Rename add-on back to netbird

2026-04-08 06:57:06 +02:00 · 2026-02-06 14:32:01 +01:00
parent 66073765b2
commit 1eed06feed
9 changed files with 9 additions and 9 deletions
--- a/netbird/rootfs/etc/cont-init.d/00-netbird-config.sh
+++ b/netbird/rootfs/etc/cont-init.d/00-netbird-config.sh
@@ -0,0 +1,103 @@
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+set -e
+
+bashio::log.info "Configuring NetBird add-on"
+
+DATA_PATH=$(bashio::config 'data_path')
+DOMAIN=$(bashio::config 'domain')
+LOG_LEVEL=$(bashio::config 'log_level')
+MANAGEMENT_PORT=$(bashio::config 'management_port')
+SIGNAL_PORT=$(bashio::config 'signal_port')
+DASHBOARD_PORT=$(bashio::config 'dashboard_port')
+MANAGEMENT_DNS_DOMAIN=$(bashio::config 'management_dns_domain')
+SINGLE_ACCOUNT_DOMAIN=$(bashio::config 'single_account_domain')
+AUTH_ISSUER=$(bashio::config 'auth_issuer')
+AUTH_AUDIENCE=$(bashio::config 'auth_audience')
+AUTH_JWT_CERTS=$(bashio::config 'auth_jwt_certs')
+AUTH_USER_ID_CLAIM=$(bashio::config 'auth_user_id_claim')
+AUTH_OIDC_CONFIGURATION_ENDPOINT=$(bashio::config 'auth_oidc_configuration_endpoint')
+AUTH_CLIENT_ID=$(bashio::config 'auth_client_id')
+AUTH_CLIENT_SECRET=$(bashio::config 'auth_client_secret')
+AUTH_SUPPORTED_SCOPES=$(bashio::config 'auth_supported_scopes')
+SSL_CERT=$(bashio::config 'ssl_cert')
+SSL_KEY=$(bashio::config 'ssl_key')
+
+mkdir -p "${DATA_PATH}"
+mkdir -p /run/nginx
+
+export NETBIRD_DOMAIN="${DOMAIN}"
+export NETBIRD_LOG_LEVEL="${LOG_LEVEL}"
+export NETBIRD_MGMT_API_PORT="${MANAGEMENT_PORT}"
+export NETBIRD_SIGNAL_PORT="${SIGNAL_PORT}"
+export NETBIRD_DASHBOARD_PORT="${DASHBOARD_PORT}"
+export NETBIRD_SIGNAL_PROTOCOL="http"
+export NETBIRD_DATA_DIR="${DATA_PATH}"
+export NETBIRD_STORE_CONFIG_ENGINE="sqlite"
+export NETBIRD_MGMT_DISABLE_DEFAULT_POLICY=$(bashio::config.true 'disable_default_policy' && echo true || echo false)
+
+SCHEME="http"
+if [[ -n "${SSL_CERT}" && -n "${SSL_KEY}" ]]; then
+    export NETBIRD_MGMT_API_CERT_FILE="${SSL_CERT}"
+    export NETBIRD_MGMT_API_CERT_KEY_FILE="${SSL_KEY}"
+    SCHEME="https"
+else
+    export NETBIRD_MGMT_API_CERT_FILE=""
+    export NETBIRD_MGMT_API_CERT_KEY_FILE=""
+fi
+
+export NETBIRD_AUTH_AUTHORITY="${AUTH_ISSUER}"
+export NETBIRD_AUTH_AUDIENCE="${AUTH_AUDIENCE}"
+export NETBIRD_AUTH_JWT_CERTS="${AUTH_JWT_CERTS}"
+export NETBIRD_AUTH_USER_ID_CLAIM="${AUTH_USER_ID_CLAIM}"
+export NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="${AUTH_OIDC_CONFIGURATION_ENDPOINT}"
+
+export NETBIRD_MGMT_API_ENDPOINT="${SCHEME}://${DOMAIN}:${MANAGEMENT_PORT}"
+export NETBIRD_MGMT_GRPC_API_ENDPOINT="${SCHEME}://${DOMAIN}:${MANAGEMENT_PORT}"
+export AUTH_AUTHORITY="${AUTH_ISSUER}"
+export AUTH_AUDIENCE="${AUTH_AUDIENCE}"
+export AUTH_CLIENT_ID="${AUTH_CLIENT_ID}"
+export AUTH_CLIENT_SECRET="${AUTH_CLIENT_SECRET}"
+export AUTH_SUPPORTED_SCOPES="${AUTH_SUPPORTED_SCOPES}"
+export AUTH_REDIRECT_URI="https://${DOMAIN}:${DASHBOARD_PORT}/"
+export AUTH_SILENT_REDIRECT_URI="https://${DOMAIN}:${DASHBOARD_PORT}/silent"
+
+CONFIG_FILE="${DATA_PATH}/management.json"
+if [[ ! -f "${CONFIG_FILE}" ]]; then
+    bashio::log.warning "Generating a starter management.json in ${CONFIG_FILE}. Update OIDC settings before use."
