644 netbird/Dockerfile create mode 100644 netbird/README.md create mode 100644 netbird/build.json create mode 100644 netbird/config.json create mode 100644 netbird/rootfs/etc/cont-init.d/00-netbird-config.sh create mode 100644 netbird/rootfs/etc/cont-init.d/01-dashboard-config.sh create mode 100644 netbird/rootfs/etc/services.d/netbird/finish create mode 100644 netbird/rootfs/etc/services.d/netbird/run create mode 100644 netbird/rootfs/usr/share/netbird/management.json.tmpl diff --git a/netbird/Dockerfile b/netbird/Dockerfile new file mode 100644 index 000000000..554b02925 --- /dev/null +++ b/netbird/Dockerfile @@ -0,0 +1,107 @@ +#============================# +# ALEXBELGIUM'S DOCKERFILE # +#============================# +# _.------. +# _.-` ('>.-`"""-. +# '.--'` _'` _ .--.) +# -' '-.-';` ` +# ' - _.' ``'--. +# '---` .-'""` +# /` +#=== Home Assistant Addon ===# + +################# +# 1 Build Image # +################# + +ARG BUILD_FROM + +FROM netbirdio/management:latest AS netbird-management +FROM netbirdio/signal:latest AS netbird-signal +FROM netbirdio/dashboard:latest AS netbird-dashboard + +################## +# 2 Modify Image # +################## + +FROM ${BUILD_FROM} + +# Set S6 wait time +ENV S6_CMD_WAIT_FOR_SERVICES=1 \ + S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ + S6_SERVICES_GRACETIME=0 + +################## +# 3 Install apps # +################## + +RUN \ + apk add --no-cache \ + bash \ + ca-certificates \ + curl \ + gettext \ + nginx \ + tzdata + +COPY --from=netbird-management /go/bin/netbird-mgmt /usr/local/bin/netbird-mgmt +COPY --from=netbird-signal /go/bin/netbird-signal /usr/local/bin/netbird-signal +COPY --from=netbird-dashboard /usr/share/nginx/html /usr/share/nginx/html +COPY --from=netbird-dashboard /etc/nginx /etc/nginx +COPY --from=netbird-dashboard /usr/local/init_react_envs.sh /usr/local/init_react_envs.sh +COPY --from=netbird-dashboard /usr/local/init_cert.sh /usr/local/init_cert.sh + +# Copy local files +COPY rootfs/ / +RUN find . -type f \( -name "*.sh" -o -name "run" -o -name "finish" \) -print -exec chmod +x {} \; + +# Uses /bin for compatibility purposes +# hadolint ignore=DL4005 +RUN if [ ! -f /bin/sh ] && [ -f /usr/bin/sh ]; then ln -s /usr/bin/sh /bin/sh; fi && \ + if [ ! -f /bin/bash ] && [ -f /usr/bin/bash ]; then ln -s /usr/bin/bash /bin/bash; fi + +# Modules +ARG MODULES="00-banner.sh 01-custom_script.sh 00-global_var.sh 01-config_yaml.sh" + +# Automatic modules download +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_automodules.sh" "/ha_automodules.sh" +RUN chmod 744 /ha_automodules.sh && /ha_automodules.sh "$MODULES" && rm /ha_automodules.sh + +# Manual apps +ENV PACKAGES="jq" + +# Automatic apps & bashio +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_autoapps.sh" "/ha_autoapps.sh" +RUN chmod 744 /ha_autoapps.sh && /ha_autoapps.sh "$PACKAGES" && rm /ha_autoapps.sh + +################ +# 4 Entrypoint # +################ + +# Add entrypoint +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint.sh" "/ha_entrypoint.sh" +RUN chmod 777 /ha_entrypoint.sh + +# Install bashio +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/bashio-standalone.sh" "/usr/local/lib/bashio-standalone.sh" +RUN chmod 0755 /usr/local/lib/bashio-standalone.sh + +############ +# 5 Labels # +############ + +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_DESCRIPTION +ARG BUILD_NAME +ARG BUILD_REF +ARG BUILD_REPOSITORY +ARG