simplify storage inheritance

add example setup for management refactor
2026-06-01 21:49:56 +00:00 · 2024-03-14 11:42:25 +01:00 · 2024-03-13 23:07:00 +01:00
43 changed files with 1757 additions and 751 deletions
--- a/.github/workflows/mobile-build-validation.yml
+++ b/.github/workflows/mobile-build-validation.yml
@@ -11,7 +11,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  android_build:
+  andrloid_build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
@@ -41,7 +41,7 @@ jobs:
        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20230531173138-3c911d8e3eda
      - name: gomobile init
        run: gomobile init
-      - name: build android netbird lib
+      - name: build android nebtird lib
        run: PATH=$PATH:$(go env GOPATH) gomobile bind -o $GITHUB_WORKSPACE/netbird.aar -javapkg=io.netbird.gomobile -ldflags="-X golang.zx2c4.com/wireguard/ipc.socketDirectory=/data/data/io.netbird.client/cache/wireguard -X github.com/netbirdio/netbird/version.version=buildtest"  $GITHUB_WORKSPACE/client/android
        env:
          CGO_ENABLED: 0
@@ -59,7 +59,7 @@ jobs:
        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20230531173138-3c911d8e3eda
      - name: gomobile init
        run: gomobile init
-      - name: build iOS netbird lib
+      - name: build iOS nebtird lib
        run: PATH=$PATH:$(go env GOPATH) gomobile bind -target=ios -bundleid=io.netbird.framework -ldflags="-X github.com/netbirdio/netbird/version.version=buildtest" -o $GITHUB_WORKSPACE/NetBirdSDK.xcframework $GITHUB_WORKSPACE/client/ios/NetBirdSDK
        env:
          CGO_ENABLED: 0
--- a/README.md
+++ b/README.md
@@ -109,7 +109,6 @@ See a complete [architecture overview](https://docs.netbird.io/about-netbird/how
 -  [NetBird installer script](https://github.com/physk/netbird-installer)
 -  [NetBird ansible collection by Dominion Solutions](https://galaxy.ansible.com/ui/repo/published/dominion_solutions/netbird/)

-
 **Note**: The `main` branch may be in an *unstable or even broken state* during development.
 For stable versions, see [releases](https://github.com/netbirdio/netbird/releases).

@@ -124,7 +123,4 @@ We use open-source technologies like [WireGuard®](https://www.wireguard.com/),

 ### Legal
 _WireGuard_ and the _WireGuard_ logo are [registered trademarks](https://www.wireguard.com/trademark-policy/) of Jason A. Donenfeld.
- 
-dddd
- 
-ccc
+
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -61,7 +61,6 @@ var (
 	serverSSHAllowed        bool
 	interfaceName           string
 	wireguardPort           uint16
-	serviceName             string
 	autoConnectDisabled     bool
 	rootCmd                 = &cobra.Command{
 		Use:          "netbird",
@@ -101,16 +100,9 @@ func init() {
 	if runtime.GOOS == "windows" {
 		defaultDaemonAddr = "tcp://127.0.0.1:41731"
 	}
-
-	defaultServiceName := "netbird"
-	if runtime.GOOS == "windows" {
-		defaultServiceName = "Netbird"
-	}
-
 	rootCmd.PersistentFlags().StringVar(&daemonAddr, "daemon-addr", defaultDaemonAddr, "Daemon service address to serve CLI requests [unix|tcp]://[path|host:port]")
 	rootCmd.PersistentFlags().StringVarP(&managementURL, "management-url", "m", "", fmt.Sprintf("Management Service URL [http|https]://[host]:[port] (default \"%s\")", internal.DefaultManagementURL))
 	rootCmd.PersistentFlags().StringVar(&adminURL, "admin-url", "", fmt.Sprintf("Admin Panel URL [http|https]://[host]:[port] (default \"%s\")", internal.DefaultAdminURL))
-	rootCmd.PersistentFlags().StringVarP(&serviceName, "service", "s", defaultServiceName, "Netbird system service name")
 	rootCmd.PersistentFlags().StringVarP(&configPath, "config", "c", defaultConfigPath, "Netbird config file location")
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", "info", "sets Netbird log level")
 	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the log will be output to stdout")
--- a/client/cmd/service.go
+++ b/client/cmd/service.go
@@ -2,6 +2,8 @@ package cmd

 import (
 	"context"
+	"runtime"
+
 	"github.com/kardianos/service"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -22,8 +24,12 @@ func newProgram(ctx context.Context, cancel context.CancelFunc) *program {
 }

 func newSVCConfig() *service.Config {
+	name := "netbird"
+	if runtime.GOOS == "windows" {
+		name = "Netbird"
+	}
 	return &service.Config{
-		Name:        serviceName,
+		Name:        name,
 		DisplayName: "Netbird",
 		Description: "A WireGuard-based mesh network that connects your devices into a single private network.",
 		Option:      make(service.KeyValue),
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -35,7 +35,6 @@ type peerStateDetailOutput struct {
 	TransferReceived       int64            `json:"transferReceived" yaml:"transferReceived"`
 	TransferSent           int64            `json:"transferSent" yaml:"transferSent"`
 	RosenpassEnabled       bool             `json:"quantumResistance" yaml:"quantumResistance"`
-	Routes                 []string         `json:"routes" yaml:"routes"`
 }

 type peersStateOutput struct {
@@ -73,28 +72,19 @@ type iceCandidateType struct {
 	Remote string `json:"remote" yaml:"remote"`
 }

-type nsServerGroupStateOutput struct {
-	Servers []string `json:"servers" yaml:"servers"`
-	Domains []string `json:"domains" yaml:"domains"`
-	Enabled bool     `json:"enabled" yaml:"enabled"`
-	Error   string   `json:"error" yaml:"error"`
-}
-
 type statusOutputOverview struct {
-	Peers               peersStateOutput           `json:"peers" yaml:"peers"`
-	CliVersion          string                     `json:"cliVersion" yaml:"cliVersion"`
-	DaemonVersion       string                     `json:"daemonVersion" yaml:"daemonVersion"`
-	ManagementState     managementStateOutput      `json:"management" yaml:"management"`
-	SignalState         signalStateOutput          `json:"signal" yaml:"signal"`
-	Relays              relayStateOutput           `json:"relays" yaml:"relays"`
-	IP                  string                     `json:"netbirdIp" yaml:"netbirdIp"`
-	PubKey              string                     `json:"publicKey" yaml:"publicKey"`
-	KernelInterface     bool                       `json:"usesKernelInterface" yaml:"usesKernelInterface"`
-	FQDN                string                     `json:"fqdn" yaml:"fqdn"`
-	RosenpassEnabled    bool                       `json:"quantumResistance" yaml:"quantumResistance"`
-	RosenpassPermissive bool                       `json:"quantumResistancePermissive" yaml:"quantumResistancePermissive"`
-	Routes              []string                   `json:"routes" yaml:"routes"`
-	NSServerGroups      []nsServerGroupStateOutput `json:"dnsServers" yaml:"dnsServers"`
+	Peers               peersStateOutput      `json:"peers" yaml:"peers"`
+	CliVersion          string                `json:"cliVersion" yaml:"cliVersion"`
+	DaemonVersion       string                `json:"daemonVersion" yaml:"daemonVersion"`
+	ManagementState     managementStateOutput `json:"management" yaml:"management"`
+	SignalState         signalStateOutput     `json:"signal" yaml:"signal"`
+	Relays              relayStateOutput      `json:"relays" yaml:"relays"`
+	IP                  string                `json:"netbirdIp" yaml:"netbirdIp"`
+	PubKey              string                `json:"publicKey" yaml:"publicKey"`
+	KernelInterface     bool                  `json:"usesKernelInterface" yaml:"usesKernelInterface"`
+	FQDN                string                `json:"fqdn" yaml:"fqdn"`
+	RosenpassEnabled    bool                  `json:"quantumResistance" yaml:"quantumResistance"`
+	RosenpassPermissive bool                  `json:"quantumResistancePermissive" yaml:"quantumResistancePermissive"`
 }

 var (
@@ -178,7 +168,7 @@ func statusFunc(cmd *cobra.Command, args []string) error {
 	case yamlFlag:
 		statusOutputString, err = parseToYAML(outputInformationHolder)
 	default:
-		statusOutputString = parseGeneralSummary(outputInformationHolder, false, false, false)
+		statusOutputString = parseGeneralSummary(outputInformationHolder, false, false)
 	}

 	if err != nil {
@@ -278,8 +268,6 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 		FQDN:                pbFullStatus.GetLocalPeerState().GetFqdn(),
 		RosenpassEnabled:    pbFullStatus.GetLocalPeerState().GetRosenpassEnabled(),
 		RosenpassPermissive: pbFullStatus.GetLocalPeerState().GetRosenpassPermissive(),
-		Routes:              pbFullStatus.GetLocalPeerState().GetRoutes(),
-		NSServerGroups:      mapNSGroups(pbFullStatus.GetDnsServers()),
 	}

 	return overview
@@ -311,19 +299,6 @@ func mapRelays(relays []*proto.RelayState) relayStateOutput {
 	}
 }

-func mapNSGroups(servers []*proto.NSGroupState) []nsServerGroupStateOutput {
-	mappedNSGroups := make([]nsServerGroupStateOutput, 0, len(servers))
-	for _, pbNsGroupServer := range servers {
-		mappedNSGroups = append(mappedNSGroups, nsServerGroupStateOutput{
-			Servers: pbNsGroupServer.GetServers(),
-			Domains: pbNsGroupServer.GetDomains(),
-			Enabled: pbNsGroupServer.GetEnabled(),
-			Error:   pbNsGroupServer.GetError(),
-		})
-	}
-	return mappedNSGroups
-}
-
 func mapPeers(peers []*proto.PeerState) peersStateOutput {
 	var peersStateDetail []peerStateDetailOutput
 	localICE := ""
@@ -377,7 +352,6 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 			TransferReceived:       transferReceived,
 			TransferSent:           transferSent,
 			RosenpassEnabled:       pbPeerState.GetRosenpassEnabled(),
-			Routes:                 pbPeerState.GetRoutes(),
 		}

 		peersStateDetail = append(peersStateDetail, peerState)
@@ -427,7 +401,8 @@ func parseToYAML(overview statusOutputOverview) (string, error) {
 	return string(yamlBytes), nil
 }

-func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays bool, showNameServers bool) string {
+func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays bool) string {
+
 	var managementConnString string
 	if overview.ManagementState.Connected {
 		managementConnString = "Connected"
@@ -463,7 +438,7 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays
 		interfaceIP = "N/A"
 	}

-	var relaysString string
+	var relayAvailableString string
 	if showRelays {
 		for _, relay := range overview.Relays.Details {
 			available := "Available"
@@ -472,46 +447,15 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays
 				available = "Unavailable"
 				reason = fmt.Sprintf(", reason: %s", relay.Error)
 			}
-			relaysString += fmt.Sprintf("\n  [%s] is %s%s", relay.URI, available, reason)
+			relayAvailableString += fmt.Sprintf("\n  [%s] is %s%s", relay.URI, available, reason)
+
 		}
 	} else {
-		relaysString = fmt.Sprintf("%d/%d Available", overview.Relays.Available, overview.Relays.Total)
+
+		relayAvailableString = fmt.Sprintf("%d/%d Available", overview.Relays.Available, overview.Relays.Total)
 	}

-	routes := "-"
-	if len(overview.Routes) > 0 {
-		sort.Strings(overview.Routes)
-		routes = strings.Join(overview.Routes, ", ")
-	}
-
-	var dnsServersString string
-	if showNameServers {
-		for _, nsServerGroup := range overview.NSServerGroups {
-			enabled := "Available"
-			if !nsServerGroup.Enabled {
-				enabled = "Unavailable"
-			}
-			errorString := ""
-			if nsServerGroup.Error != "" {
-				errorString = fmt.Sprintf(", reason: %s", nsServerGroup.Error)
-				errorString = strings.TrimSpace(errorString)
-			}
-
-			domainsString := strings.Join(nsServerGroup.Domains, ", ")
-			if domainsString == "" {
-				domainsString = "." // Show "." for the default zone
-			}
-			dnsServersString += fmt.Sprintf(
-				"\n  [%s] for [%s] is %s%s",
-				strings.Join(nsServerGroup.Servers, ", "),
-				domainsString,
-				enabled,
-				errorString,
-			)
-		}
-	} else {
-		dnsServersString = fmt.Sprintf("%d/%d Available", countEnabled(overview.NSServerGroups), len(overview.NSServerGroups))
-	}
+	peersCountString := fmt.Sprintf("%d/%d Connected", overview.Peers.Connected, overview.Peers.Total)

 	rosenpassEnabledStatus := "false"
 	if overview.RosenpassEnabled {
@@ -521,32 +465,26 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays
 		}
 	}

-	peersCountString := fmt.Sprintf("%d/%d Connected", overview.Peers.Connected, overview.Peers.Total)
-
 	summary := fmt.Sprintf(
 		"Daemon version: %s\n"+
 			"CLI version: %s\n"+
 			"Management: %s\n"+
 			"Signal: %s\n"+
 			"Relays: %s\n"+
-			"Nameservers: %s\n"+
 			"FQDN: %s\n"+
 			"NetBird IP: %s\n"+
 			"Interface type: %s\n"+
 			"Quantum resistance: %s\n"+
-			"Routes: %s\n"+
 			"Peers count: %s\n",
 		overview.DaemonVersion,
 		version.NetbirdVersion(),
 		managementConnString,
 		signalConnString,
-		relaysString,
-		dnsServersString,
+		relayAvailableString,
 		overview.FQDN,
 		interfaceIP,
 		interfaceTypeString,
 		rosenpassEnabledStatus,
-		routes,
 		peersCountString,
 	)
 	return summary
@@ -554,7 +492,7 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays

 func parseToFullDetailSummary(overview statusOutputOverview) string {
 	parsedPeersString := parsePeers(overview.Peers, overview.RosenpassEnabled, overview.RosenpassPermissive)
-	summary := parseGeneralSummary(overview, true, true, true)
+	summary := parseGeneralSummary(overview, true, true)

 	return fmt.Sprintf(
 		"Peers detail:"+
@@ -618,12 +556,6 @@ func parsePeers(peers peersStateOutput, rosenpassEnabled, rosenpassPermissive bo
 			}
 		}

