netbird/infrastructure_files/management.json.tmpl

{
    "Stuns": [
        {
            "Proto": "udp",
            "URI": "stun:$TURN_DOMAIN:3478",
            "Username": "",
            "Password": null
        }
    ],
    "TURNConfig": {
        "Turns": [
            {
                "Proto": "udp",
                "URI": "turn:$TURN_DOMAIN:3478",
                "Username": "$TURN_USER",
                "Password": "$TURN_PASSWORD"
            }
        ],
        "CredentialsTTL": "12h",
        "Secret": "secret",
        "TimeBasedCredentials": false
    },
    "Relay": {
        "Addresses": ["$NETBIRD_RELAY_ENDPOINT"],
        "CredentialsTTL": "24h",
        "Secret": "$NETBIRD_RELAY_AUTH_SECRET"
    },
    "Signal": {
        "Proto": "$NETBIRD_SIGNAL_PROTOCOL",
        "URI": "$NETBIRD_DOMAIN:$NETBIRD_SIGNAL_PORT",
        "Username": "",
        "Password": null
    },
    "ReverseProxy": {
        "TrustedHTTPProxies": [],
        "TrustedHTTPProxiesCount": 0,
        "TrustedPeers": [
             "0.0.0.0/0"
        ]
    },
    "DisableDefaultPolicy": $NETBIRD_MGMT_DISABLE_DEFAULT_POLICY,
    "Datadir": "",
    "DataStoreEncryptionKey": "$NETBIRD_DATASTORE_ENC_KEY",
    "StoreConfig": {
        "Engine": "$NETBIRD_STORE_CONFIG_ENGINE"
    },
    "HttpConfig": {
        "Address": "0.0.0.0:80",
        "AuthIssuer": "$NETBIRD_AUTH_AUTHORITY",
        "AuthAudience": "$NETBIRD_AUTH_CLIENT_ID",
        "AuthKeysLocation": "$NETBIRD_AUTH_JWT_CERTS",
        "AuthUserIDClaim": "$NETBIRD_AUTH_USER_ID_CLAIM",
        "CertFile": "",
        "CertKey": "",
        "IdpSignKeyRefreshEnabled": true,
        "OIDCConfigEndpoint": "$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT"
    },
    "IdpManagerConfig": {
        "ManagerType": "zitadel",
        "ClientConfig": {
            "Issuer": "$NETBIRD_AUTH_AUTHORITY",
            "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT",
            "ClientID": "$NETBIRD_IDP_MGMT_CLIENT_ID",
            "ClientSecret": "$NETBIRD_IDP_MGMT_CLIENT_SECRET",
            "GrantType": "client_credentials"
        },
        "ExtraConfig": {
            "ManagementEndpoint": "$ZITADEL_MANAGEMENT_ENDPOINT"
        }
    },
    "DeviceAuthorizationFlow": {
        "Provider": "hosted",
        "ProviderConfig": {
            "Audience": "$NETBIRD_AUTH_CLIENT_ID_CLI",
            "ClientID": "$NETBIRD_AUTH_CLIENT_ID_CLI",
            "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT",
            "DeviceAuthEndpoint": "$NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT",
            "Scope": "openid"
        }
    },
    "PKCEAuthorizationFlow": {
        "ProviderConfig": {
            "Audience": "$NETBIRD_AUTH_CLIENT_ID_CLI",
            "ClientID": "$NETBIRD_AUTH_CLIENT_ID_CLI",
            "AuthorizationEndpoint": "$NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT",
            "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT",
            "Scope": "openid profile email offline_access",
            "RedirectURLs": ["http://localhost:53000/", "http://localhost:54000/"]
        }
    }
}