BUILD_VERSION +ENV BUILD_VERSION="${BUILD_VERSION}" +LABEL \ + io.hass.name="${BUILD_NAME}" \ + io.hass.description="${BUILD_DESCRIPTION}" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="alexbelgium (https://github.com/alexbelgium)" diff --git a/netbird/README.md b/netbird/README.md new file mode 100644 index 000000000..ec0c58190 --- /dev/null +++ b/netbird/README.md @@ -0,0 +1,99 @@ +# Home assistant add-on: NetBird Server + +I maintain this and other Home Assistant add-ons in my free time: keeping up with upstream changes, HA changes, and testing on real hardware takes a lot of time (and some money). I use around 5-10 of my >110 addons so regularly I install test machines (and purchase some test services such as vpn) that I don't use myself to troubleshoot and improve the addons. + +If this add-on saves you time or makes your setup easier, I would be very grateful for your support! + +[![Buy me a coffee][donation-badge]](https://www.buymeacoffee.com/alexbelgium) +[![Donate via PayPal][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA) + +## Addon information + +![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fnetbird%2Fconfig.json) +![Ingress](https://img.shields.io/badge/dynamic/json?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fnetbird%2Fconfig.json) +![Arch](https://img.shields.io/badge/dynamic/json?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fnetbird%2Fconfig.json) + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white +[paypal-badge]: https://img.shields.io/badge/Donate%20via%20PayPal-0070BA?logo=paypal&style=flat&logoColor=white + +## About + +NetBird is a secure, WireGuard-based overlay network platform. This add-on packages the **management**, **signal**, and optional **dashboard** services in a single monolithic Home Assistant add-on (no ingress UI, no split services). It uses the upstream NetBird Docker images for the binaries and dashboard assets. + +## Installation + +The installation of this add-on is pretty straightforward and not different in +comparison to installing any other Hass.io add-on. + +1. [Add my Hass.io add-ons repository][repository] to your Hass.io instance. +1. Install this add-on. +1. Click the `Save` button to store your configuration. +1. Start the add-on. +1. Check the logs of the add-on to see if everything went well. + +## Configuration + +> **Important**: NetBird requires OIDC configuration. The add-on will generate a starter `management.json` in `/data/netbird` if one does not exist. Replace the placeholder OIDC values with your IdP configuration before connecting clients. + +Example add-on options: + +```json +{ + "domain": "netbird.example.com", + "management_port": 33073, + "signal_port": 10000, + "dashboard_port": 33080, + "enable_dashboard": true, + "auth_issuer": "https://accounts.example.com/", + "auth_audience": "netbird", + "auth_jwt_certs": "https://accounts.example.com/jwks.json", + "auth_oidc_configuration_endpoint": "https://accounts.example.com/.well-known/openid-configuration", + "auth_client_id": "netbird-dashboard", + "auth_client_secret": "your-secret", + "ssl_cert": "/ssl/fullchain.pem", + "ssl_key": "/ssl/privkey.pem" +} +``` + +### Options + +| Option | Description | +| --- | --- | +| `data_path` | Persistent data directory (default: `/data/netbird`). | +| `domain` | Public hostname used for NetBird endpoints. | +| `management_port` | Management API port. | +| `signal_port` | Signal