-		routes := "-"
-		if len(peerState.Routes) > 0 {
-			sort.Strings(peerState.Routes)
-			routes = strings.Join(peerState.Routes, ", ")
-		}
-
 		peerString := fmt.Sprintf(
 			"\n %s:\n"+
 				"  NetBird IP: %s\n"+
@@ -637,8 +569,7 @@ func parsePeers(peers peersStateOutput, rosenpassEnabled, rosenpassPermissive bo
 				"  Last connection update: %s\n"+
 				"  Last WireGuard handshake: %s\n"+
 				"  Transfer status (received/sent) %s/%s\n"+
-				"  Quantum resistance: %s\n"+
-				"  Routes: %s\n",
+				"  Quantum resistance: %s\n",
 			peerState.FQDN,
 			peerState.IP,
 			peerState.PubKey,
@@ -654,7 +585,6 @@ func parsePeers(peers peersStateOutput, rosenpassEnabled, rosenpassPermissive bo
 			toIEC(peerState.TransferReceived),
 			toIEC(peerState.TransferSent),
 			rosenpassEnabledStatus,
-			routes,
 		)

 		peersString += peerString
@@ -708,13 +638,3 @@ func toIEC(b int64) string {
 	return fmt.Sprintf("%.1f %ciB",
 		float64(b)/float64(div), "KMGTPE"[exp])
 }
-
-func countEnabled(dnsServers []nsServerGroupStateOutput) int {
-	count := 0
-	for _, server := range dnsServers {
-		if server.Enabled {
-			count++
-		}
-	}
-	return count
-}
--- a/client/cmd/status_test.go
+++ b/client/cmd/status_test.go
@@ -42,9 +42,6 @@ var resp = &proto.StatusResponse{
 				LastWireguardHandshake:     timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 2, 0, time.UTC)),
 				BytesRx:                    200,
 				BytesTx:                    100,
-				Routes: []string{
-					"10.1.0.0/24",
-				},
 			},
 			{
 				IP:                         "192.168.178.102",
@@ -90,31 +87,6 @@ var resp = &proto.StatusResponse{
 			PubKey:          "Some-Pub-Key",
 			KernelInterface: true,
 			Fqdn:            "some-localhost.awesome-domain.com",
-			Routes: []string{
-				"10.10.0.0/24",
-			},
-		},
-		DnsServers: []*proto.NSGroupState{
-			{
-				Servers: []string{
-					"8.8.8.8:53",
-				},
-				Domains: nil,
-				Enabled: true,
-				Error:   "",
-			},
-			{
-				Servers: []string{
-					"1.1.1.1:53",
-					"2.2.2.2:53",
-				},
-				Domains: []string{
-					"example.com",
-					"example.net",
-				},
-				Enabled: false,
-				Error:   "timeout",
-			},
 		},
 	},
 	DaemonVersion: "0.14.1",
@@ -144,9 +116,6 @@ var overview = statusOutputOverview{
 				LastWireguardHandshake: time.Date(2001, 1, 1, 1, 1, 2, 0, time.UTC),
 				TransferReceived:       200,
 				TransferSent:           100,
-				Routes: []string{
-					"10.1.0.0/24",
-				},
 			},
 			{
 				IP:               "192.168.178.102",
@@ -202,31 +171,6 @@ var overview = statusOutputOverview{
 	PubKey:          "Some-Pub-Key",
 	KernelInterface: true,
 	FQDN:            "some-localhost.awesome-domain.com",
-	NSServerGroups: []nsServerGroupStateOutput{
-		{
-			Servers: []string{
-				"8.8.8.8:53",
-			},
-			Domains: nil,
-			Enabled: true,
-			Error:   "",
-		},
-		{
-			Servers: []string{
-				"1.1.1.1:53",
-				"2.2.2.2:53",
-			},
-			Domains: []string{
-				"example.com",
-				"example.net",
-			},
-			Enabled: false,
-			Error:   "timeout",
-		},
-	},
-	Routes: []string{
-		"10.10.0.0/24",
-	},
 }

 func TestConversionFromFullStatusToOutputOverview(t *testing.T) {
@@ -288,10 +232,7 @@ func TestParsingToJSON(t *testing.T) {
                "lastWireguardHandshake": "2001-01-01T01:01:02Z",
                "transferReceived": 200,
                "transferSent": 100,
-                "quantumResistance": false,
-                "routes": [
-                  "10.1.0.0/24"
-                ]
+				"quantumResistance":false
              },
              {
                "fqdn": "peer-2.awesome-domain.com",
@@ -312,8 +253,7 @@ func TestParsingToJSON(t *testing.T) {
                "lastWireguardHandshake": "2002-02-02T02:02:03Z",
                "transferReceived": 2000,
                "transferSent": 1000,
-                "quantumResistance": false,
-                "routes": null
+				"quantumResistance":false
              }
            ]
          },
@@ -349,33 +289,8 @@ func TestParsingToJSON(t *testing.T) {
          "publicKey": "Some-Pub-Key",
          "usesKernelInterface": true,
          "fqdn": "some-localhost.awesome-domain.com",
-          "quantumResistance": false,
-          "quantumResistancePermissive": false,
-          "routes": [
-            "10.10.0.0/24"
-          ],
-          "dnsServers": [
-            {
-              "servers": [
-                "8.8.8.8:53"
-              ],
-              "domains": null,
-              "enabled": true,
-              "error": ""
-            },
-            {
-              "servers": [
-                "1.1.1.1:53",
-                "2.2.2.2:53"
-              ],
-              "domains": [
-                "example.com",
-                "example.net"
-              ],
-              "enabled": false,
-              "error": "timeout"
-            }
-          ]
+          "quantumResistance":false,
+          "quantumResistancePermissive":false
        }`
 	// @formatter:on

@@ -410,8 +325,6 @@ func TestParsingToYAML(t *testing.T) {
          transferReceived: 200
          transferSent: 100
          quantumResistance: false
-          routes:
-            - 10.1.0.0/24
        - fqdn: peer-2.awesome-domain.com
          netbirdIp: 192.168.178.102
          publicKey: Pubkey2
@@ -429,7 +342,6 @@ func TestParsingToYAML(t *testing.T) {
          transferReceived: 2000
          transferSent: 1000
          quantumResistance: false
-          routes: []
 cliVersion: development
 daemonVersion: 0.14.1
 management:
@@ -456,22 +368,6 @@ usesKernelInterface: true
 fqdn: some-localhost.awesome-domain.com
 quantumResistance: false
 quantumResistancePermissive: false
-routes:
-    - 10.10.0.0/24
-dnsServers:
-    - servers:
-        - 8.8.8.8:53
-      domains: []
-      enabled: true
-      error: ""
-    - servers:
-        - 1.1.1.1:53
-        - 2.2.2.2:53
-      domains:
-        - example.com
-        - example.net
-      enabled: false
-      error: timeout
 `

 	assert.Equal(t, expectedYAML, yaml)
@@ -495,7 +391,6 @@ func TestParsingToDetail(t *testing.T) {
  Last WireGuard handshake: 2001-01-01 01:01:02
  Transfer status (received/sent) 200 B/100 B
  Quantum resistance: false
-  Routes: 10.1.0.0/24

 peer-2.awesome-domain.com:
  NetBird IP: 192.168.178.102
@@ -510,7 +405,6 @@ func TestParsingToDetail(t *testing.T) {
  Last WireGuard handshake: 2002-02-02 02:02:03
  Transfer status (received/sent) 2.0 KiB/1000 B
  Quantum resistance: false
-  Routes: -

 Daemon version: 0.14.1
 CLI version: development
@@ -519,14 +413,10 @@ Signal: Connected to my-awesome-signal.com:443
 Relays: 
  [stun:my-awesome-stun.com:3478] is Available
  [turns:my-awesome-turn.com:443?transport=tcp] is Unavailable, reason: context: deadline exceeded
-Nameservers: 
-  [8.8.8.8:53] for [.] is Available
-  [1.1.1.1:53, 2.2.2.2:53] for [example.com, example.net] is Unavailable, reason: timeout
 FQDN: some-localhost.awesome-domain.com
 NetBird IP: 192.168.178.100/16
 Interface type: Kernel
 Quantum resistance: false
-Routes: 10.10.0.0/24
 Peers count: 2/2 Connected
 `

@@ -534,7 +424,7 @@ Peers count: 2/2 Connected
 }

 func TestParsingToShortVersion(t *testing.T) {
-	shortVersion := parseGeneralSummary(overview, false, false, false)
+	shortVersion := parseGeneralSummary(overview, false, false)

 	expectedString :=
 		`Daemon version: 0.14.1
@@ -542,12 +432,10 @@ CLI version: development
 Management: Connected
 Signal: Connected
 Relays: 1/2 Available
-Nameservers: 1/2 Available
 FQDN: some-localhost.awesome-domain.com
 NetBird IP: 192.168.178.100/16
 Interface type: Kernel
 Quantum resistance: false
-Routes: 10.10.0.0/24
 Peers count: 2/2 Connected
 `

--- a/client/internal/dns/server.go
+++ b/client/internal/dns/server.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"net/netip"
-	"strings"
 	"sync"

 	"github.com/miekg/dns"
@@ -12,7 +11,6 @@ import (
 	log "github.com/sirupsen/logrus"

 	"github.com/netbirdio/netbird/client/internal/listener"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	nbdns "github.com/netbirdio/netbird/dns"
 )

@@ -61,8 +59,6 @@ type DefaultServer struct {
 	// make sense on mobile only
 	searchDomainNotifier *notifier
 	iosDnsManager        IosDnsManager
-
-	statusRecorder *peer.Status
 }

 type handlerWithStop interface {
@@ -77,12 +73,7 @@ type muxUpdate struct {
 }

 // NewDefaultServer returns a new dns server
-func NewDefaultServer(
-	ctx context.Context,
-	wgInterface WGIface,
-	customAddress string,
-	statusRecorder *peer.Status,
-) (*DefaultServer, error) {
+func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string) (*DefaultServer, error) {
 	var addrPort *netip.AddrPort
 	if customAddress != "" {
 		parsedAddrPort, err := netip.ParseAddrPort(customAddress)
@@ -99,20 +90,13 @@ func NewDefaultServer(
 		dnsService = newServiceViaListener(wgInterface, addrPort)
 	}

-	return newDefaultServer(ctx, wgInterface, dnsService, statusRecorder), nil
+	return newDefaultServer(ctx, wgInterface, dnsService), nil
 }

 // NewDefaultServerPermanentUpstream returns a new dns server. It optimized for mobile systems
-func NewDefaultServerPermanentUpstream(
-	ctx context.Context,
-	wgInterface WGIface,
-	hostsDnsList []string,
-	config nbdns.Config,
-	listener listener.NetworkChangeListener,
-	statusRecorder *peer.Status,
-) *DefaultServer {
+func NewDefaultServerPermanentUpstream(ctx context.Context, wgInterface WGIface, hostsDnsList []string, config nbdns.Config, listener listener.NetworkChangeListener) *DefaultServer {
 	log.Debugf("host dns address list is: %v", hostsDnsList)
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface), statusRecorder)
+	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface))
 	ds.permanent = true
 	ds.hostsDnsList = hostsDnsList
 	ds.addHostRootZone()
@@ -124,18 +108,13 @@ func NewDefaultServerPermanentUpstream(
 }

 // NewDefaultServerIos returns a new dns server. It optimized for ios
-func NewDefaultServerIos(
-	ctx context.Context,
-	wgInterface WGIface,
-	iosDnsManager IosDnsManager,
-	statusRecorder *peer.Status,
-) *DefaultServer {
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface), statusRecorder)
+func NewDefaultServerIos(ctx context.Context, wgInterface WGIface, iosDnsManager IosDnsManager) *DefaultServer {
+	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface))
 	ds.iosDnsManager = iosDnsManager
 	return ds
 }

-func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service, statusRecorder *peer.Status) *DefaultServer {
+func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service) *DefaultServer {
 	ctx, stop := context.WithCancel(ctx)
 	defaultServer := &DefaultServer{
 		ctx:       ctx,
@@ -145,8 +124,7 @@ func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService servi
 		localResolver: &localResolver{
 			registeredMap: make(registrationMap),
 		},
-		wgInterface:    wgInterface,
-		statusRecorder: statusRecorder,
+		wgInterface: wgInterface,
 	}

 	return defaultServer
@@ -321,8 +299,6 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 		s.searchDomainNotifier.onNewSearchDomains(s.SearchDomains())
 	}

-	s.updateNSGroupStates(update.NameServerGroups)
-
 	return nil
 }

@@ -362,13 +338,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			continue
 		}

-		handler, err := newUpstreamResolver(
-			s.ctx,
-			s.wgInterface.Name(),
-			s.wgInterface.Address().IP,
-			s.wgInterface.Address().Network,
-			s.statusRecorder,
-		)
+		handler, err := newUpstreamResolver(s.ctx, s.wgInterface.Name(), s.wgInterface.Address().IP, s.wgInterface.Address().Network)
 		if err != nil {
 			return nil, fmt.Errorf("unable to create a new upstream resolver, error: %v", err)
 		}
@@ -490,14 +460,14 @@ func getNSHostPort(ns nbdns.NameServer) string {
 func (s *DefaultServer) upstreamCallbacks(
 	nsGroup *nbdns.NameServerGroup,
 	handler dns.Handler,
-) (deactivate func(error), reactivate func()) {
+) (deactivate func(), reactivate func()) {
 	var removeIndex map[string]int
-	deactivate = func(err error) {
+	deactivate = func() {
 		s.mux.Lock()
 		defer s.mux.Unlock()

 		l := log.WithField("nameservers", nsGroup.NameServers)
-		l.Info("Temporarily deactivating nameservers group due to timeout")
+		l.Info("temporary deactivate nameservers group due timeout")

 		removeIndex = make(map[string]int)
 		for _, domain := range nsGroup.Domains {
@@ -516,11 +486,8 @@ func (s *DefaultServer) upstreamCallbacks(
 			}
 		}
 		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
-			l.Errorf("Failed to apply nameserver deactivation on the host: %v", err)
+			l.WithError(err).Error("fail to apply nameserver deactivation on the host")
 		}
-
-		s.updateNSState(nsGroup, err, false)
-
 	}
 	reactivate = func() {
 		s.mux.Lock()
@@ -543,20 +510,12 @@ func (s *DefaultServer) upstreamCallbacks(
 		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
 			l.WithError(err).Error("reactivate temporary disabled nameserver group, DNS update apply")
 		}
-
-		s.updateNSState(nsGroup, nil, true)
 	}
 	return
 }

 func (s *DefaultServer) addHostRootZone() {
-	handler, err := newUpstreamResolver(
-		s.ctx,
-		s.wgInterface.Name(),
-		s.wgInterface.Address().IP,
-		s.wgInterface.Address().Network,
-		s.statusRecorder,
-	)
+	handler, err := newUpstreamResolver(s.ctx, s.wgInterface.Name(), s.wgInterface.Address().IP, s.wgInterface.Address().Network)
 	if err != nil {
 		log.Errorf("unable to create a new upstream resolver, error: %v", err)
 		return
@@ -576,50 +535,7 @@ func (s *DefaultServer) addHostRootZone() {

 		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ipString)
 	}
-	handler.deactivate = func(error) {}
+	handler.deactivate = func() {}
 	handler.reactivate = func() {}
 	s.service.RegisterMux(nbdns.RootZone, handler)
 }
-
-func (s *DefaultServer) updateNSGroupStates(groups []*nbdns.NameServerGroup) {
-	var states []peer.NSGroupState
-
-	for _, group := range groups {
-		var servers []string
-		for _, ns := range group.NameServers {
-			servers = append(servers, fmt.Sprintf("%s:%d", ns.IP, ns.Port))
-		}
-
-		state := peer.NSGroupState{
-			ID:      generateGroupKey(group),
-			Servers: servers,
-			Domains: group.Domains,
-			// The probe will determine the state, default enabled
-			Enabled: true,
-			Error:   nil,
-		}
-		states = append(states, state)
-	}
-	s.statusRecorder.UpdateDNSStates(states)
-}
-
-func (s *DefaultServer) updateNSState(nsGroup *nbdns.NameServerGroup, err error, enabled bool) {
-	states := s.statusRecorder.GetDNSStates()
-	id := generateGroupKey(nsGroup)
-	for i, state := range states {
-		if state.ID == id {
-			states[i].Enabled = enabled
-			states[i].Error = err
-			break
-		}
-	}
-	s.statusRecorder.UpdateDNSStates(states)
-}
-
-func generateGroupKey(nsGroup *nbdns.NameServerGroup) string {
-	var servers []string
-	for _, ns := range nsGroup.NameServers {
-		servers = append(servers, fmt.Sprintf("%s:%d", ns.IP, ns.Port))
-	}
-	return fmt.Sprintf("%s_%s_%s", nsGroup.ID, nsGroup.Name, strings.Join(servers, ","))
-}
--- a/client/internal/dns/server_test.go
+++ b/client/internal/dns/server_test.go
@@ -15,7 +15,6 @@ import (
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"