+
+    if [[ -z "${NETBIRD_DATASTORE_ENC_KEY}" ]]; then
+        NETBIRD_DATASTORE_ENC_KEY=$(head -c 32 /dev/urandom | base64)
+    fi
+    export NETBIRD_DATASTORE_ENC_KEY
+
+    envsubst '\$NETBIRD_SIGNAL_PROTOCOL \$NETBIRD_DOMAIN \$NETBIRD_SIGNAL_PORT \$NETBIRD_MGMT_DISABLE_DEFAULT_POLICY \$NETBIRD_DATA_DIR \$NETBIRD_DATASTORE_ENC_KEY \$NETBIRD_STORE_CONFIG_ENGINE \$NETBIRD_MGMT_API_PORT \$NETBIRD_AUTH_AUTHORITY \$NETBIRD_AUTH_AUDIENCE \$NETBIRD_AUTH_JWT_CERTS \$NETBIRD_AUTH_USER_ID_CLAIM \$NETBIRD_MGMT_API_CERT_FILE \$NETBIRD_MGMT_API_CERT_KEY_FILE \$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT' \
+        < /usr/share/netbird/management.json.tmpl > "${CONFIG_FILE}"
+fi
+
+#######################################
+# Apply extra environment variables   #
+#######################################
+
+if jq -e '.env_vars? | length > 0' /data/options.json >/dev/null; then
+    bashio::log.info "Applying env_vars"
+    while IFS=$'\t' read -r ENV_NAME ENV_VALUE; do
+        if [[ -z "${ENV_NAME}" || "${ENV_NAME}" == "null" ]]; then
+            continue
+        fi
+
+        if [[ "${ENV_NAME}" == *"PASS"* || "${ENV_NAME}" == *"SECRET"* ]]; then
+            bashio::log.blue "${ENV_NAME}=******"
+        else
+            bashio::log.blue "${ENV_NAME}=${ENV_VALUE}"
+        fi
+
+        export "${ENV_NAME}=${ENV_VALUE}"
+    done < <(jq -r '.env_vars[] | [.name, .value] | @tsv' /data/options.json)
+fi
+
+bashio::log.info "NetBird data dir: ${DATA_PATH}"
+bashio::log.info "Management DNS domain: ${MANAGEMENT_DNS_DOMAIN}"
+if [[ -n "${SINGLE_ACCOUNT_DOMAIN}" ]]; then
+    bashio::log.info "Single account domain: ${SINGLE_ACCOUNT_DOMAIN}"
+fi
--- a/netbird/rootfs/etc/cont-init.d/01-dashboard-config.sh
+++ b/netbird/rootfs/etc/cont-init.d/01-dashboard-config.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+set -e
+
+DASHBOARD_PORT=$(bashio::config 'dashboard_port')
+
+if bashio::config.true 'enable_dashboard'; then
+    if [[ -f /etc/nginx/http.d/default.conf ]]; then
+        sed -i "s/listen 80 default_server;/listen ${DASHBOARD_PORT} default_server;/" /etc/nginx/http.d/default.conf
+        sed -i "s/listen \[::\]:80 default_server;/listen [::]:${DASHBOARD_PORT} default_server;/" /etc/nginx/http.d/default.conf
+    elif [[ -f /etc/nginx/conf.d/default.conf ]]; then
+        sed -i "s/listen 80 default_server;/listen ${DASHBOARD_PORT} default_server;/" /etc/nginx/conf.d/default.conf
+        sed -i "s/listen \[::\]:80 default_server;/listen [::]:${DASHBOARD_PORT} default_server;/" /etc/nginx/conf.d/default.conf
+    fi
+fi
--- a/netbird/rootfs/etc/services.d/netbird/finish
+++ b/netbird/rootfs/etc/services.d/netbird/finish
@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+set -e
+
+bashio::log.warning "NetBird service stopped; s6 will restart it if configured."
