# NetBird Server (monolithic)

This add-on runs the NetBird self-hosted server stack in a single container (Management + Signal + Dashboard + Coturn). It does **not** use Home Assistant ingress. Access the Dashboard directly via the configured port.

NetBird relies on gRPC. If you place the Management/Signal endpoints behind a reverse proxy, it **must** support HTTP/2 + gRPC proxying. See the NetBird reverse-proxy guide for supported configurations: <https://docs.netbird.io/selfhosted/reverse-proxy>.

The NetBird self-hosted guide includes up-to-date port requirements and legacy port notes: <https://docs.netbird.io/selfhosted/selfhosted-guide>.

The Dashboard container requires the `NETBIRD_MGMT_API_ENDPOINT` environment variable (the add-on injects this automatically) as described in the NetBird dashboard README: <https://github.com/netbirdio/dashboard#readme>.

## Quick start

1. Install the add-on.
2. Start the add-on and verify all services are running in the log output.
3. Stop the add-on, edit the generated `management.json` to configure your Identity Provider (IdP).
4. Update `/config/netbird/dashboard/env` with the `NETBIRD_MGMT_API_ENDPOINT` and `AUTH_*` values for the dashboard.
5. Start the add-on again and access the dashboard at `http://<HA_HOST>:8080`.

## Configuration

This add-on starts with zero configuration options. It writes default configs into `/config/netbird` and runs on the standard NetBird ports.

### Dashboard environment overrides
Edit `/config/netbird/dashboard/env` to configure the dashboard UI:

- `NETBIRD_MGMT_API_ENDPOINT`: Public URL of the management API (for example, `https://netbird.example.com`).
- `AUTH_AUTHORITY`, `AUTH_CLIENT_ID`, `AUTH_CLIENT_SECRET`, `AUTH_AUDIENCE`, `AUTH_SUPPORTED_SCOPES`, `USE_AUTH0`: OIDC settings for the dashboard UI.

### Generated configuration
On first start, the add-on creates:
- `management.json` in `$data_dir/management/`
- `turnserver.conf` in `$data_dir/turn/`

If you need advanced settings, stop the add-on and edit these files. The add-on will keep your edits on restart.

## Ports

Default ports exposed by this add-on:

- `33073/tcp`: Management API (HTTP/gRPC)
- `10000/tcp`: Signal gRPC
- `8080/tcp`: Dashboard
- `3478/udp`: Coturn STUN/TURN

If you have legacy (< v0.29) clients, review the legacy port notes in the NetBird self-hosted guide and ensure your firewall/forwarding rules are compatible.

## Notes

- This add-on does **not** handle TLS certificates. Place it behind your existing reverse proxy if you need HTTPS.
- Coturn requires a UDP relay port range (defaults to `49152-65535`). Ensure this range is allowed in your firewall when using TURN relaying.