 	"github.com/netbirdio/netbird/client/firewall/uspfilter"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/formatter"
@@ -275,7 +274,7 @@ func TestUpdateDNSServer(t *testing.T) {
 					t.Log(err)
 				}
 			}()
-			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", &peer.Status{})
+			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -376,7 +375,7 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 		return
 	}

-	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", &peer.Status{})
+	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
 	if err != nil {
 		t.Errorf("create DNS server: %v", err)
 		return
@@ -471,7 +470,7 @@ func TestDNSServerStartStop(t *testing.T) {

 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort, &peer.Status{})
+			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort)
 			if err != nil {
 				t.Fatalf("%v", err)
 			}
@@ -542,7 +541,6 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 				{false, "domain2", false},
 			},
 		},
-		statusRecorder: &peer.Status{},
 	}

 	var domainsUpdate string
@@ -565,7 +563,7 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 		},
 	}, nil)

-	deactivate(nil)
+	deactivate()
 	expected := "domain0,domain2"
 	domains := []string{}
 	for _, item := range server.currentConfig.Domains {
@@ -603,7 +601,7 @@ func TestDNSPermanent_updateHostDNS_emptyUpstream(t *testing.T) {

 	var dnsList []string
 	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList, dnsConfig, nil, &peer.Status{})
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList, dnsConfig, nil)
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -627,7 +625,7 @@ func TestDNSPermanent_updateUpstream(t *testing.T) {
 	}
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil, &peer.Status{})
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -719,7 +717,7 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 	}
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil, &peer.Status{})
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
--- a/client/internal/dns/upstream.go
+++ b/client/internal/dns/upstream.go
@@ -11,11 +11,8 @@ import (
 	"time"

 	"github.com/cenkalti/backoff/v4"
-	"github.com/hashicorp/go-multierror"
 	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
 )

 const (
@@ -48,13 +45,12 @@ type upstreamResolverBase struct {
 	reactivatePeriod time.Duration
 	upstreamTimeout  time.Duration

-	deactivate     func(error)
-	reactivate     func()
-	statusRecorder *peer.Status
+	deactivate func()
+	reactivate func()
 }

-func newUpstreamResolverBase(ctx context.Context, statusRecorder *peer.Status) *upstreamResolverBase {
-	ctx, cancel := context.WithCancel(ctx)
+func newUpstreamResolverBase(parentCTX context.Context) *upstreamResolverBase {
+	ctx, cancel := context.WithCancel(parentCTX)

 	return &upstreamResolverBase{
 		ctx:              ctx,
@@ -62,7 +58,6 @@ func newUpstreamResolverBase(ctx context.Context, statusRecorder *peer.Status) *
 		upstreamTimeout:  upstreamTimeout,
 		reactivatePeriod: reactivatePeriod,
 		failsTillDeact:   failsTillDeact,
-		statusRecorder:   statusRecorder,
 	}
 }

@@ -73,10 +68,7 @@ func (u *upstreamResolverBase) stop() {

 // ServeDNS handles a DNS request
 func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
-	var err error
-	defer func() {
-		u.checkUpstreamFails(err)
-	}()
+	defer u.checkUpstreamFails()

 	log.WithField("question", r.Question[0]).Trace("received an upstream question")

@@ -89,6 +81,7 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	for _, upstream := range u.upstreamServers {
 		var rm *dns.Msg
 		var t time.Duration
+		var err error

 		func() {
 			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
@@ -139,7 +132,7 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 // If fails count is greater that failsTillDeact, upstream resolving
 // will be disabled for reactivatePeriod, after that time period fails counter
 // will be reset and upstream will be reactivated.
-func (u *upstreamResolverBase) checkUpstreamFails(err error) {
+func (u *upstreamResolverBase) checkUpstreamFails() {
 	u.mutex.Lock()
 	defer u.mutex.Unlock()

@@ -153,7 +146,7 @@ func (u *upstreamResolverBase) checkUpstreamFails(err error) {
 	default:
 	}

-	u.disable(err)
+	u.disable()
 }

 // probeAvailability tests all upstream servers simultaneously and
@@ -172,16 +165,13 @@ func (u *upstreamResolverBase) probeAvailability() {
 	var mu sync.Mutex
 	var wg sync.WaitGroup

-	var errors *multierror.Error
 	for _, upstream := range u.upstreamServers {
 		upstream := upstream

 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			err := u.testNameserver(upstream)
-			if err != nil {
-				errors = multierror.Append(errors, err)
+			if err := u.testNameserver(upstream); err != nil {
 				log.Warnf("probing upstream nameserver %s: %s", upstream, err)
 				return
 			}
@@ -196,7 +186,7 @@ func (u *upstreamResolverBase) probeAvailability() {

 	// didn't find a working upstream server, let's disable and try later
 	if !success {
-		u.disable(errors.ErrorOrNil())
+		u.disable()
 	}
 }

@@ -255,15 +245,15 @@ func isTimeout(err error) bool {
 	return false
 }

-func (u *upstreamResolverBase) disable(err error) {
+func (u *upstreamResolverBase) disable() {
 	if u.disabled {
 		return
 	}

 	// todo test the deactivation logic, it seems to affect the client
 	if runtime.GOOS != "ios" {
-		log.Warnf("Upstream resolving is Disabled for %v", reactivatePeriod)
-		u.deactivate(err)
+		log.Warnf("upstream resolving is Disabled for %v", reactivatePeriod)
+		u.deactivate()
 		u.disabled = true
 		go u.waitUntilResponse()
 	}
--- a/client/internal/dns/upstream_ios.go
+++ b/client/internal/dns/upstream_ios.go
@@ -11,8 +11,6 @@ import (
 	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
 )

 type upstreamResolverIOS struct {
@@ -22,14 +20,8 @@ type upstreamResolverIOS struct {
 	iIndex int
 }

-func newUpstreamResolver(
-	ctx context.Context,
-	interfaceName string,
-	ip net.IP,
-	net *net.IPNet,
-	statusRecorder *peer.Status,
-) (*upstreamResolverIOS, error) {
-	upstreamResolverBase := newUpstreamResolverBase(ctx, statusRecorder)
+func newUpstreamResolver(parentCTX context.Context, interfaceName string, ip net.IP, net *net.IPNet) (*upstreamResolverIOS, error) {
+	upstreamResolverBase := newUpstreamResolverBase(parentCTX)

 	index, err := getInterfaceIndex(interfaceName)
 	if err != nil {
--- a/client/internal/dns/upstream_nonios.go
+++ b/client/internal/dns/upstream_nonios.go
@@ -8,22 +8,14 @@ import (
 	"time"

 	"github.com/miekg/dns"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
 )

 type upstreamResolverNonIOS struct {
 	*upstreamResolverBase
 }

-func newUpstreamResolver(
-	ctx context.Context,
-	_ string,
-	_ net.IP,
-	_ *net.IPNet,
-	statusRecorder *peer.Status,
-) (*upstreamResolverNonIOS, error) {
-	upstreamResolverBase := newUpstreamResolverBase(ctx, statusRecorder)
+func newUpstreamResolver(parentCTX context.Context, interfaceName string, ip net.IP, net *net.IPNet) (*upstreamResolverNonIOS, error) {
+	upstreamResolverBase := newUpstreamResolverBase(parentCTX)
 	nonIOS := &upstreamResolverNonIOS{
 		upstreamResolverBase: upstreamResolverBase,
 	}
--- a/client/internal/dns/upstream_test.go
+++ b/client/internal/dns/upstream_test.go
@@ -58,7 +58,7 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
 			ctx, cancel := context.WithCancel(context.TODO())
-			resolver, _ := newUpstreamResolver(ctx, "", net.IP{}, &net.IPNet{}, nil)
+			resolver, _ := newUpstreamResolver(ctx, "", net.IP{}, &net.IPNet{})
 			resolver.upstreamServers = testCase.InputServers
 			resolver.upstreamTimeout = testCase.timeout
 			if testCase.cancelCTX {
@@ -131,7 +131,7 @@ func TestUpstreamResolver_DeactivationReactivation(t *testing.T) {
 	}

 	failed := false
-	resolver.deactivate = func(error) {
+	resolver.deactivate = func() {
 		failed = true
 	}

--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -1188,21 +1188,14 @@ func (e *Engine) newDnsServer() ([]*route.Route, dns.Server, error) {
 		if err != nil {
 			return nil, nil, err
 		}
-		dnsServer := dns.NewDefaultServerPermanentUpstream(
-			e.ctx,
-			e.wgInterface,
-			e.mobileDep.HostDNSAddresses,
-			*dnsConfig,
-			e.mobileDep.NetworkChangeListener,
-			e.statusRecorder,
-		)
+		dnsServer := dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
 		go e.mobileDep.DnsReadyListener.OnReady()
 		return routes, dnsServer, nil
 	case "ios":
-		dnsServer := dns.NewDefaultServerIos(e.ctx, e.wgInterface, e.mobileDep.DnsManager, e.statusRecorder)
+		dnsServer := dns.NewDefaultServerIos(e.ctx, e.wgInterface, e.mobileDep.DnsManager)
 		return nil, dnsServer, nil
 	default:
-		dnsServer, err := dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress, e.statusRecorder)
+		dnsServer, err := dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
 		if err != nil {
 			return nil, nil, err
 		}
--- a/client/internal/peer/status.go
+++ b/client/internal/peer/status.go
@@ -29,7 +29,6 @@ type State struct {
 	BytesTx                    int64
 	BytesRx                    int64
 	RosenpassEnabled           bool
-	Routes                     map[string]struct{}
 }

 // LocalPeerState contains the latest state of the local peer
@@ -38,7 +37,6 @@ type LocalPeerState struct {
 	PubKey          string
 	KernelInterface bool
 	FQDN            string
-	Routes          map[string]struct{}
 }

 // SignalState contains the latest state of a signal connection
@@ -61,16 +59,6 @@ type RosenpassState struct {
 	Permissive bool
 }

-// NSGroupState represents the status of a DNS server group, including associated domains,
-// whether it's enabled, and the last error message encountered during probing.
-type NSGroupState struct {
-	ID      string
-	Servers []string
-	Domains []string
-	Enabled bool
-	Error   error
-}
-
 // FullStatus contains the full state held by the Status instance
 type FullStatus struct {
 	Peers           []State
@@ -79,7 +67,6 @@ type FullStatus struct {
 	LocalPeerState  LocalPeerState
 	RosenpassState  RosenpassState
 	Relays          []relay.ProbeResult
-	NSGroupStates   []NSGroupState
 }

 // Status holds a state of peers, signal, management connections and relays
@@ -99,7 +86,6 @@ type Status struct {
 	notifier            *notifier
 	rosenpassEnabled    bool
 	rosenpassPermissive bool
-	nsGroupStates       []NSGroupState

 	// To reduce the number of notification invocation this bool will be true when need to call the notification
 	// Some Peer actions mostly used by in a batch when the network map has been synchronized. In these type of events
@@ -188,10 +174,6 @@ func (d *Status) UpdatePeerState(receivedState State) error {
 		peerState.IP = receivedState.IP
 	}

-	if receivedState.Routes != nil {
-		peerState.Routes = receivedState.Routes
-	}
-
 	skipNotification := shouldSkipNotify(receivedState, peerState)

 	if receivedState.ConnStatus != peerState.ConnStatus {
@@ -296,13 +278,6 @@ func (d *Status) GetPeerStateChangeNotifier(peer string) <-chan struct{} {
 	return ch
 }

-// GetLocalPeerState returns the local peer state
-func (d *Status) GetLocalPeerState() LocalPeerState {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	return d.localPeer
-}
-
 // UpdateLocalPeerState updates local peer status
 func (d *Status) UpdateLocalPeerState(localPeerState LocalPeerState) {
 	d.mux.Lock()
@@ -389,12 +364,6 @@ func (d *Status) UpdateRelayStates(relayResults []relay.ProbeResult) {
 	d.relayStates = relayResults
 }

-func (d *Status) UpdateDNSStates(dnsStates []NSGroupState) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.nsGroupStates = dnsStates
-}
-
 func (d *Status) GetRosenpassState() RosenpassState {
 	return RosenpassState{
 		d.rosenpassEnabled,
@@ -440,10 +409,6 @@ func (d *Status) GetRelayStates() []relay.ProbeResult {
 	return d.relayStates
 }

-func (d *Status) GetDNSStates() []NSGroupState {
-	return d.nsGroupStates
-}
-
 // GetFullStatus gets full status
 func (d *Status) GetFullStatus() FullStatus {
 	d.mux.Lock()
@@ -455,7 +420,6 @@ func (d *Status) GetFullStatus() FullStatus {
 		LocalPeerState:  d.localPeer,
 		Relays:          d.GetRelayStates(),
 		RosenpassState:  d.GetRosenpassState(),
-		NSGroupStates:   d.GetDNSStates(),
 	}

 	for _, status := range d.peers {
--- a/client/internal/routemanager/client.go
+++ b/client/internal/routemanager/client.go
@@ -160,12 +160,6 @@ func (c *clientNetwork) removeRouteFromWireguardPeer(peerKey string) error {
 	if err != nil {
 		return err
 	}
-
-	delete(state.Routes, c.network.String())
-	if err := c.statusRecorder.UpdatePeerState(state); err != nil {
-		log.Warnf("Failed to update peer state: %v", err)
-	}
-
 	if state.ConnStatus != peer.StatusConnected {
 		return nil
 	}
@@ -231,20 +225,6 @@ func (c *clientNetwork) recalculateRouteAndUpdatePeerAndSystem() error {
 	}

 	c.chosenRoute = c.routes[chosen]
-
-	state, err := c.statusRecorder.GetPeer(c.chosenRoute.Peer)
-	if err != nil {
-		log.Errorf("Failed to get peer state: %v", err)
-	} else {
-		if state.Routes == nil {
-			state.Routes = map[string]struct{}{}
-		}
-		state.Routes[c.network.String()] = struct{}{}
-		if err := c.statusRecorder.UpdatePeerState(state); err != nil {
-			log.Warnf("Failed to update peer state: %v", err)
-		}
-	}
-
 	err = c.wgInterface.AddAllowedIP(c.chosenRoute.Peer, c.network.String())
 	if err != nil {
 		log.Errorf("couldn't add allowed IP %s added for peer %s, err: %v",
--- a/client/internal/routemanager/manager.go
+++ b/client/internal/routemanager/manager.go
@@ -58,7 +58,7 @@ func NewManager(ctx context.Context, pubKey string, wgInterface *iface.WGIface,

 func (m *DefaultManager) EnableServerRouter(firewall firewall.Manager) error {
 	var err error
-	m.serverRouter, err = newServerRouter(m.ctx, m.wgInterface, firewall, m.statusRecorder)
+	m.serverRouter, err = newServerRouter(m.ctx, m.wgInterface, firewall)
 	if err != nil {
 		return err
 	}
--- a/client/internal/routemanager/server_android.go
+++ b/client/internal/routemanager/server_android.go
@@ -7,10 +7,9 @@ import (
 	"fmt"

 	firewall "github.com/netbirdio/netbird/client/firewall/manager"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/iface"
 )

