{ "Stuns": [ { "Proto": "udp", "URI": "stun:{{ server_external_fqdn }}:3478", "Username": "", "Password": "" } ], "TURNConfig": { "TimeBasedCredentials": false, "CredentialsTTL": "12h0m0s", "Secret": "secret", "Turns": [ { "Proto": "udp", "URI": "turn:{{ server_external_fqdn }}:3478", "Username": "self", "Password": "{{ server_turns_password }}" } ] }, "Relay": { "Addresses": [ "rel://{{ server_external_fqdn }}:33080" ], "CredentialsTTL": "24h0m0s", "Secret": "{{ server_relay_secret }}" }, "Signal": { "Proto": "{{ signal_scheme }}", "URI": "{{ server_external_fqdn }}:10000", "Username": "", "Password": "" }, "Datadir": "/var/lib/netbird/", "DataStoreEncryptionKey": "{{ server_enctypt_key }}", "HttpConfig": { "LetsEncryptDomain": "", {% if behind_proxy == 'yes' %} "CertFile": "", "CertKey": "", {% else %} "CertFile": "/etc/letsencrypt/live/{{ server_external_fqdn }}/fullchain.pem", "CertKey": "/etc/letsencrypt/live/{{ server_external_fqdn }}/privkey.pem", {% endif %} "AuthAudience": "{{ server_keycloak_client_id }}", "AuthIssuer": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}", "AuthUserIDClaim": "", "AuthKeysLocation": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}/protocol/openid-connect/certs", "OIDCConfigEndpoint": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}/.well-known/openid-configuration", "IdpSignKeyRefreshEnabled": false, "ExtraAuthAudience": "" }, "IdpManagerConfig": { "ManagerType": "keycloak", "ClientConfig": { "Issuer": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}", "TokenEndpoint": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}/protocol/openid-connect/token", "ClientID": "{{ server_keycloak_backend_client_id }}", "ClientSecret": "{{ keycloak_backend_client_secret }}", "GrantType": "client_credentials" }, "ExtraConfig": { "AdminEndpoint": "https://{{ server_keycloak_admin_fqdn }}/admin/realms/{{ server_keycloak_realm }}" }, "Auth0ClientCredentials": null, "AzureClientCredentials": null, "KeycloakClientCredentials": null, "ZitadelClientCredentials": null }, "DeviceAuthorizationFlow": { "Provider": "hosted", "ProviderConfig": { "ClientID": "{{ server_keycloak_client_id }}", "ClientSecret": "", "Domain": "{{ server_keycloak_fqdn }}", "Audience": "{{ server_keycloak_client_id }}", "TokenEndpoint": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}/protocol/openid-connect/token", "DeviceAuthEndpoint": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}/protocol/openid-connect/auth/device", "AuthorizationEndpoint": "", "Scope": "{{ scopes }}", "UseIDToken": false, "RedirectURLs": null, "DisablePromptLogin": false } }, "PKCEAuthorizationFlow": { "ProviderConfig": { "ClientID": "{{ server_keycloak_client_id }}", "ClientSecret": "", "Domain": "", "Audience": "{{ server_keycloak_client_id }}", "TokenEndpoint": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}/protocol/openid-connect/token", "DeviceAuthEndpoint": "", "AuthorizationEndpoint": "https://{{ server_keycloak_fqdn }}/realms/{{ server_keycloak_realm }}/protocol/openid-connect/auth", "Scope": "openid profile email offline_access api", "UseIDToken": false, "RedirectURLs": [ "http://localhost:53000" ], "DisablePromptLogin": false } }, "StoreConfig": { "Engine": "sqlite" }, "ReverseProxy": { "TrustedHTTPProxies": [], "TrustedHTTPProxiesCount": 0, "TrustedPeers": [ "0.0.0.0/0" ] } }