--- a/netbird/rootfs/etc/services.d/netbird/run
+++ b/netbird/rootfs/etc/services.d/netbird/run
@@ -0,0 +1,56 @@
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+set -e
+
+DATA_PATH=$(bashio::config 'data_path')
+LOG_LEVEL=$(bashio::config 'log_level')
+MANAGEMENT_PORT=$(bashio::config 'management_port')
+SIGNAL_PORT=$(bashio::config 'signal_port')
+DASHBOARD_PORT=$(bashio::config 'dashboard_port')
+MANAGEMENT_DNS_DOMAIN=$(bashio::config 'management_dns_domain')
+SINGLE_ACCOUNT_DOMAIN=$(bashio::config 'single_account_domain')
+
+CONFIG_FILE="${DATA_PATH}/management.json"
+
+if [[ ! -f "${CONFIG_FILE}" ]]; then
+    bashio::log.error "management.json not found at ${CONFIG_FILE}."
+    exit 1
+fi
+
+MGMT_ARGS=(management --config "${CONFIG_FILE}" --log-file console --log-level "${LOG_LEVEL}" --port "${MANAGEMENT_PORT}")
+
+if bashio::config.true 'disable_anonymous_metrics'; then
+    MGMT_ARGS+=("--disable-anonymous-metrics=true")
+fi
+
+if [[ -n "${SINGLE_ACCOUNT_DOMAIN}" ]]; then
+    MGMT_ARGS+=("--single-account-mode-domain=${SINGLE_ACCOUNT_DOMAIN}")
+fi
+
+if [[ -n "${MANAGEMENT_DNS_DOMAIN}" ]]; then
+    MGMT_ARGS+=("--dns-domain=${MANAGEMENT_DNS_DOMAIN}")
+fi
+
+SIGNAL_ARGS=(run --log-file console --port "${SIGNAL_PORT}")
+
+if [[ -n "${NETBIRD_MGMT_API_CERT_FILE}" && -n "${NETBIRD_MGMT_API_CERT_KEY_FILE}" ]]; then
+    SIGNAL_ARGS+=("--cert-file" "${NETBIRD_MGMT_API_CERT_FILE}" "--cert-key" "${NETBIRD_MGMT_API_CERT_KEY_FILE}")
+fi
+
+bashio::log.info "Starting NetBird management"
+/usr/local/bin/netbird-mgmt "${MGMT_ARGS[@]}" &
+MGMT_PID=$!
+
+bashio::log.info "Starting NetBird signal"
+/usr/local/bin/netbird-signal "${SIGNAL_ARGS[@]}" &
+SIGNAL_PID=$!
+
+if bashio::config.true 'enable_dashboard'; then
+    bashio::log.info "Preparing NetBird dashboard on port ${DASHBOARD_PORT}"
+    /usr/local/init_react_envs.sh
+    bashio::log.info "Starting NetBird dashboard (nginx)"
+    nginx -g "daemon off;" &
+    DASHBOARD_PID=$!
+fi
+
+wait -n "${MGMT_PID}" "${SIGNAL_PID}" ${DASHBOARD_PID:+"${DASHBOARD_PID}"}
--- a/netbird/rootfs/usr/share/netbird/management.json.tmpl
+++ b/netbird/rootfs/usr/share/netbird/management.json.tmpl
@@ -0,0 +1,31 @@
+{
+  "Signal": {
+    "Proto": "${NETBIRD_SIGNAL_PROTOCOL}",
+    "URI": "${NETBIRD_DOMAIN}:${NETBIRD_SIGNAL_PORT}",
+    "Username": "",
+    "Password": null
+  },
+  "ReverseProxy": {
+    "TrustedHTTPProxies": [],
+    "TrustedHTTPProxiesCount": 0,
+    "TrustedPeers": [
+      "0.0.0.0/0"
+    ]
+  },
+  "DisableDefaultPolicy": ${NETBIRD_MGMT_DISABLE_DEFAULT_POLICY},
+  "Datadir": "${NETBIRD_DATA_DIR}",
+  "DataStoreEncryptionKey": "${NETBIRD_DATASTORE_ENC_KEY}",
+  "StoreConfig": {
+    "Engine": "${NETBIRD_STORE_CONFIG_ENGINE}"
+  },
+  "HttpConfig": {
+    "Address": "0.0.0.0:${NETBIRD_MGMT_API_PORT}",
+    "AuthIssuer": "${NETBIRD_AUTH_AUTHORITY}",
+    "AuthAudience": "${NETBIRD_AUTH_AUDIENCE}",
+    "AuthKeysLocation": "${NETBIRD_AUTH_JWT_CERTS}",
+    "AuthUserIDClaim": "${NETBIRD_AUTH_USER_ID_CLAIM}",
+    "CertFile": "${NETBIRD_MGMT_API_CERT_FILE}",
+    "CertKey": "${NETBIRD_MGMT_API_CERT_KEY_FILE}",
+    "OIDCConfigEndpoint": "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT}"
+  }
+}