-func newServerRouter(context.Context, *iface.WGIface, firewall.Manager, *peer.Status) (serverRouter, error) {
+func newServerRouter(context.Context, *iface.WGIface, firewall.Manager) (serverRouter, error) {
 	return nil, fmt.Errorf("server route not supported on this os")
 }
--- a/client/internal/routemanager/server_nonandroid.go
+++ b/client/internal/routemanager/server_nonandroid.go
@@ -10,27 +10,24 @@ import (
 	log "github.com/sirupsen/logrus"

 	firewall "github.com/netbirdio/netbird/client/firewall/manager"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/route"
 )

 type defaultServerRouter struct {
-	mux            sync.Mutex
-	ctx            context.Context
-	routes         map[string]*route.Route
-	firewall       firewall.Manager
-	wgInterface    *iface.WGIface
-	statusRecorder *peer.Status
+	mux         sync.Mutex
+	ctx         context.Context
+	routes      map[string]*route.Route
+	firewall    firewall.Manager
+	wgInterface *iface.WGIface
 }

-func newServerRouter(ctx context.Context, wgInterface *iface.WGIface, firewall firewall.Manager, statusRecorder *peer.Status) (serverRouter, error) {
+func newServerRouter(ctx context.Context, wgInterface *iface.WGIface, firewall firewall.Manager) (serverRouter, error) {
 	return &defaultServerRouter{
-		ctx:            ctx,
-		routes:         make(map[string]*route.Route),
-		firewall:       firewall,
-		wgInterface:    wgInterface,
-		statusRecorder: statusRecorder,
+		ctx:         ctx,
+		routes:      make(map[string]*route.Route),
+		firewall:    firewall,
+		wgInterface: wgInterface,
 	}, nil
 }

@@ -91,11 +88,6 @@ func (m *defaultServerRouter) removeFromServerNetwork(route *route.Route) error
 			return err
 		}
 		delete(m.routes, route.ID)
-
-		state := m.statusRecorder.GetLocalPeerState()
-		delete(state.Routes, route.Network.String())
-		m.statusRecorder.UpdateLocalPeerState(state)
-
 		return nil
 	}
 }
@@ -113,14 +105,6 @@ func (m *defaultServerRouter) addToServerNetwork(route *route.Route) error {
 			return err
 		}
 		m.routes[route.ID] = route
-
-		state := m.statusRecorder.GetLocalPeerState()
-		if state.Routes == nil {
-			state.Routes = map[string]struct{}{}
-		}
-		state.Routes[route.Network.String()] = struct{}{}
-		m.statusRecorder.UpdateLocalPeerState(state)
-
 		return nil
 	}
 }
@@ -133,10 +117,6 @@ func (m *defaultServerRouter) cleanUp() {
 		if err != nil {
 			log.Warnf("failed to remove clean up route: %s", r.ID)
 		}
-
-		state := m.statusRecorder.GetLocalPeerState()
-		state.Routes = nil
-		m.statusRecorder.UpdateLocalPeerState(state)
 	}
 }

--- a/client/proto/daemon.pb.go
+++ b/client/proto/daemon.pb.go
@@ -772,7 +772,6 @@ type PeerState struct {
 	BytesRx                    int64                `protobuf:"varint,13,opt,name=bytesRx,proto3" json:"bytesRx,omitempty"`
 	BytesTx                    int64                `protobuf:"varint,14,opt,name=bytesTx,proto3" json:"bytesTx,omitempty"`
 	RosenpassEnabled           bool                 `protobuf:"varint,15,opt,name=rosenpassEnabled,proto3" json:"rosenpassEnabled,omitempty"`
-	Routes                     []string             `protobuf:"bytes,16,rep,name=routes,proto3" json:"routes,omitempty"`
 }

 func (x *PeerState) Reset() {
@@ -912,26 +911,18 @@ func (x *PeerState) GetRosenpassEnabled() bool {
 	return false
 }

-func (x *PeerState) GetRoutes() []string {
-	if x != nil {
-		return x.Routes
-	}
-	return nil
-}
-
 // LocalPeerState contains the latest state of the local peer
 type LocalPeerState struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	IP                  string   `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
-	PubKey              string   `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
-	KernelInterface     bool     `protobuf:"varint,3,opt,name=kernelInterface,proto3" json:"kernelInterface,omitempty"`
-	Fqdn                string   `protobuf:"bytes,4,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
-	RosenpassEnabled    bool     `protobuf:"varint,5,opt,name=rosenpassEnabled,proto3" json:"rosenpassEnabled,omitempty"`
-	RosenpassPermissive bool     `protobuf:"varint,6,opt,name=rosenpassPermissive,proto3" json:"rosenpassPermissive,omitempty"`
-	Routes              []string `protobuf:"bytes,7,rep,name=routes,proto3" json:"routes,omitempty"`
+	IP                  string `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
+	PubKey              string `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
+	KernelInterface     bool   `protobuf:"varint,3,opt,name=kernelInterface,proto3" json:"kernelInterface,omitempty"`
+	Fqdn                string `protobuf:"bytes,4,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
+	RosenpassEnabled    bool   `protobuf:"varint,5,opt,name=rosenpassEnabled,proto3" json:"rosenpassEnabled,omitempty"`
+	RosenpassPermissive bool   `protobuf:"varint,6,opt,name=rosenpassPermissive,proto3" json:"rosenpassPermissive,omitempty"`
 }

 func (x *LocalPeerState) Reset() {
@@ -1008,13 +999,6 @@ func (x *LocalPeerState) GetRosenpassPermissive() bool {
 	return false
 }

-func (x *LocalPeerState) GetRoutes() []string {
-	if x != nil {
-		return x.Routes
-	}
-	return nil
-}
-
 // SignalState contains the latest state of a signal connection
 type SignalState struct {
 	state         protoimpl.MessageState
@@ -1207,77 +1191,6 @@ func (x *RelayState) GetError() string {
 	return ""
 }

-type NSGroupState struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Servers []string `protobuf:"bytes,1,rep,name=servers,proto3" json:"servers,omitempty"`
-	Domains []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-	Enabled bool     `protobuf:"varint,3,opt,name=enabled,proto3" json:"enabled,omitempty"`
-	Error   string   `protobuf:"bytes,4,opt,name=error,proto3" json:"error,omitempty"`
-}
-
-func (x *NSGroupState) Reset() {
-	*x = NSGroupState{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[17]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NSGroupState) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NSGroupState) ProtoMessage() {}
-
-func (x *NSGroupState) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[17]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NSGroupState.ProtoReflect.Descriptor instead.
-func (*NSGroupState) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{17}
-}
-
-func (x *NSGroupState) GetServers() []string {
-	if x != nil {
-		return x.Servers
-	}
-	return nil
-}
-
-func (x *NSGroupState) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-func (x *NSGroupState) GetEnabled() bool {
-	if x != nil {
-		return x.Enabled
-	}
-	return false
-}
-
-func (x *NSGroupState) GetError() string {
-	if x != nil {
-		return x.Error
-	}
-	return ""
-}
-
 // FullStatus contains the full state held by the Status instance
 type FullStatus struct {
 	state         protoimpl.MessageState
@@ -1289,13 +1202,12 @@ type FullStatus struct {
 	LocalPeerState  *LocalPeerState  `protobuf:"bytes,3,opt,name=localPeerState,proto3" json:"localPeerState,omitempty"`
 	Peers           []*PeerState     `protobuf:"bytes,4,rep,name=peers,proto3" json:"peers,omitempty"`
 	Relays          []*RelayState    `protobuf:"bytes,5,rep,name=relays,proto3" json:"relays,omitempty"`
-	DnsServers      []*NSGroupState  `protobuf:"bytes,6,rep,name=dns_servers,json=dnsServers,proto3" json:"dns_servers,omitempty"`
 }

 func (x *FullStatus) Reset() {
 	*x = FullStatus{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[18]
+		mi := &file_daemon_proto_msgTypes[17]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1308,7 +1220,7 @@ func (x *FullStatus) String() string {
 func (*FullStatus) ProtoMessage() {}

 func (x *FullStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[18]
+	mi := &file_daemon_proto_msgTypes[17]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1321,7 +1233,7 @@ func (x *FullStatus) ProtoReflect() protoreflect.Message {

 // Deprecated: Use FullStatus.ProtoReflect.Descriptor instead.
 func (*FullStatus) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{18}
+	return file_daemon_proto_rawDescGZIP(), []int{17}
 }

 func (x *FullStatus) GetManagementState() *ManagementState {
@@ -1359,13 +1271,6 @@ func (x *FullStatus) GetRelays() []*RelayState {
 	return nil
 }

-func (x *FullStatus) GetDnsServers() []*NSGroupState {
-	if x != nil {
-		return x.DnsServers
-	}
-	return nil
-}
-
 var File_daemon_proto protoreflect.FileDescriptor

 var file_daemon_proto_rawDesc = []byte{
@@ -1475,7 +1380,7 @@ var file_daemon_proto_rawDesc = []byte{
 	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65,
 	0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c,
 	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c,
-	0x22, 0x99, 0x05, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e,
+	0x22, 0x81, 0x05, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e,
 	0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16,
 	0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
 	0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74,
@@ -1515,23 +1420,20 @@ var file_daemon_proto_rawDesc = []byte{
 	0x07, 0x62, 0x79, 0x74, 0x65, 0x73, 0x54, 0x78, 0x12, 0x2a, 0x0a, 0x10, 0x72, 0x6f, 0x73, 0x65,
 	0x6e, 0x70, 0x61, 0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x0f, 0x20, 0x01,
 	0x28, 0x08, 0x52, 0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61, 0x73, 0x73, 0x45, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x10,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xec, 0x01, 0x0a,
-	0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
-	0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12,
-	0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65,
-	0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63,
-	0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x66, 0x71, 0x64, 0x6e, 0x12, 0x2a, 0x0a, 0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61,
-	0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x62, 0x6c, 0x65, 0x64, 0x22, 0xd4, 0x01, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65,
+	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
+	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
+	0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61,
+	0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c,
+	0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64,
+	0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x12, 0x2a, 0x0a,
 	0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61, 0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x12, 0x30, 0x0a, 0x13, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61, 0x73, 0x73, 0x50, 0x65,
-	0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13,
-	0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61, 0x73, 0x73, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73,
-	0x69, 0x76, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x07, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0x53, 0x0a, 0x0b, 0x53,
+	0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61,
+	0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x13, 0x72, 0x6f, 0x73,
+	0x65, 0x6e, 0x70, 0x61, 0x73, 0x73, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61, 0x73,
+	0x73, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x22, 0x53, 0x0a, 0x0b, 0x53,
 	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52,
 	0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09,
 	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
@@ -1547,61 +1449,50 @@ var file_daemon_proto_rawDesc = []byte{
 	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x76, 0x61,
 	0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x76,
 	0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x72, 0x0a,
-	0x0c, 0x4e, 0x53, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a,
-	0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69,
-	0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
-	0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x22, 0xd2, 0x02, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74,
-	0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74,
-	0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73,
-	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f,
-	0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
-	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61,
-	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65,
-	0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65,
-	0x65, 0x72, 0x73, 0x12, 0x2a, 0x0a, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x18, 0x05, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x65, 0x6c,
-	0x61, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x12,
-	0x35, 0x0a, 0x0b, 0x64, 0x6e, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x06,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4e, 0x53,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x64, 0x6e, 0x73, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x32, 0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69,
-	0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53,
-	0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f,
-	0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a,
-	0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x06,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12,
-	0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f,
-	0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x09,
-	0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x9b, 0x02,
+	0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f,
+	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d,
+	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f,
+	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69,
+	0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
+	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50,
+	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
+	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
+	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50,
+	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x12,
+	0x2a, 0x0a, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x52, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x32, 0xf7, 0x02, 0x0a, 0x0d,
+	0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36, 0x0a,
+	0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f,
+	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57,
+	0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74,
+	0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x04,
+	0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f,
+	0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
@@ -1616,7 +1507,7 @@ func file_daemon_proto_rawDescGZIP() []byte {
 	return file_daemon_proto_rawDescData
 }

-var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 19)
+var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
 var file_daemon_proto_goTypes = []interface{}{
 	(*LoginRequest)(nil),         // 0: daemon.LoginRequest
 	(*LoginResponse)(nil),        // 1: daemon.LoginResponse
@@ -1635,37 +1526,35 @@ var file_daemon_proto_goTypes = []interface{}{
 	(*SignalState)(nil),          // 14: daemon.SignalState
 	(*ManagementState)(nil),      // 15: daemon.ManagementState
 	(*RelayState)(nil),           // 16: daemon.RelayState
-	(*NSGroupState)(nil),         // 17: daemon.NSGroupState
-	(*FullStatus)(nil),           // 18: daemon.FullStatus
-	(*timestamp.Timestamp)(nil),  // 19: google.protobuf.Timestamp
+	(*FullStatus)(nil),           // 17: daemon.FullStatus
+	(*timestamp.Timestamp)(nil),  // 18: google.protobuf.Timestamp
 }
 var file_daemon_proto_depIdxs = []int32{
-	18, // 0: daemon.StatusResponse.fullStatus:type_name -> daemon.FullStatus
-	19, // 1: daemon.PeerState.connStatusUpdate:type_name -> google.protobuf.Timestamp
-	19, // 2: daemon.PeerState.lastWireguardHandshake:type_name -> google.protobuf.Timestamp
+	17, // 0: daemon.StatusResponse.fullStatus:type_name -> daemon.FullStatus
+	18, // 1: daemon.PeerState.connStatusUpdate:type_name -> google.protobuf.Timestamp
+	18, // 2: daemon.PeerState.lastWireguardHandshake:type_name -> google.protobuf.Timestamp
 	15, // 3: daemon.FullStatus.managementState:type_name -> daemon.ManagementState
 	14, // 4: daemon.FullStatus.signalState:type_name -> daemon.SignalState
 	13, // 5: daemon.FullStatus.localPeerState:type_name -> daemon.LocalPeerState
 	12, // 6: daemon.FullStatus.peers:type_name -> daemon.PeerState
 	16, // 7: daemon.FullStatus.relays:type_name -> daemon.RelayState
-	17, // 8: daemon.FullStatus.dns_servers:type_name -> daemon.NSGroupState
-	0,  // 9: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
-	2,  // 10: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
-	4,  // 11: daemon.DaemonService.Up:input_type -> daemon.UpRequest
-	6,  // 12: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
-	8,  // 13: daemon.DaemonService.Down:input_type -> daemon.DownRequest
-	10, // 14: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
-	1,  // 15: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
-	3,  // 16: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
-	5,  // 17: daemon.DaemonService.Up:output_type -> daemon.UpResponse
-	7,  // 18: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
-	9,  // 19: daemon.DaemonService.Down:output_type -> daemon.DownResponse
-	11, // 20: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
-	15, // [15:21] is the sub-list for method output_type
-	9,  // [9:15] is the sub-list for method input_type
-	9,  // [9:9] is the sub-list for extension type_name
-	9,  // [9:9] is the sub-list for extension extendee
-	0,  // [0:9] is the sub-list for field type_name
+	0,  // 8: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
+	2,  // 9: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
+	4,  // 10: daemon.DaemonService.Up:input_type -> daemon.UpRequest
+	6,  // 11: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
+	8,  // 12: daemon.DaemonService.Down:input_type -> daemon.DownRequest
+	10, // 13: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
+	1,  // 14: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
+	3,  // 15: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
+	5,  // 16: daemon.DaemonService.Up:output_type -> daemon.UpResponse
+	7,  // 17: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
+	9,  // 18: daemon.DaemonService.Down:output_type -> daemon.DownResponse
+	11, // 19: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
+	14, // [14:20] is the sub-list for method output_type
+	8,  // [8:14] is the sub-list for method input_type
+	8,  // [8:8] is the sub-list for extension type_name
+	8,  // [8:8] is the sub-list for extension extendee
+	0,  // [0:8] is the sub-list for field type_name
 }

 func init() { file_daemon_proto_init() }
@@ -1879,18 +1768,6 @@ func file_daemon_proto_init() {
 			}
 		}
 		file_daemon_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NSGroupState); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_daemon_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*FullStatus); i {
 			case 0:
 				return &v.state
@@ -1910,7 +1787,7 @@ func file_daemon_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_daemon_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   19,
+			NumMessages:   18,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
--- a/client/proto/daemon.proto
+++ b/client/proto/daemon.proto
@@ -141,7 +141,6 @@ message PeerState {
  int64 bytesRx = 13;
  int64 bytesTx = 14;
  bool rosenpassEnabled = 15;
-  repeated string routes = 16;
 }