service port. | +| `dashboard_port` | Dashboard port (only used if enabled). | +| `enable_dashboard` | Start the NetBird dashboard (requires OIDC settings). | +| `management_dns_domain` | DNS suffix handed to peers. | +| `single_account_domain` | Optional single-account mode domain. | +| `disable_anonymous_metrics` | Disable anonymous metrics. | +| `disable_default_policy` | Disable the default NetBird policy on first run. | +| `auth_*` | OIDC settings for the management server and dashboard. | +| `ssl_cert`, `ssl_key` | Optional TLS certificate/key paths. | +| `env_vars` | Extra environment variables passed into NetBird processes. | + +### Files and persistent data + +- `/data/netbird/management.json`: management server configuration (generated on first start). +- `/data/netbird`: runtime data for NetBird components. + +### Ports + +- `33073/tcp`: NetBird management API. +- `10000/tcp`: NetBird signal. +- `33080/tcp`: NetBird dashboard (optional). + +## Logs and status + +The add-on uses s6 supervision; if any NetBird component exits, the supervisor restarts the service and logs the failure to the Home Assistant add-on log stream. + +## Local build/test + +```bash +# From the repository root +ha addons build netbird +ha addons install ./netbird +``` + +[repository]: https://github.com/alexbelgium/hassio-addons diff --git a/netbird/build.json b/netbird/build.json new file mode 100644 index 000000000..b9f7a012e --- /dev/null +++ b/netbird/build.json @@ -0,0 +1,6 @@ +{ + "build_from": { + "aarch64": "ghcr.io/hassio-addons/base:17.2.0", + "amd64": "ghcr.io/hassio-addons/base:17.2.0" + } +} diff --git a/netbird/config.json b/netbird/config.json new file mode 100644 index 000000000..1c66cb499 --- /dev/null +++ b/netbird/config.json @@ -0,0 +1,90 @@ +{ + "name": "NetBird Server", + "version": "0.1.0", + "slug": "netbird", + "description": "Secure, WireGuard-based overlay network server (NetBird management + signal + optional dashboard).", + "url": "https://github.com/alexbelgium/hassio-addons", + "arch": [ + "aarch64", + "amd64" + ], + "startup": "services", + "boot": "auto", + "init": false, + "hassio_api": true, + "host_network": false, + "map": [ + "share:rw", + "ssl:ro" + ], + "ports": { + "33073/tcp": 33073, + "10000/tcp": 10000, + "33080/tcp": 33080 + }, + "ports_description": { + "33073/tcp": "NetBird management API", + "10000/tcp": "NetBird signal", + "33080/tcp": "NetBird dashboard (optional)" + }, + "options": { + "data_path": "/data/netbird", + "domain": "netbird.local", + "log_level": "info", + "management_port": 33073, + "signal_port": 10000, + "dashboard_port": 33080, + "enable_dashboard": false, + "management_dns_domain": "netbird.local", + "single_account_domain": "", + "disable_anonymous_metrics": false, + "disable_default_policy": false, + "auth_issuer": "https://issuer.example.com/", + "auth_audience": "netbird", + "auth_jwt_certs": "https://issuer.example.com/jwks.json", + "auth_user_id_claim": "sub", + "auth_oidc_configuration_endpoint": "https://issuer.example.com/.well-known/openid-configuration", + "auth_client_id": "", + "auth_client_secret": "", + "auth_supported_scopes": "openid profile