 // LocalPeerState contains the latest state of the local peer
@@ -152,7 +151,6 @@ message LocalPeerState {
  string fqdn = 4;
  bool rosenpassEnabled = 5;
  bool rosenpassPermissive = 6;
-  repeated string routes = 7;
 }

 // SignalState contains the latest state of a signal connection
@@ -176,13 +174,6 @@ message RelayState {
  string error = 3;
 }

-message NSGroupState {
-  repeated string servers = 1;
-  repeated string domains = 2;
-  bool enabled = 3;
-  string error = 4;
-}
-
 // FullStatus contains the full state held by the Status instance
 message FullStatus {
  ManagementState managementState = 1;
@@ -190,5 +181,4 @@ message FullStatus {
  LocalPeerState  localPeerState = 3;
  repeated PeerState peers = 4;
  repeated RelayState relays = 5;
-  repeated NSGroupState dns_servers = 6;
 }
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -11,7 +11,6 @@ import (
 	"time"

 	"github.com/cenkalti/backoff/v4"
-	"golang.org/x/exp/maps"

 	"github.com/netbirdio/netbird/client/internal/auth"
 	"github.com/netbirdio/netbird/client/system"
@@ -671,6 +670,7 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 		SignalState:     &proto.SignalState{},
 		LocalPeerState:  &proto.LocalPeerState{},
 		Peers:           []*proto.PeerState{},
+		Relays:          []*proto.RelayState{},
 	}

 	pbFullStatus.ManagementState.URL = fullStatus.ManagementState.URL
@@ -691,7 +691,6 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 	pbFullStatus.LocalPeerState.Fqdn = fullStatus.LocalPeerState.FQDN
 	pbFullStatus.LocalPeerState.RosenpassPermissive = fullStatus.RosenpassState.Permissive
 	pbFullStatus.LocalPeerState.RosenpassEnabled = fullStatus.RosenpassState.Enabled
-	pbFullStatus.LocalPeerState.Routes = maps.Keys(fullStatus.LocalPeerState.Routes)

 	for _, peerState := range fullStatus.Peers {
 		pbPeerState := &proto.PeerState{
@@ -710,7 +709,6 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 			BytesRx:                    peerState.BytesRx,
 			BytesTx:                    peerState.BytesTx,
 			RosenpassEnabled:           peerState.RosenpassEnabled,
-			Routes:                     maps.Keys(peerState.Routes),
 		}
 		pbFullStatus.Peers = append(pbFullStatus.Peers, pbPeerState)
 	}
@@ -726,20 +724,6 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 		pbFullStatus.Relays = append(pbFullStatus.Relays, pbRelayState)
 	}

-	for _, dnsState := range fullStatus.NSGroupStates {
-		var err string
-		if dnsState.Error != nil {
-			err = dnsState.Error.Error()
-		}
-		pbDnsState := &proto.NSGroupState{
-			Servers: dnsState.Servers,
-			Domains: dnsState.Domains,
-			Enabled: dnsState.Enabled,
-			Error:   err,
-		}
-		pbFullStatus.DnsServers = append(pbFullStatus.DnsServers, pbDnsState)
-	}
-
 	return &pbFullStatus
 }

--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,6 @@ require (
 	github.com/google/gopacket v1.1.19
 	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.2-0.20240212192251-757544f21357
-	github.com/hashicorp/go-multierror v1.1.0
 	github.com/hashicorp/go-secure-stdlib/base62 v0.1.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/libp2p/go-netroute v0.2.0
@@ -124,7 +123,6 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.10.0 // indirect
 	github.com/gopacket/gopacket v1.1.1 // indirect
-	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -289,10 +289,6 @@ github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB7
 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.2-0.20240212192251-757544f21357 h1:Fkzd8ktnpOR9h47SXHe2AYPwelXLH2GjGsjlAloiWfo=
 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.2-0.20240212192251-757544f21357/go.mod h1:w9Y7gY31krpLmrVU5ZPG9H7l9fZuRu5/3R3S3FMtVQ4=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
-github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng=
 github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
 github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
--- a/management/refactor/api/grpc/grpcserver.go
+++ b/management/refactor/api/grpc/grpcserver.go
@@ -0,0 +1,641 @@
+package server
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/netip"
+	"strings"
+	"time"
+
+	pb "github.com/golang/protobuf/proto" // nolint
+	"github.com/golang/protobuf/ptypes/timestamp"
+	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/realip"
+	log "github.com/sirupsen/logrus"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"github.com/netbirdio/netbird/encryption"
+	"github.com/netbirdio/netbird/management/proto"
+	"github.com/netbirdio/netbird/management/server/jwtclaims"
+	nbpeer "github.com/netbirdio/netbird/management/server/peer"
+	internalStatus "github.com/netbirdio/netbird/management/server/status"
+	"github.com/netbirdio/netbird/management/server/telemetry"
+)
+
+// GRPCServer an instance of a Management gRPC API server
+type GRPCServer struct {
+	accountManager AccountManager
+	wgKey          wgtypes.Key
+	proto.UnimplementedManagementServiceServer
+	peersUpdateManager     *PeersUpdateManager
+	config                 *Config
+	turnCredentialsManager TURNCredentialsManager
+	jwtValidator           *jwtclaims.JWTValidator
+	jwtClaimsExtractor     *jwtclaims.ClaimsExtractor
+	appMetrics             telemetry.AppMetrics
+	ephemeralManager       *EphemeralManager
+}
+
+// NewServer creates a new Management server
+func NewServer(config *Config, accountManager AccountManager, peersUpdateManager *PeersUpdateManager, turnCredentialsManager TURNCredentialsManager, appMetrics telemetry.AppMetrics, ephemeralManager *EphemeralManager) (*GRPCServer, error) {
+	key, err := wgtypes.GeneratePrivateKey()
+	if err != nil {
+		return nil, err
+	}
+
+	var jwtValidator *jwtclaims.JWTValidator
+
+	if config.HttpConfig != nil && config.HttpConfig.AuthIssuer != "" && config.HttpConfig.AuthAudience != "" && validateURL(config.HttpConfig.AuthKeysLocation) {
+		jwtValidator, err = jwtclaims.NewJWTValidator(
+			config.HttpConfig.AuthIssuer,
+			config.GetAuthAudiences(),
+			config.HttpConfig.AuthKeysLocation,
+			config.HttpConfig.IdpSignKeyRefreshEnabled,
+		)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "unable to create new jwt middleware, err: %v", err)
+		}
+	} else {
+		log.Debug("unable to use http config to create new jwt middleware")
+	}
+
+	if appMetrics != nil {
+		// update gauge based on number of connected peers which is equal to open gRPC streams
+		err = appMetrics.GRPCMetrics().RegisterConnectedStreams(func() int64 {
+			return int64(len(peersUpdateManager.peerChannels))
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var audience, userIDClaim string
+	if config.HttpConfig != nil {
+		audience = config.HttpConfig.AuthAudience
+		userIDClaim = config.HttpConfig.AuthUserIDClaim
+	}
+	jwtClaimsExtractor := jwtclaims.NewClaimsExtractor(
+		jwtclaims.WithAudience(audience),
+		jwtclaims.WithUserIDClaim(userIDClaim),
+	)
+
+	return &GRPCServer{
+		wgKey: key,
+		// peerKey -> event channel
+		peersUpdateManager:     peersUpdateManager,
+		accountManager:         accountManager,
+		config:                 config,
+		turnCredentialsManager: turnCredentialsManager,
+		jwtValidator:           jwtValidator,
+		jwtClaimsExtractor:     jwtClaimsExtractor,
+		appMetrics:             appMetrics,
+		ephemeralManager:       ephemeralManager,
+	}, nil
+}
+
+func (s *GRPCServer) GetServerKey(ctx context.Context, req *proto.Empty) (*proto.ServerKeyResponse, error) {
+	// todo introduce something more meaningful with the key expiration/rotation
+	if s.appMetrics != nil {
+		s.appMetrics.GRPCMetrics().CountGetKeyRequest()
+	}
+	now := time.Now().Add(24 * time.Hour)
+	secs := int64(now.Second())
+	nanos := int32(now.Nanosecond())
+	expiresAt := &timestamp.Timestamp{Seconds: secs, Nanos: nanos}
+
+	return &proto.ServerKeyResponse{
+		Key:       s.wgKey.PublicKey().String(),
+		ExpiresAt: expiresAt,
+	}, nil
+}
+
+func getRealIP(ctx context.Context) net.IP {
+	if addr, ok := realip.FromContext(ctx); ok {
+		return net.IP(addr.AsSlice())
+	}
+	return nil
+}
+
+// Sync validates the existence of a connecting peer, sends an initial state (all available for the connecting peers) and
+// notifies the connected peer of any updates (e.g. new peers under the same account)
+func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementService_SyncServer) error {
+	reqStart := time.Now()
+	if s.appMetrics != nil {
+		s.appMetrics.GRPCMetrics().CountSyncRequest()
+	}
+	realIP := getRealIP(srv.Context())
+	log.Debugf("Sync request from peer [%s] [%s]", req.WgPubKey, realIP.String())
+
+	syncReq := &proto.SyncRequest{}
+	peerKey, err := s.parseRequest(req, syncReq)
+	if err != nil {
+		return err
+	}
+
+	peer, netMap, err := s.accountManager.SyncPeer(PeerSync{WireGuardPubKey: peerKey.String()})
+	if err != nil {
+		return mapError(err)
+	}
+
+	err = s.sendInitialSync(peerKey, peer, netMap, srv)
+	if err != nil {
+		log.Debugf("error while sending initial sync for %s: %v", peerKey.String(), err)
+		return err
+	}
+
+	updates := s.peersUpdateManager.CreateChannel(peer.ID)
+
+	s.ephemeralManager.OnPeerConnected(peer)
+
+	err = s.accountManager.MarkPeerConnected(peerKey.String(), true, realIP)
+	if err != nil {
+		log.Warnf("failed marking peer as connected %s %v", peerKey, err)
+	}
+
+	if s.config.TURNConfig.TimeBasedCredentials {
+		s.turnCredentialsManager.SetupRefresh(peer.ID)
+	}
+
+	if s.appMetrics != nil {
+		s.appMetrics.GRPCMetrics().CountSyncRequestDuration(time.Since(reqStart))
+	}
+
+	// keep a connection to the peer and send updates when available
+	for {
+		select {
+		// condition when there are some updates
+		case update, open := <-updates:
+
+			if s.appMetrics != nil {
+				s.appMetrics.GRPCMetrics().UpdateChannelQueueLength(len(updates) + 1)
+			}
+
+			if !open {
+				log.Debugf("updates channel for peer %s was closed", peerKey.String())
+				s.cancelPeerRoutines(peer)
+				return nil
+			}
+			log.Debugf("received an update for peer %s", peerKey.String())
+
+			encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, update.Update)
+			if err != nil {
+				s.cancelPeerRoutines(peer)
+				return status.Errorf(codes.Internal, "failed processing update message")
+			}
+
+			err = srv.SendMsg(&proto.EncryptedMessage{
+				WgPubKey: s.wgKey.PublicKey().String(),
+				Body:     encryptedResp,
+			})
+			if err != nil {
+				s.cancelPeerRoutines(peer)
+				return status.Errorf(codes.Internal, "failed sending update message")
+			}
+			log.Debugf("sent an update to peer %s", peerKey.String())
+		// condition when client <-> server connection has been terminated
+		case <-srv.Context().Done():
+			// happens when connection drops, e.g. client disconnects
+			log.Debugf("stream of peer %s has been closed", peerKey.String())
+			s.cancelPeerRoutines(peer)
+			return srv.Context().Err()
+		}
+	}
+}
+
+func (s *GRPCServer) cancelPeerRoutines(peer *nbpeer.Peer) {
+	s.peersUpdateManager.CloseChannel(peer.ID)
+	s.turnCredentialsManager.CancelRefresh(peer.ID)
+	_ = s.accountManager.MarkPeerConnected(peer.Key, false, nil)
+	s.ephemeralManager.OnPeerDisconnected(peer)
+}
+
+func (s *GRPCServer) validateToken(jwtToken string) (string, error) {
+	if s.jwtValidator == nil {
+		return "", status.Error(codes.Internal, "no jwt validator set")
+	}
+
+	token, err := s.jwtValidator.ValidateAndParse(jwtToken)
+	if err != nil {
+		return "", status.Errorf(codes.InvalidArgument, "invalid jwt token, err: %v", err)
+	}
+	claims := s.jwtClaimsExtractor.FromToken(token)
+	// we need to call this method because if user is new, we will automatically add it to existing or create a new account
+	_, _, err = s.accountManager.GetAccountFromToken(claims)
+	if err != nil {
+		return "", status.Errorf(codes.Internal, "unable to fetch account with claims, err: %v", err)
+	}
+
+	if err := s.accountManager.CheckUserAccessByJWTGroups(claims); err != nil {
+		return "", status.Errorf(codes.PermissionDenied, err.Error())
+	}
+
+	return claims.UserId, nil
+}
+
+// maps internal internalStatus.Error to gRPC status.Error
+func mapError(err error) error {
+	if e, ok := internalStatus.FromError(err); ok {
+		switch e.Type() {
+		case internalStatus.PermissionDenied:
+			return status.Errorf(codes.PermissionDenied, e.Message)
+		case internalStatus.Unauthorized:
+			return status.Errorf(codes.PermissionDenied, e.Message)
+		case internalStatus.Unauthenticated:
+			return status.Errorf(codes.PermissionDenied, e.Message)
+		case internalStatus.PreconditionFailed:
+			return status.Errorf(codes.FailedPrecondition, e.Message)
+		case internalStatus.NotFound:
+			return status.Errorf(codes.NotFound, e.Message)
+		default:
+		}
+	}
+	log.Errorf("got an unhandled error: %s", err)
+	return status.Errorf(codes.Internal, "failed handling request")
+}
+
+func extractPeerMeta(loginReq *proto.LoginRequest) nbpeer.PeerSystemMeta {
+	osVersion := loginReq.GetMeta().GetOSVersion()
+	if osVersion == "" {
+		osVersion = loginReq.GetMeta().GetCore()
+	}
+
+	networkAddresses := make([]nbpeer.NetworkAddress, 0, len(loginReq.GetMeta().GetNetworkAddresses()))
+	for _, addr := range loginReq.GetMeta().GetNetworkAddresses() {
+		netAddr, err := netip.ParsePrefix(addr.GetNetIP())
+		if err != nil {
+			log.Warnf("failed to parse netip address, %s: %v", addr.GetNetIP(), err)
+			continue
+		}
+		networkAddresses = append(networkAddresses, nbpeer.NetworkAddress{
+			NetIP: netAddr,
+			Mac:   addr.GetMac(),
+		})
+	}
+
+	return nbpeer.PeerSystemMeta{
+		Hostname:           loginReq.GetMeta().GetHostname(),
+		GoOS:               loginReq.GetMeta().GetGoOS(),
+		Kernel:             loginReq.GetMeta().GetKernel(),
+		Platform:           loginReq.GetMeta().GetPlatform(),
+		OS:                 loginReq.GetMeta().GetOS(),
+		OSVersion:          osVersion,
+		WtVersion:          loginReq.GetMeta().GetWiretrusteeVersion(),
+		UIVersion:          loginReq.GetMeta().GetUiVersion(),
+		KernelVersion:      loginReq.GetMeta().GetKernelVersion(),
+		NetworkAddresses:   networkAddresses,
+		SystemSerialNumber: loginReq.GetMeta().GetSysSerialNumber(),
+		SystemProductName:  loginReq.GetMeta().GetSysProductName(),
+		SystemManufacturer: loginReq.GetMeta().GetSysManufacturer(),
+		Environment: nbpeer.Environment{
+			Cloud:    loginReq.GetMeta().GetEnvironment().GetCloud(),
+			Platform: loginReq.GetMeta().GetEnvironment().GetPlatform(),
+		},
+	}
+}
+
+func (s *GRPCServer) parseRequest(req *proto.EncryptedMessage, parsed pb.Message) (wgtypes.Key, error) {
+	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
+	if err != nil {
+		log.Warnf("error while parsing peer's WireGuard public key %s.", req.WgPubKey)
+		return wgtypes.Key{}, status.Errorf(codes.InvalidArgument, "provided wgPubKey %s is invalid", req.WgPubKey)
+	}
+
+	err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, parsed)
+	if err != nil {
+		return wgtypes.Key{}, status.Errorf(codes.InvalidArgument, "invalid request message")
+	}
+
+	return peerKey, nil
+}
+
+// Login endpoint first checks whether peer is registered under any account
+// In case it is, the login is successful
+// In case it isn't, the endpoint checks whether setup key is provided within the request and tries to register a peer.
+// In case of the successful registration login is also successful
+func (s *GRPCServer) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error) {
+	reqStart := time.Now()
+	defer func() {
+		if s.appMetrics != nil {
+			s.appMetrics.GRPCMetrics().CountLoginRequestDuration(time.Since(reqStart))
+		}
+	}()
+	if s.appMetrics != nil {
+		s.appMetrics.GRPCMetrics().CountLoginRequest()
+	}
+	realIP := getRealIP(ctx)
+	log.Debugf("Login request from peer [%s] [%s]", req.WgPubKey, realIP.String())
+
+	loginReq := &proto.LoginRequest{}
+	peerKey, err := s.parseRequest(req, loginReq)
+	if err != nil {
+		return nil, err
+	}
+
+	if loginReq.GetMeta() == nil {
+		msg := status.Errorf(codes.FailedPrecondition,
+			"peer system meta has to be provided to log in. Peer %s, remote addr %s", peerKey.String(), realIP)
+		log.Warn(msg)
+		return nil, msg
+	}
+
+	userID := ""
+	// JWT token is not always provided, it is fine for userID to be empty cuz it might be that peer is already registered,
+	// or it uses a setup key to register.
+	if loginReq.GetJwtToken() != "" {
+		userID, err = s.validateToken(loginReq.GetJwtToken())
+		if err != nil {
+			log.Warnf("failed validating JWT token sent from peer %s", peerKey)
+			return nil, err
+		}
+	}
+	var sshKey []byte
+	if loginReq.GetPeerKeys() != nil {
+		sshKey = loginReq.GetPeerKeys().GetSshPubKey()
+	}
+
+	peer, netMap, err := s.accountManager.LoginPeer(PeerLogin{
+		WireGuardPubKey: peerKey.String(),
+		SSHKey:          string(sshKey),
+		Meta:            extractPeerMeta(loginReq),
+		UserID:          userID,
+		SetupKey:        loginReq.GetSetupKey(),
+	})
+
+	if err != nil {
+		log.Warnf("failed logging in peer %s", peerKey)
+		return nil, mapError(err)
+	}
+
+	// if the login request contains setup key then it is a registration request
+	if loginReq.GetSetupKey() != "" {
+		s.ephemeralManager.OnPeerDisconnected(peer)
+	}
+
+	// if peer has reached this point then it has logged in
+	loginResp := &proto.LoginResponse{
+		WiretrusteeConfig: toWiretrusteeConfig(s.config, nil),
+		PeerConfig:        toPeerConfig(peer, netMap.Network, s.accountManager.GetDNSDomain()),
+	}
+	encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, loginResp)
+	if err != nil {
+		log.Warnf("failed encrypting peer %s message", peer.ID)
+		return nil, status.Errorf(codes.Internal, "failed logging in peer")
+	}
+
+	return &proto.EncryptedMessage{
+		WgPubKey: s.wgKey.PublicKey().String(),
+		Body:     encryptedResp,
+	}, nil
+}
+
+func ToResponseProto(configProto Protocol) proto.HostConfig_Protocol {
+	switch configProto {
+	case UDP:
+		return proto.HostConfig_UDP
+	case DTLS:
+		return proto.HostConfig_DTLS
+	case HTTP:
+		return proto.HostConfig_HTTP
+	case HTTPS:
+		return proto.HostConfig_HTTPS
+	case TCP:
+		return proto.HostConfig_TCP
+	default:
+		panic(fmt.Errorf("unexpected config protocol type %v", configProto))
+	}
+}
+
+func toWiretrusteeConfig(config *Config, turnCredentials *TURNCredentials) *proto.WiretrusteeConfig {
+	if config == nil {
+		return nil
+	}
+	var stuns []*proto.HostConfig
+	for _, stun := range config.Stuns {
+		stuns = append(stuns, &proto.HostConfig{
+			Uri:      stun.URI,
+			Protocol: ToResponseProto(stun.Proto),
+		})
+	}
+	var turns []*proto.ProtectedHostConfig
+	for _, turn := range config.TURNConfig.Turns {
+		var username string
+		var password string
+		if turnCredentials != nil {
+			username = turnCredentials.Username
+			password = turnCredentials.Password
+		} else {
+			username = turn.Username
+			password = turn.Password
+		}
+		turns = append(turns, &proto.ProtectedHostConfig{
+			HostConfig: &proto.HostConfig{
+				Uri:      turn.URI,
+				Protocol: ToResponseProto(turn.Proto),
+			},
+			User:     username,
+			Password: password,
+		})
+	}
+
+	return &proto.WiretrusteeConfig{
+		Stuns: stuns,
+		Turns: turns,
+		Signal: &proto.HostConfig{
+			Uri:      config.Signal.URI,
+			Protocol: ToResponseProto(config.Signal.Proto),
+		},
+	}
+}
+
+func toPeerConfig(peer *nbpeer.Peer, network *Network, dnsName string) *proto.PeerConfig {
+	netmask, _ := network.Net.Mask.Size()
+	fqdn := peer.FQDN(dnsName)
+	return &proto.PeerConfig{
+		Address:   fmt.Sprintf("%s/%d", peer.IP.String(), netmask), // take it from the network
+		SshConfig: &proto.SSHConfig{SshEnabled: peer.SSHEnabled},
+		Fqdn:      fqdn,
+	}
+}
+
+func toRemotePeerConfig(peers []*nbpeer.Peer, dnsName string) []*proto.RemotePeerConfig {
+	remotePeers := []*proto.RemotePeerConfig{}
+	for _, rPeer := range peers {
+		fqdn := rPeer.FQDN(dnsName)
+		remotePeers = append(remotePeers, &proto.RemotePeerConfig{
+			WgPubKey:   rPeer.Key,
+			AllowedIps: []string{fmt.Sprintf(AllowedIPsFormat, rPeer.IP)},
+			SshConfig:  &proto.SSHConfig{SshPubKey: []byte(rPeer.SSHKey)},
+			Fqdn:       fqdn,
+		})
+	}
+	return remotePeers
+}
+
+func toSyncResponse(config *Config, peer *nbpeer.Peer, turnCredentials *TURNCredentials, networkMap *NetworkMap, dnsName string) *proto.SyncResponse {
+	wtConfig := toWiretrusteeConfig(config, turnCredentials)
+
+	pConfig := toPeerConfig(peer, networkMap.Network, dnsName)
+
+	remotePeers := toRemotePeerConfig(networkMap.Peers, dnsName)
+
+	routesUpdate := toProtocolRoutes(networkMap.Routes)
+
+	dnsUpdate := toProtocolDNSConfig(networkMap.DNSConfig)
+
+	offlinePeers := toRemotePeerConfig(networkMap.OfflinePeers, dnsName)
+
+	firewallRules := toProtocolFirewallRules(networkMap.FirewallRules)
+
+	return &proto.SyncResponse{
+		WiretrusteeConfig:  wtConfig,
+		PeerConfig:         pConfig,
+		RemotePeers:        remotePeers,
+		RemotePeersIsEmpty: len(remotePeers) == 0,
+		NetworkMap: &proto.NetworkMap{
+			Serial:               networkMap.Network.CurrentSerial(),
+			PeerConfig:           pConfig,
+			RemotePeers:          remotePeers,
+			OfflinePeers:         offlinePeers,
+			RemotePeersIsEmpty:   len(remotePeers) == 0,
+			Routes:               routesUpdate,
+			DNSConfig:            dnsUpdate,
+			FirewallRules:        firewallRules,
+			FirewallRulesIsEmpty: len(firewallRules) == 0,
+		},
+	}
+}
+
+// IsHealthy indicates whether the service is healthy
+func (s *GRPCServer) IsHealthy(ctx context.Context, req *proto.Empty) (*proto.Empty, error) {
+	return &proto.Empty{}, nil
+}
+
+// sendInitialSync sends initial proto.SyncResponse to the peer requesting synchronization
+func (s *GRPCServer) sendInitialSync(peerKey wgtypes.Key, peer *nbpeer.Peer, networkMap *NetworkMap, srv proto.ManagementService_SyncServer) error {
+	// make secret time based TURN credentials optional
+	var turnCredentials *TURNCredentials
+	if s.config.TURNConfig.TimeBasedCredentials {
+		creds := s.turnCredentialsManager.GenerateCredentials()
+		turnCredentials = &creds
+	} else {
+		turnCredentials = nil
+	}
+	plainResp := toSyncResponse(s.config, peer, turnCredentials, networkMap, s.accountManager.GetDNSDomain())
+
+	encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, plainResp)
+	if err != nil {
+		return status.Errorf(codes.Internal, "error handling request")
+	}
+
+	err = srv.Send(&proto.EncryptedMessage{
+		WgPubKey: s.wgKey.PublicKey().String(),
+		Body:     encryptedResp,
+	})
+
+	if err != nil {
+		log.Errorf("failed sending SyncResponse %v", err)
+		return status.Errorf(codes.Internal, "error handling request")
+	}
+
+	return nil
+}
+
+// GetDeviceAuthorizationFlow returns a device authorization flow information
+// This is used for initiating an Oauth 2 device authorization grant flow
+// which will be used by our clients to Login
+func (s *GRPCServer) GetDeviceAuthorizationFlow(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error) {
+	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
+	if err != nil {
+		errMSG := fmt.Sprintf("error while parsing peer's Wireguard public key %s on GetDeviceAuthorizationFlow request.", req.WgPubKey)
+		log.Warn(errMSG)
+		return nil, status.Error(codes.InvalidArgument, errMSG)
+	}
+
+	err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, &proto.DeviceAuthorizationFlowRequest{})
+	if err != nil {
+		errMSG := fmt.Sprintf("error while decrypting peer's message with Wireguard public key %s.", req.WgPubKey)
+		log.Warn(errMSG)
+		return nil, status.Error(codes.InvalidArgument, errMSG)
+	}
+
+	if s.config.DeviceAuthorizationFlow == nil || s.config.DeviceAuthorizationFlow.Provider == string(NONE) {
+		return nil, status.Error(codes.NotFound, "no device authorization flow information available")
+	}
+
+	provider, ok := proto.DeviceAuthorizationFlowProvider_value[strings.ToUpper(s.config.DeviceAuthorizationFlow.Provider)]
+	if !ok {
+		return nil, status.Errorf(codes.InvalidArgument, "no provider found in the protocol for %s", s.config.DeviceAuthorizationFlow.Provider)
+	}
+
+	flowInfoResp := &proto.DeviceAuthorizationFlow{
+		Provider: proto.DeviceAuthorizationFlowProvider(provider),
+		ProviderConfig: &proto.ProviderConfig{
+			ClientID:           s.config.DeviceAuthorizationFlow.ProviderConfig.ClientID,
+			ClientSecret:       s.config.DeviceAuthorizationFlow.ProviderConfig.ClientSecret,
+			Domain:             s.config.DeviceAuthorizationFlow.ProviderConfig.Domain,
+			Audience:           s.config.DeviceAuthorizationFlow.ProviderConfig.Audience,
+			DeviceAuthEndpoint: s.config.DeviceAuthorizationFlow.ProviderConfig.DeviceAuthEndpoint,
+			TokenEndpoint:      s.config.DeviceAuthorizationFlow.ProviderConfig.TokenEndpoint,
+			Scope:              s.config.DeviceAuthorizationFlow.ProviderConfig.Scope,
+			UseIDToken:         s.config.DeviceAuthorizationFlow.ProviderConfig.UseIDToken,
+		},
+	}
+
+	encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, flowInfoResp)
+	if err != nil {
+		return nil, status.Error(codes.Internal, "failed to encrypt no device authorization flow information")
+	}
+
+	return &proto.EncryptedMessage{
+		WgPubKey: s.wgKey.PublicKey().String(),
+		Body:     encryptedResp,
+	}, nil
+}
+
+// GetPKCEAuthorizationFlow returns a pkce authorization flow information
+// This is used for initiating an Oauth 2 pkce authorization grant flow
+// which will be used by our clients to Login
+func (s *GRPCServer) GetPKCEAuthorizationFlow(_ context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error) {
+	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
+	if err != nil {
+		errMSG := fmt.Sprintf("error while parsing peer's Wireguard public key %s on GetPKCEAuthorizationFlow request.", req.WgPubKey)
+		log.Warn(errMSG)
+		return nil, status.Error(codes.InvalidArgument, errMSG)
+	}
+
+	err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, &proto.PKCEAuthorizationFlowRequest{})
+	if err != nil {
+		errMSG := fmt.Sprintf("error while decrypting peer's message with Wireguard public key %s.", req.WgPubKey)
+		log.Warn(errMSG)
+		return nil, status.Error(codes.InvalidArgument, errMSG)
+	}
+
+	if s.config.PKCEAuthorizationFlow == nil {
+		return nil, status.Error(codes.NotFound, "no pkce authorization flow information available")
+	}
+
+	flowInfoResp := &proto.PKCEAuthorizationFlow{
+		ProviderConfig: &proto.ProviderConfig{
+			Audience:              s.config.PKCEAuthorizationFlow.ProviderConfig.Audience,
+			ClientID:              s.config.PKCEAuthorizationFlow.ProviderConfig.ClientID,
+			ClientSecret:          s.config.PKCEAuthorizationFlow.ProviderConfig.ClientSecret,
+			TokenEndpoint:         s.config.PKCEAuthorizationFlow.ProviderConfig.TokenEndpoint,
+			AuthorizationEndpoint: s.config.PKCEAuthorizationFlow.ProviderConfig.AuthorizationEndpoint,
+			Scope:                 s.config.PKCEAuthorizationFlow.ProviderConfig.Scope,
+			RedirectURLs:          s.config.PKCEAuthorizationFlow.ProviderConfig.RedirectURLs,
+			UseIDToken:            s.config.PKCEAuthorizationFlow.ProviderConfig.UseIDToken,
+		},
+	}
+
+	encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, flowInfoResp)
+	if err != nil {
+		return nil, status.Error(codes.Internal, "failed to encrypt no pkce authorization flow information")
+	}
+
+	return &proto.EncryptedMessage{
+		WgPubKey: s.wgKey.PublicKey().String(),
+		Body:     encryptedResp,
+	}, nil
+}
--- a/management/refactor/api/http/specs/api.yaml
+++ b/management/refactor/api/http/specs/api.yaml
--- a/management/refactor/mesh/controller.go
+++ b/management/refactor/mesh/controller.go
@@ -0,0 +1,157 @@
+package mesh
+
+import (
+	"github.com/netbirdio/management-integrations/integrations"
+	nbdns "github.com/netbirdio/netbird/dns"
+	"github.com/netbirdio/netbird/management/refactor/peers"
+	"github.com/netbirdio/netbird/management/refactor/policies"
+	"github.com/netbirdio/netbird/management/refactor/settings"
+	"github.com/netbirdio/netbird/management/refactor/store"
+	"github.com/netbirdio/netbird/management/refactor/users"
+	"github.com/netbirdio/netbird/management/server/activity"
+	"github.com/netbirdio/netbird/management/server/status"
+)
+
+type Controller interface {
+	LoginPeer()
+	SyncPeer()
+}
+
+type DefaultController struct {
+	store           store.Store
+	peersManager    peers.Manager
+	userManager     users.Manager
+	policiesManager policies.Manager
+	settingsManager settings.Manager
+}
+
+func NewDefaultController() *DefaultController {