email", + "ssl_cert": "", + "ssl_key": "", + "env_vars": [] + }, + "schema": { + "data_path": "str", + "domain": "str", + "log_level": "list(debug|info|warn|error)", + "management_port": "port", + "signal_port": "port", + "dashboard_port": "port", + "enable_dashboard": "bool", + "management_dns_domain": "str", + "single_account_domain": "str?", + "disable_anonymous_metrics": "bool", + "disable_default_policy": "bool", + "auth_issuer": "str", + "auth_audience": "str", + "auth_jwt_certs": "str", + "auth_user_id_claim": "str", + "auth_oidc_configuration_endpoint": "str", + "auth_client_id": "str?", + "auth_client_secret": "str?", + "auth_supported_scopes": "str", + "ssl_cert": "str?", + "ssl_key": "str?", + "env_vars": [ + { + "name": "match(^[A-Za-z_][A-Za-z0-9_]*$)", + "value": "str?" + } + ] + }, + "_comments": { + "data_path": "Persistent data directory inside the add-on container (mapped to /data by Home Assistant).", + "domain": "Public hostname used for NetBird URLs (change to your FQDN).", + "auth_*": "OIDC settings used by the management server and dashboard.", + "ssl_cert": "Optional TLS certificate (e.g. /ssl/fullchain.pem).", + "ssl_key": "Optional TLS key (e.g. /ssl/privkey.pem)." + } +} diff --git a/netbird/rootfs/etc/cont-init.d/00-netbird-config.sh b/netbird/rootfs/etc/cont-init.d/00-netbird-config.sh new file mode 100644 index 000000000..0928b017c --- /dev/null +++ b/netbird/rootfs/etc/cont-init.d/00-netbird-config.sh @@ -0,0 +1,101 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +set -e + +bashio::log.info "Configuring NetBird add-on" + +DATA_PATH=$(bashio::config 'data_path') +DOMAIN=$(bashio::config 'domain') +LOG_LEVEL=$(bashio::config 'log_level') +MANAGEMENT_PORT=$(bashio::config 'management_port') +SIGNAL_PORT=$(bashio::config 'signal_port') +DASHBOARD_PORT=$(bashio::config 'dashboard_port') +MANAGEMENT_DNS_DOMAIN=$(bashio::config 'management_dns_domain') +SINGLE_ACCOUNT_DOMAIN=$(bashio::config 'single_account_domain') +AUTH_ISSUER=$(bashio::config 'auth_issuer') +AUTH_AUDIENCE=$(bashio::config 'auth_audience') +AUTH_JWT_CERTS=$(bashio::config 'auth_jwt_certs') +AUTH_USER_ID_CLAIM=$(bashio::config 'auth_user_id_claim') +AUTH_OIDC_CONFIGURATION_ENDPOINT=$(bashio::config 'auth_oidc_configuration_endpoint') +AUTH_CLIENT_ID=$(bashio::config 'auth_client_id') +AUTH_CLIENT_SECRET=$(bashio::config 'auth_client_secret') +AUTH_SUPPORTED_SCOPES=$(bashio::config 'auth_supported_scopes') +SSL_CERT=$(bashio::config 'ssl_cert') +SSL_KEY=$(bashio::config 'ssl_key') + +mkdir -p "${DATA_PATH}" +mkdir -p /run/nginx + +export NETBIRD_DOMAIN="${DOMAIN}" +export NETBIRD_LOG_LEVEL="${LOG_LEVEL}" +export NETBIRD_MGMT_API_PORT="${MANAGEMENT_PORT}" +export NETBIRD_SIGNAL_PORT="${SIGNAL_PORT}" +export NETBIRD_DASHBOARD_PORT="${DASHBOARD_PORT}" +export NETBIRD_SIGNAL_PROTOCOL="http" +export NETBIRD_DATA_DIR="${DATA_PATH}" +export NETBIRD_STORE_CONFIG_ENGINE="sqlite" +export NETBIRD_MGMT_DISABLE_DEFAULT_POLICY=$(bashio::config.true 'disable_default_policy' && echo true || echo false) + +if [[ -n "${SSL_CERT}" && -n "${SSL_KEY}" ]]; then + export NETBIRD_MGMT_API_CERT_FILE="${SSL_CERT}" + export NETBIRD_MGMT_API_CERT_KEY_FILE="${SSL_KEY}" +else + export NETBIRD_MGMT_API_CERT_FILE="" + export NETBIRD_MGMT_API_CERT_KEY_FILE="" +fi + +export NETBIRD_AUTH_AUTHORITY="${AUTH_ISSUER}" +export NETBIRD_AUTH_AUDIENCE="${AUTH_AUDIENCE}" +export NETBIRD_AUTH_JWT_CERTS="${AUTH_JWT_CERTS}" +export NETBIRD_AUTH_USER_ID_CLAIM="${AUTH_USER_ID_CLAIM}" +export NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="${AUTH_OIDC_CONFIGURATION_ENDPOINT}" + +export NETBIRD_MGMT_API_ENDPOINT="https://${DOMAIN}:${MANAGEMENT_PORT}" +export