+	storeStore, _ := store.NewDefaultStore(store.SqliteStoreEngine, "", nil)
+	settingsManager := settings.NewDefaultManager(storeStore)
+	peersManager := peers.NewDefaultManager(storeStore, settingsManager)
+	usersManager := users.NewDefaultManager(storeStore, peersManager)
+	policiesManager := policies.NewDefaultManager(storeStore, peersManager)
+
+	peersManager, settingsManager, usersManager, policiesManager, storeStore = integrations.InjectCloud(peersManager, policiesManager, settingsManager, usersManager, storeStore)
+
+	return &DefaultController{
+		store:           storeStore,
+		peersManager:    peersManager,
+		userManager:     usersManager,
+		policiesManager: policiesManager,
+		settingsManager: settingsManager,
+	}
+}
+
+func (c *DefaultController) LoginPeer(login peers.PeerLogin) {
+
+	peer, err := c.peersManager.GetPeerByPubKey(login.WireGuardPubKey)
+	if err != nil {
+		return nil, nil, status.Errorf(status.Unauthenticated, "peer is not registered")
+	}
+
+	if peer.AddedWithSSOLogin() {
+		user, err := c.userManager.GetUser(peer.GetUserID())
+		if err != nil {
+			return nil, nil, err
+		}
+		if user.IsBlocked() {
+			return nil, nil, status.Errorf(status.PermissionDenied, "user is blocked")
+		}
+	}
+
+	account, err := pm.accountManager.GetAccount(peer.GetAccountID())
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// this flag prevents unnecessary calls to the persistent store.
+	shouldStorePeer := false
+	updateRemotePeers := false
+	if peerLoginExpired(peer, account) {
+		err = checkAuth(login.UserID, peer)
+		if err != nil {
+			return nil, nil, err
+		}
+		// If peer was expired before and if it reached this point, it is re-authenticated.
+		// UserID is present, meaning that JWT validation passed successfully in the API layer.
+		peer.UpdateLastLogin()
+		updateRemotePeers = true
+		shouldStorePeer = true
+
+		pm.eventsManager.StoreEvent(login.UserID, peer.ID, account.Id, activity.UserLoggedInPeer, peer.EventMeta(pm.accountManager.GetDNSDomain()))
+	}
+
+	if peer.UpdateMetaIfNew(login.Meta) {
+		shouldStorePeer = true
+	}
+
+	if peer.CheckAndUpdatePeerSSHKey(login.SSHKey) {
+		shouldStorePeer = true
+	}
+
+	if shouldStorePeer {
+		err := pm.repository.updatePeer(peer)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	if updateRemotePeers {
+		am.updateAccountPeers(account)
+	}
+	return peer, account.GetPeerNetworkMap(peer.ID, pm.accountManager.GetDNSDomain()), nil
+}
+
+func (c *DefaultController) SyncPeer() {
+
+}
+
+func (c *DefaultController) GetPeerNetworkMap(peerID, dnsDomain string) *NetworkMap {
+	peer, err := c.peersManager.GetNetworkPeerByID(peerID)
+	if err != nil {
+		return &NetworkMap{
+			Network: a.Network.Copy(),
+		}
+	}
+
+	aclPeers, firewallRules := c.policiesManager.GetAccessiblePeersAndFirewallRules(peerID)
+	// exclude expired peers
+	var peersToConnect []peers.Peer
+	var expiredPeers []peers.Peer
+	accSettings, _ := c.settingsManager.GetSettings(peer.GetAccountID())
+	for _, p := range aclPeers {
+		expired, _ := p.LoginExpired(accSettings.GetPeerLoginExpiration())
+		if accSettings.GetPeerLoginExpirationEnabled() && expired {
+			expiredPeers = append(expiredPeers, p)
+			continue
+		}
+		peersToConnect = append(peersToConnect, p)
+	}
+
+	routesUpdate := a.getRoutesToSync(peerID, peersToConnect)
+
+	dnsManagementStatus := a.getPeerDNSManagementStatus(peerID)
+	dnsUpdate := nbdns.Config{
+		ServiceEnable: dnsManagementStatus,
+	}
+
+	if dnsManagementStatus {
+		var zones []nbdns.CustomZone
+		peersCustomZone := getPeersCustomZone(a, dnsDomain)
+		if peersCustomZone.Domain != "" {
+			zones = append(zones, peersCustomZone)
+		}
+		dnsUpdate.CustomZones = zones
+		dnsUpdate.NameServerGroups = getPeerNSGroups(a, peerID)
+	}
+
+	return &NetworkMap{
+		Peers:         peersToConnect,
+		Network:       a.Network.Copy(),
+		Routes:        routesUpdate,
+		DNSConfig:     dnsUpdate,
+		OfflinePeers:  expiredPeers,
+		FirewallRules: firewallRules,
+	}
+}
--- a/management/refactor/mesh/network.go
+++ b/management/refactor/mesh/network.go
@@ -0,0 +1,15 @@
+package mesh
+
+import (
+	nbdns "github.com/netbirdio/netbird/dns"
+	nbpeer "github.com/netbirdio/netbird/management/server/peer"
+)
+
+type NetworkMap struct {
+	Peers         []*nbpeer.Peer
+	Network       *Network
+	Routes        []*route.Route
+	DNSConfig     nbdns.Config
+	OfflinePeers  []*nbpeer.Peer
+	FirewallRules []*FirewallRule
+}
--- a/management/refactor/peers/manager.go
+++ b/management/refactor/peers/manager.go
@@ -0,0 +1,50 @@
+package peers
+
+import (
+	"github.com/netbirdio/netbird/management/refactor/settings"
+)
+
+type Manager interface {
+	GetPeerByPubKey(pubKey string) (Peer, error)
+	GetPeerByID(id string) (Peer, error)
+	GetNetworkPeerByID(id string) (Peer, error)
+	GetNetworkPeersInAccount(id string) ([]Peer, error)
+}
+
+type DefaultManager struct {
+	repository      Repository
+	settingsManager settings.Manager
+}
+
+func NewDefaultManager(repository Repository, settingsManager settings.Manager) *DefaultManager {
+	return &DefaultManager{
+		repository:      repository,
+		settingsManager: settingsManager,
+	}
+}
+
+func (dm *DefaultManager) GetNetworkPeerByID(id string) (Peer, error) {
+	return dm.repository.FindPeerByID(id)
+}
+
+func (dm *DefaultManager) GetNetworkPeersInAccount(id string) ([]Peer, error) {
+	defaultPeers, err := dm.repository.FindAllPeersInAccount(id)
+	if err != nil {
+		return nil, err
+	}
+
+	peers := make([]Peer, len(defaultPeers))
+	for _, dp := range defaultPeers {
+		peers = append(peers, dp)
+	}
+
+	return peers, nil
+}
+
+func (dm *DefaultManager) GetPeerByPubKey(pubKey string) (Peer, error) {
+	return dm.repository.FindPeerByPubKey(pubKey)
+}
+
+func (dm *DefaultManager) GetPeerByID(id string) (Peer, error) {
+	return dm.repository.FindPeerByID(id)
+}
--- a/management/refactor/peers/peer.go
+++ b/management/refactor/peers/peer.go
@@ -0,0 +1,244 @@
+package peers
+
+import (
+	"fmt"
+	"net"
+	"time"
+)
+
+type Peer interface {
+	GetID() string
+	SetID(string)
+	GetAccountID() string
+	SetAccountID(string)
+	GetKey() string
+	SetKey(string)
+	GetSetupKey() string
+	SetSetupKey(string)
+	GetIP() net.IP
+	SetIP(net.IP)
+	GetName() string
+	SetName(string)
+	GetDNSLabel() string
+	SetDNSLabel(string)
+	GetUserID() string
+	SetUserID(string)
+	GetSSHKey() string
+	SetSSHKey(string)
+	GetSSHEnabled() bool
+	SetSSHEnabled(bool)
+	AddedWithSSOLogin() bool
+	UpdateMetaIfNew(meta PeerSystemMeta) bool
+	MarkLoginExpired(expired bool)
+	FQDN(dnsDomain string) string
+	EventMeta(dnsDomain string) map[string]any
+	LoginExpired(expiresIn time.Duration) (bool, time.Duration)
+}
+
+// Peer represents a machine connected to the network.
+// The Peer is a WireGuard peer identified by a public key
+type DefaultPeer struct {
+	// ID is an internal ID of the peer
+	ID string `gorm:"primaryKey"`
+	// AccountID is a reference to Account that this object belongs
+	AccountID string `json:"-" gorm:"index;uniqueIndex:idx_peers_account_id_ip"`
+	// WireGuard public key
+	Key string `gorm:"index"`
+	// A setup key this peer was registered with
+	SetupKey string
+	// IP address of the Peer
+	IP net.IP `gorm:"uniqueIndex:idx_peers_account_id_ip"`
+	// Name is peer's name (machine name)
+	Name string
+	// DNSLabel is the parsed peer name for domain resolution. It is used to form an FQDN by appending the account's
+	// domain to the peer label. e.g. peer-dns-label.netbird.cloud
+	DNSLabel string
+	// The user ID that registered the peer
+	UserID string
+	// SSHKey is a public SSH key of the peer
+	SSHKey string
+	// SSHEnabled indicates whether SSH server is enabled on the peer
+	SSHEnabled bool
+	// LoginExpirationEnabled indicates whether peer's login expiration is enabled and once expired the peer has to re-login.
+	// Works with LastLogin
+	LoginExpirationEnabled bool
+	// LastLogin the time when peer performed last login operation
+	LastLogin time.Time
+	// Indicate ephemeral peer attribute
+	Ephemeral bool
+}
+
+// PeerLogin used as a data object between the gRPC API and AccountManager on Login request.
+type PeerLogin struct {
+	// WireGuardPubKey is a peers WireGuard public key
+	WireGuardPubKey string
+	// SSHKey is a peer's ssh key. Can be empty (e.g., old version do not provide it, or this feature is disabled)
+	SSHKey string
+	// Meta is the system information passed by peer, must be always present.
+	Meta PeerSystemMeta
+	// UserID indicates that JWT was used to log in, and it was valid. Can be empty when SetupKey is used or auth is not required.
+	UserID string
+	// AccountID indicates that JWT was used to log in, and it was valid. Can be empty when SetupKey is used or auth is not required.
+	AccountID string
+	// SetupKey references to a server.SetupKey to log in. Can be empty when UserID is used or auth is not required.
+	SetupKey string
+}
+
+// AddedWithSSOLogin indicates whether this peer has been added with an SSO login by a user.
+func (p *DefaultPeer) AddedWithSSOLogin() bool {
+	return p.UserID != ""
+}
+
+// UpdateMetaIfNew updates peer's system metadata if new information is provided
+// returns true if meta was updated, false otherwise
+func (p *DefaultPeer) UpdateMetaIfNew(meta PeerSystemMeta) bool {
+	// Avoid overwriting UIVersion if the update was triggered sole by the CLI client
+	if meta.UIVersion == "" {
+		meta.UIVersion = p.Meta.UIVersion
+	}
+
+	if p.Meta.isEqual(meta) {
+		return false
+	}
+	p.Meta = meta
+	return true
+}
+
+// MarkLoginExpired marks peer's status expired or not
+func (p *DefaultPeer) MarkLoginExpired(expired bool) {
+	newStatus := p.Status.Copy()
+	newStatus.LoginExpired = expired
+	if expired {
+		newStatus.Connected = false
+	}
+	p.Status = newStatus
+}
+
+// LoginExpired indicates whether the peer's login has expired or not.
+// If Peer.LastLogin plus the expiresIn duration has happened already; then login has expired.
+// Return true if a login has expired, false otherwise, and time left to expiration (negative when expired).
+// Login expiration can be disabled/enabled on a Peer level via Peer.LoginExpirationEnabled property.
+// Login expiration can also be disabled/enabled globally on the Account level via Settings.PeerLoginExpirationEnabled.
+// Only peers added by interactive SSO login can be expired.
+func (p *DefaultPeer) LoginExpired(expiresIn time.Duration) (bool, time.Duration) {
+	if !p.AddedWithSSOLogin() || !p.LoginExpirationEnabled {
+		return false, 0
+	}
+	expiresAt := p.LastLogin.Add(expiresIn)
+	now := time.Now()
+	timeLeft := expiresAt.Sub(now)
+	return timeLeft <= 0, timeLeft
+}
+
+// FQDN returns peers FQDN combined of the peer's DNS label and the system's DNS domain
+func (p *DefaultPeer) FQDN(dnsDomain string) string {
+	if dnsDomain == "" {
+		return ""
+	}
+	return fmt.Sprintf("%s.%s", p.DNSLabel, dnsDomain)
+}
+
+// EventMeta returns activity event meta related to the peer
+func (p *DefaultPeer) EventMeta(dnsDomain string) map[string]any {
+	return map[string]any{"name": p.Name, "fqdn": p.FQDN(dnsDomain), "ip": p.IP, "created_at": p.CreatedAt}
+}
+
+func (p *DefaultPeer) GetID() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetID(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetAccountID() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetAccountID(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetKey() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetKey(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetSetupKey() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetSetupKey(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetIP() net.IP {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetIP(ip net.IP) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetName() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetName(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetDNSLabel() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetDNSLabel(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetUserID() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetUserID(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetSSHKey() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetSSHKey(s string) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) GetSSHEnabled() bool {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (p *DefaultPeer) SetSSHEnabled(b bool) {
+	// TODO implement me
+	panic("implement me")
+}
--- a/management/refactor/peers/repository.go
+++ b/management/refactor/peers/repository.go
@@ -0,0 +1,8 @@
+package peers
+
+type Repository interface {
+	FindPeerByPubKey(pubKey string) (Peer, error)
+	FindPeerByID(id string) (Peer, error)
+	FindAllPeersInAccount(id string) ([]Peer, error)
+	UpdatePeer(peer Peer) error
+}
--- a/management/refactor/policies/manager.go
+++ b/management/refactor/policies/manager.go
@@ -0,0 +1,30 @@
+package policies
+
+import "github.com/netbirdio/netbird/management/refactor/peers"
+
+type Manager interface {
+	GetAccessiblePeersAndFirewallRules(peerID string) (peers []peers.Peer, firewallRules []*FirewallRule)
+}
+
+type DefaultManager struct {
+	repository  repository
+	peerManager peers.Manager
+}
+
+func NewDefaultManager(repository repository, peerManager peers.Manager) *DefaultManager {
+	return &DefaultManager{
+		repository:  repository,
+		peerManager: peerManager,
+	}
+}
+
+func (dm *DefaultManager) GetAccessiblePeersAndFirewallRules(peerID string) (peers []peers.Peer, firewallRules []*FirewallRule) {
+	peer, err := dm.peerManager.GetPeerByID(peerID)
+	if err != nil {
+		return nil, nil
+	}
+
+	peers, err = dm.peerManager.GetNetworkPeersInAccount(peer.GetAccountID())
+
+	return peers, nil
+}
--- a/management/refactor/policies/policy.go
+++ b/management/refactor/policies/policy.go
@@ -0,0 +1,7 @@
+package policies
+
+type Policy interface {
+}
+
+type DefaultPolicy struct {
+}
--- a/management/refactor/policies/repository.go
+++ b/management/refactor/policies/repository.go
@@ -0,0 +1,4 @@
+package policies
+
+type Repository interface {
+}
--- a/management/refactor/settings/manager.go
+++ b/management/refactor/settings/manager.go
@@ -0,0 +1,19 @@
+package settings
+
+type Manager interface {
+	GetSettings(accountID string) (Settings, error)
+}
+
+type DefaultManager struct {
+	repository repository
+}
+
+func NewDefaultManager(repository repository) *DefaultManager {
+	return &DefaultManager{
+		repository: repository,
+	}
+}
+
+func (dm *DefaultManager) GetSettings(accountID string) (Settings, error) {
+	return dm.repository.FindSettings(accountID)
+}
--- a/management/refactor/settings/repository.go
+++ b/management/refactor/settings/repository.go
@@ -0,0 +1,5 @@
+package settings
+
+type Repository interface {
+	FindSettings(accountID string) (Settings, error)
+}
--- a/management/refactor/settings/settings.go
+++ b/management/refactor/settings/settings.go
@@ -0,0 +1,34 @@
+package settings
+
+import "time"
+
+type Settings interface {
+	GetLicense() string
+	GetPeerLoginExpiration() time.Duration
+	SetPeerLoginExpiration(duration time.Duration)
+	GetPeerLoginExpirationEnabled() bool
+	SetPeerLoginExpirationEnabled(bool)
+}
+
+type DefaultSettings struct {
+}
+
+func (s *DefaultSettings) GetLicense() string {
+	return "selfhosted"
+}
+
+func (s *DefaultSettings) GetPeerLoginExpiration() time.Duration {
+	return 0
+}
+
+func (s *DefaultSettings) SetPeerLoginExpiration(duration time.Duration) {
+
+}
+
+func (s *DefaultSettings) GetPeerLoginExpirationEnabled() bool {
+	return false
+}
+
+func (s *DefaultSettings) SetPeerLoginExpirationEnabled(bool) {
+
+}
--- a/management/refactor/store/postgres_store.go
+++ b/management/refactor/store/postgres_store.go
@@ -0,0 +1,51 @@
+package store
+
+import (
+	"github.com/netbirdio/netbird/management/refactor/peers"
+	"github.com/netbirdio/netbird/management/refactor/settings"
+)
+
+const (
+	PostgresStoreEngine StoreEngine = "postgres"
+)
+
+type DefaultPostgresStore struct {
+}
+
+func (s *DefaultPostgresStore) FindSettings(accountID string) (settings.Settings, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultPostgresStore) FindPeerByPubKey(pubKey string) (peers.Peer, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultPostgresStore) FindPeerByID(id string) (peers.Peer, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultPostgresStore) FindAllPeersInAccount(id string) ([]peers.Peer, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultPostgresStore) UpdatePeer(peer peers.Peer) error {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultPostgresStore) GetLicense() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+func NewDefaultPostgresStore() *DefaultPostgresStore {
+	return &DefaultPostgresStore{}
+}
+
+func (s *DefaultPostgresStore) GetEngine() StoreEngine {
+	return PostgresStoreEngine
+}
--- a/management/refactor/store/sqlite_store.go
+++ b/management/refactor/store/sqlite_store.go
@@ -0,0 +1,166 @@
+package store
+
+import (
+	"path/filepath"
+	"runtime"
+	"sync"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+	"gorm.io/gorm/clause"
+	"gorm.io/gorm/logger"
+
+	"github.com/netbirdio/netbird/management/refactor/peers"
+	"github.com/netbirdio/netbird/management/refactor/settings"
+	"github.com/netbirdio/netbird/management/server/telemetry"
+)
+
+const (
+	SqliteStoreEngine StoreEngine = "sqlite"
+)
+
+// SqliteStore represents an account storage backed by a Sqlite DB persisted to disk
+type DefaultSqliteStore struct {
+	db                *gorm.DB
+	storeFile         string
+	accountLocks      sync.Map
+	globalAccountLock sync.Mutex
+	metrics           telemetry.AppMetrics
+	installationPK    int
+}
+
+func (s *DefaultSqliteStore) FindSettings(accountID string) (settings.Settings, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultSqliteStore) FindPeerByPubKey(pubKey string) (peers.Peer, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultSqliteStore) FindPeerByID(id string) (peers.Peer, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultSqliteStore) FindAllPeersInAccount(id string) ([]peers.Peer, error) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (s *DefaultSqliteStore) UpdatePeer(peer peers.Peer) error {
+	// TODO implement me
+	panic("implement me")
+}
+
+type installation struct {
+	ID                  uint `gorm:"primaryKey"`
+	InstallationIDValue string
+}
+
+// NewSqliteStore restores a store from the file located in the datadir
+func NewDefaultSqliteStore(dataDir string, metrics telemetry.AppMetrics) (*DefaultSqliteStore, error) {
+	storeStr := "store.db?cache=shared"
+	if runtime.GOOS == "windows" {
+		// Vo avoid `The process cannot access the file because it is being used by another process` on Windows
+		storeStr = "store.db"
+	}
+
+	file := filepath.Join(dataDir, storeStr)
+	db, err := gorm.Open(sqlite.Open(file), &gorm.Config{
+		Logger:      logger.Default.LogMode(logger.Silent),
+		PrepareStmt: true,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	sql, err := db.DB()
+	if err != nil {
+		return nil, err
+	}
+	conns := runtime.NumCPU()
+	sql.SetMaxOpenConns(conns) // TODO: make it configurable
+
+	// err = db.AutoMigrate(
+	// 	&SetupKey{}, &Peer{}, &User{}, &PersonalAccessToken{}, &Group{}, &Rule{},
+	// 	&Account{}, &Policy{}, &PolicyRule{}, &route.Route{}, &nbdns.NameServerGroup{},
+	// 	&installation{},
+	// )
+	// if err != nil {
+	// 	return nil, err
+	// }
+
+	return &DefaultSqliteStore{db: db, storeFile: file, metrics: metrics, installationPK: 1}, nil
+}
+
+func (s *DefaultSqliteStore) GetLicense() string {
+	// TODO implement me
+	panic("implement me")
+}
+
+// AcquireGlobalLock acquires global lock across all the accounts and returns a function that releases the lock
+func (s *DefaultSqliteStore) AcquireGlobalLock() (unlock func()) {
+	log.Debugf("acquiring global lock")
+	start := time.Now()
+	s.globalAccountLock.Lock()
+
+	unlock = func() {
+		s.globalAccountLock.Unlock()
+		log.Debugf("released global lock in %v", time.Since(start))
+	}
+
+	took := time.Since(start)
+	log.Debugf("took %v to acquire global lock", took)
+	if s.metrics != nil {
+		s.metrics.StoreMetrics().CountGlobalLockAcquisitionDuration(took)
+	}
+
+	return unlock
+}
+
+func (s *DefaultSqliteStore) AcquireAccountLock(accountID string) (unlock func()) {
+	log.Debugf("acquiring lock for account %s", accountID)
+
+	start := time.Now()
+	value, _ := s.accountLocks.LoadOrStore(accountID, &sync.Mutex{})
+	mtx := value.(*sync.Mutex)
+	mtx.Lock()
+
+	unlock = func() {
+		mtx.Unlock()
+		log.Debugf("released lock for account %s in %v", accountID, time.Since(start))
+	}
+
+	return unlock
+}
+
+func (s *DefaultSqliteStore) SaveInstallationID(ID string) error {
+	installation := installation{InstallationIDValue: ID}
+	installation.ID = uint(s.installationPK)
+
+	return s.db.Clauses(clause.OnConflict{UpdateAll: true}).Create(&installation).Error
+}
+
+func (s *DefaultSqliteStore) GetInstallationID() string {
+	var installation installation
+
+	if result := s.db.First(&installation, "id = ?", s.installationPK); result.Error != nil {
+		return ""
+	}
+
+	return installation.InstallationIDValue
+}
+
+// Close is noop in Sqlite
+func (s *DefaultSqliteStore) Close() error {
+	return nil
+}
+
+// GetStoreEngine returns SqliteStoreEngine
+func (s *DefaultSqliteStore) GetStoreEngine() StoreEngine {
+	return SqliteStoreEngine
+}
--- a/management/refactor/store/store.go
+++ b/management/refactor/store/store.go
@@ -0,0 +1,66 @@
+package store
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/management/refactor/peers"
+	"github.com/netbirdio/netbird/management/refactor/settings"
+	"github.com/netbirdio/netbird/management/server/telemetry"
+)
+
+type Store interface {
+	GetLicense() string
+	FindPeerByPubKey(pubKey string) (peers.Peer, error)
+	FindPeerByID(id string) (peers.Peer, error)
+	FindAllPeersInAccount(id string) ([]peers.Peer, error)
+	UpdatePeer(peer peers.Peer) error
+	FindSettings(accountID string) (settings.Settings, error)
+}
+
+type DefaultStore interface {
+	GetLicense() string
+	FindPeerByPubKey(pubKey string) (peers.Peer, error)
+	FindPeerByID(id string) (peers.Peer, error)
+	FindAllPeersInAccount(id string) ([]peers.Peer, error)
+	UpdatePeer(peer peers.Peer) error
+	FindSettings(accountID string) (settings.Settings, error)
+}
+
+type StoreEngine string
+
+func getStoreEngineFromEnv() StoreEngine {
+	// NETBIRD_STORE_ENGINE supposed to be used in tests. Otherwise rely on the config file.
+	kind, ok := os.LookupEnv("NETBIRD_STORE_ENGINE")
+	if !ok {
+		return SqliteStoreEngine
+	}
+
+	value := StoreEngine(strings.ToLower(kind))
+
+	if value == PostgresStoreEngine || value == SqliteStoreEngine {
+		return value
+	}
+
+	return SqliteStoreEngine
+}
+
+func NewDefaultStore(kind StoreEngine, dataDir string, metrics telemetry.AppMetrics) (DefaultStore, error) {
+	if kind == "" {
+		// fallback to env. Normally this only should be used from tests
+		kind = getStoreEngineFromEnv()
+	}
+	switch kind {
+	case PostgresStoreEngine:
+		log.Info("using JSON file store engine")
+		return NewDefaultPostgresStore(), nil
+	case SqliteStoreEngine:
+		log.Info("using SQLite store engine")
+		return NewDefaultSqliteStore(dataDir, metrics)
+	default:
+		return nil, fmt.Errorf("unsupported kind of store %s", kind)
+	}
+}
--- a/management/refactor/users/manager.go
+++ b/management/refactor/users/manager.go
@@ -0,0 +1,24 @@
+package users
+
+import "github.com/netbirdio/netbird/management/refactor/peers"
+
+type Manager interface {
+	GetUser(id string) (User, error)
+}
+
+type DefaultManager struct {
+	repository  repository
+	peerManager peers.Manager
+}
+
+func NewDefaultManager(repository repository, peerManager peers.Manager) *DefaultManager {
+	return &DefaultManager{
+		repository:  repository,
+		peerManager: peerManager,
+	}
+}
+
+func (d DefaultManager) GetUser(id string) (User, error) {
+	// TODO implement me
+	panic("implement me")
+}
--- a/management/refactor/users/repository.go
+++ b/management/refactor/users/repository.go
@@ -0,0 +1,4 @@
+package users
+
+type Repository interface {
+}
--- a/management/refactor/users/user.go
+++ b/management/refactor/users/user.go
@@ -0,0 +1,35 @@
+package users
+
+import "time"
+
+// UserRole is the role of a User
+type UserRole string
+
+type User interface {
+	IsBlocked() bool
+}
+
+// User represents a user of the system
+type DefaultUser struct {
+	Id string `gorm:"primaryKey"`
+	// AccountID is a reference to Account that this object belongs
+	AccountID     string `json:"-" gorm:"index"`
+	Role          UserRole
+	IsServiceUser bool
+	// NonDeletable indicates whether the service user can be deleted
+	NonDeletable bool
+	// ServiceUserName is only set if IsServiceUser is true
+	ServiceUserName string
+	// AutoGroups is a list of Group IDs to auto-assign to peers registered by this user
+	AutoGroups []string `gorm:"serializer:json"`
+	// Blocked indicates whether the user is blocked. Blocked users can't use the system.
+	Blocked bool
+	// LastLogin is the last time the user logged in to IdP
+	LastLogin time.Time
+	// Issued of the user
+	Issued string `gorm:"default:api"`
+}
+
+func (u *DefaultUser) IsBlocked() bool {
+	return u.Blocked
+}
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -1361,21 +1361,16 @@ func (am *DefaultAccountManager) removeUserFromCache(accountID, userID string) e
 func (am *DefaultAccountManager) updateAccountDomainAttributes(account *Account, claims jwtclaims.AuthorizationClaims,
 	primaryDomain bool,
 ) error {
+	account.IsDomainPrimaryAccount = primaryDomain