NETBIRD_MGMT_GRPC_API_ENDPOINT="https://${DOMAIN}:${MANAGEMENT_PORT}" +export AUTH_AUTHORITY="${AUTH_ISSUER}" +export AUTH_AUDIENCE="${AUTH_AUDIENCE}" +export AUTH_CLIENT_ID="${AUTH_CLIENT_ID}" +export AUTH_CLIENT_SECRET="${AUTH_CLIENT_SECRET}" +export AUTH_SUPPORTED_SCOPES="${AUTH_SUPPORTED_SCOPES}" +export AUTH_REDIRECT_URI="https://${DOMAIN}:${DASHBOARD_PORT}/" +export AUTH_SILENT_REDIRECT_URI="https://${DOMAIN}:${DASHBOARD_PORT}/silent" + +CONFIG_FILE="${DATA_PATH}/management.json" +if [[ ! -f "${CONFIG_FILE}" ]]; then + bashio::log.warning "Generating a starter management.json in ${CONFIG_FILE}. Update OIDC settings before use." + + if [[ -z "${NETBIRD_DATASTORE_ENC_KEY}" ]]; then + NETBIRD_DATASTORE_ENC_KEY=$(head -c 32 /dev/urandom | base64) + fi + export NETBIRD_DATASTORE_ENC_KEY + + envsubst '\$NETBIRD_SIGNAL_PROTOCOL \$NETBIRD_DOMAIN \$NETBIRD_SIGNAL_PORT \$NETBIRD_MGMT_DISABLE_DEFAULT_POLICY \$NETBIRD_DATA_DIR \$NETBIRD_DATASTORE_ENC_KEY \$NETBIRD_STORE_CONFIG_ENGINE \$NETBIRD_MGMT_API_PORT \$NETBIRD_AUTH_AUTHORITY \$NETBIRD_AUTH_AUDIENCE \$NETBIRD_AUTH_JWT_CERTS \$NETBIRD_AUTH_USER_ID_CLAIM \$NETBIRD_MGMT_API_CERT_FILE \$NETBIRD_MGMT_API_CERT_KEY_FILE \$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT' \ + < /usr/share/netbird/management.json.tmpl > "${CONFIG_FILE}" +fi + +####################################### +# Apply extra environment variables # +####################################### + +if jq -e '.env_vars? | length > 0' /data/options.json >/dev/null; then + bashio::log.info "Applying env_vars" + while IFS=$'\t' read -r ENV_NAME ENV_VALUE; do + if [[ -z "${ENV_NAME}" || "${ENV_NAME}" == "null" ]]; then + continue + fi + + if [[ "${ENV_NAME}" == *"PASS"* || "${ENV_NAME}" == *"SECRET"* ]]; then + bashio::log.blue "${ENV_NAME}=******" + else + bashio::log.blue "${ENV_NAME}=${ENV_VALUE}" + fi + + export "${ENV_NAME}=${ENV_VALUE}" + done < <(jq -r '.env_vars[] | [.name, .value] | @tsv' /data/options.json) +fi + +bashio::log.info "NetBird data dir: ${DATA_PATH}" +bashio::log.info "Management DNS domain: ${MANAGEMENT_DNS_DOMAIN}" +if [[ -n "${SINGLE_ACCOUNT_DOMAIN}" ]]; then + bashio::log.info "Single account domain: ${SINGLE_ACCOUNT_DOMAIN}" +fi diff --git a/netbird/rootfs/etc/cont-init.d/01-dashboard-config.sh b/netbird/rootfs/etc/cont-init.d/01-dashboard-config.sh new file mode 100644 index 000000000..96436e731 --- /dev/null +++ b/netbird/rootfs/etc/cont-init.d/01-dashboard-config.sh @@ -0,0 +1,15 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +set -e + +DASHBOARD_PORT=$(bashio::config 'dashboard_port') + +if bashio::config.true 'enable_dashboard'; then + if [[ -f /etc/nginx/http.d/default.conf ]]; then + sed -i "s/listen 80 default_server;/listen ${DASHBOARD_PORT} default_server;/" /etc/nginx/http.d/default.conf + sed -i "s/listen \[::\]:80 default_server;/listen [::]:${DASHBOARD_PORT} default_server;/" /etc/nginx/http.d/default.conf + elif [[ -f /etc/nginx/conf.d/default.conf ]]; then + sed -i "s/listen 80 default_server;/listen ${DASHBOARD_PORT} default_server;/" /etc/nginx/conf.d/default.conf + sed -i "s/listen \[::\]:80 default_server;/listen [::]:${DASHBOARD_PORT} default_server;/" /etc/nginx/conf.d/default.conf + fi +fi diff --git a/netbird/rootfs/etc/services.d/netbird/finish b/netbird/rootfs/etc/services.d/netbird/finish new file mode 100644 index 000000000..d1348b05c --- /dev/null +++ b/netbird/rootfs/etc/services.d/netbird/finish @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +set -e + +bashio::log.warning "NetBird service stopped; s6 will restart it if configured." diff --git a/netbird/rootfs/etc/services.d/netbird/run b/netbird/rootfs/etc/services.d/netbird/run new file mode 100644 index 000000000..8fc0d5d11 --- /dev/null +++ b/netbird/rootfs/etc/services.d/netbird/run @@ -0,0 +1,56 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +set -e + +DATA_PATH=$(bashio::config 'data_path') +LOG_LEVEL=$(bashio::config 'log_level') +MANAGEMENT_PORT=$(bashio::config 'management_port') +SIGNAL_PORT=$(bashio::config 'signal_port') +DASHBOARD_PORT=$(bashio::config 'dashboard_port') +MANAGEMENT_DNS_DOMAIN=$(bashio::config 'management_dns_domain') +SINGLE_ACCOUNT_DOMAIN=$(bashio::config 'single_account_domain') + +CONFIG_FILE="${DATA_PATH}/management.json" + +if [[ ! -f "${CONFIG_FILE}" ]]; then + bashio::log.error "management.json not found at ${CONFIG_FILE}." + exit 1 +fi + +MGMT_ARGS=(management --config "${CONFIG_FILE}" --log-file console --log-level "${LOG_LEVEL}" --port "${MANAGEMENT_PORT}") + +if bashio::config.true 'disable_anonymous_metrics'; then + MGMT_ARGS+=("--disable-anonymous-metrics=true") +fi + +if [[ -n "${SINGLE_ACCOUNT_DOMAIN}" ]]; then + MGMT_ARGS+=("--single-account-mode-domain=${SINGLE_ACCOUNT_DOMAIN}") +fi + +if [[ -n "${MANAGEMENT_DNS_DOMAIN}" ]]; then + MGMT_ARGS+=("--dns-domain=${MANAGEMENT_DNS_DOMAIN}") +fi + +SIGNAL_ARGS=(run --log-file console --port "${SIGNAL_PORT}") + +if [[ -n "${NETBIRD_MGMT_API_CERT_FILE}" && -n "${NETBIRD_MGMT_API_CERT_KEY_FILE}" ]]; then + SIGNAL_ARGS+=("--cert-file" "${NETBIRD_MGMT_API_CERT_FILE}" "--cert-key" "${NETBIRD_MGMT_API_CERT_KEY_FILE}") +fi + +bashio::log.info "Starting NetBird management" +/usr/local/bin/netbird-mgmt "${MGMT_ARGS[@]}" & +MGMT_PID=$! + +bashio::log.info "Starting NetBird signal" +/usr/local/bin/netbird-signal "${SIGNAL_ARGS[@]}" & +SIGNAL_PID=$! + +if bashio::config.true 'enable_dashboard'; then + bashio::log.info "Preparing NetBird dashboard on port ${DASHBOARD_PORT}" + /usr/local/init_react_envs.sh + bashio::log.info "Starting NetBird dashboard (nginx)" + nginx -g "daemon off;" & + DASHBOARD_PID=$! +fi + +wait -n "${MGMT_PID}" "${SIGNAL_PID}" ${DASHBOARD_PID:+"${DASHBOARD_PID}"} diff --git a/netbird/rootfs/usr/share/netbird/management.json.tmpl b/netbird/rootfs/usr/share/netbird/management.json.tmpl new file mode 100644 index 000000000..c1f030e36 --- /dev/null +++ b/netbird/rootfs/usr/share/netbird/management.json.tmpl @@ -0,0 +1,31 @@ +{ + "Signal": { + "Proto": "${NETBIRD_SIGNAL_PROTOCOL}", + "URI": "${NETBIRD_DOMAIN}:${NETBIRD_SIGNAL_PORT}", + "Username": "", + "Password": null + }, + "ReverseProxy": { + "TrustedHTTPProxies": [], + "TrustedHTTPProxiesCount": 0, + "TrustedPeers": [ + "0.0.0.0/0" + ] + }, + "DisableDefaultPolicy": ${NETBIRD_MGMT_DISABLE_DEFAULT_POLICY}, + "Datadir": "${NETBIRD_DATA_DIR}", + "DataStoreEncryptionKey": "${NETBIRD_DATASTORE_ENC_KEY}", + "StoreConfig": { + "Engine": "${NETBIRD_STORE_CONFIG_ENGINE}" + }, + "HttpConfig": { + "Address": "0.0.0.0:${NETBIRD_MGMT_API_PORT}", + "AuthIssuer": "${NETBIRD_AUTH_AUTHORITY}", + "AuthAudience": "${NETBIRD_AUTH_AUDIENCE}", + "AuthKeysLocation": "${NETBIRD_AUTH_JWT_CERTS}", + "AuthUserIDClaim": "${NETBIRD_AUTH_USER_ID_CLAIM}", + "CertFile": "${NETBIRD_MGMT_API_CERT_FILE}", + "CertKey": "${NETBIRD_MGMT_API_CERT_KEY_FILE}", + "OIDCConfigEndpoint": "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT}" + } +}