-	if claims.Domain != "" {
-		account.IsDomainPrimaryAccount = primaryDomain
-
-		lowerDomain := strings.ToLower(claims.Domain)
-		userObj := account.Users[claims.UserId]
-		if account.Domain != lowerDomain && userObj.Role == UserRoleAdmin {
-			account.Domain = lowerDomain
-		}
-		// prevent updating category for different domain until admin logs in
-		if account.Domain == lowerDomain {
-			account.DomainCategory = claims.DomainCategory
-		}
-	} else {
-		log.Errorf("claims don't contain a valid domain, skipping domain attributes update. Received claims: %v", claims)
+	lowerDomain := strings.ToLower(claims.Domain)
+	userObj := account.Users[claims.UserId]
+	if account.Domain != lowerDomain && userObj.Role == UserRoleAdmin {
+		account.Domain = lowerDomain
+	}
+	// prevent updating category for different domain until admin logs in
+	if account.Domain == lowerDomain {
+		account.DomainCategory = claims.DomainCategory
 	}

 	err := am.Store.SaveAccount(account)
Author	SHA1	Message	Date
Pascal Fischer	27c3a4c5d6	simplify storage inheritance	2024-03-14 11:42:25 +01:00
Pascal Fischer	f31b06fc92	add example setup for management refactor	2024-03-13 23:07:00 +01:00