Skip to content

tocproject.toc.vpn

Tip

  • https://docs.netbird.io/about-netbird/how-netbird-works

Variables

toc_vpn_workspace: "{{ toc_workspace }}"
toc_vpn_user:
  name: "netbird"
  group: "netbird"
  uid: 898
  gid: 898
  home: "{{ toc_vpn_data_dir }}"
  groups:
    - "docker"
    - "ssl-cert"

toc_vpn_secrets_dir: "{{ toc_secrets_dir }}"
toc_vpn_service_fqdn: "{{ toc_service_fqdn_vpn }}"
toc_vpn_cert: "/etc/ssl/private/*.{{ toc_public_domain }}.fullchain.crt"
toc_vpn_cert_key: "/etc/ssl/private/*.{{ toc_public_domain }}.key"
toc_vpn_authentik_fqdn: "{{ toc_service_fqdn_idp }}"

toc_vpn_port_dashboard: 10080
toc_vpn_port_signal: 10081
toc_vpn_port_mgmt: 10082

toc_vpn_config_dir: "/etc/netbird"
toc_vpn_data_dir: "/opt/netbird"

toc_vpn_volume_signal: "{{ toc_vpn_data_dir }}/signal"
toc_vpn_volume_mgmt: "{{ toc_vpn_data_dir }}/mgmt"

toc_vpn_private_services_fqdn:
  - "{{ toc_service_fqdn_bot }}"
  - "{{ toc_service_fqdn_git }}"
  - "{{ toc_service_fqdn_obs }}"
  - "{{ toc_service_fqdn_ide }}"
  - "{{ toc_service_fqdn_pki }}"

toc_vpn_expected_directories:
  - "{{ toc_vpn_config_dir }}"
  - "{{ toc_vpn_data_dir }}"

toc_vpn_authentik_token_file: "{{ toc_vpn_secrets_dir }}/ak.bootstrap.token"

toc_vpn_tf_modules_dir: "{{ toc_tf_modules_dir }}"

toc_vpn_auth_oidc_configuration_endpoint: >-
  https://{{ toc_vpn_authentik_fqdn }}/application/o/vpn_toc/.well-known/openid-configuration
toc_vpn_audience: "{{ __toc_vpn_client_id }}"
toc_vpn_auth_audience: "{{ __toc_vpn_client_id }}"
toc_vpn_auth_client_id: "{{ __toc_vpn_client_id }}"
toc_vpn_auth_device_auth_audience: "{{ __toc_vpn_client_id }}"
toc_vpn_auth_device_auth_client_id: "{{ __toc_vpn_client_id }}"
toc_vpn_auth_device_auth_provider: "hosted"
toc_vpn_auth_device_auth_scope: "openid"
toc_vpn_auth_device_auth_use_id_token: false
toc_vpn_auth_pkce_audience: "{{ __toc_vpn_client_id }}"
toc_vpn_auth_pkce_redirect_url_ports: 53000
toc_vpn_auth_pkce_use_id_token: false
toc_vpn_auth_supported_scopes: "openid profile email offline_access api groups"
toc_vpn_dash_auth_audience: "{{ toc_vpn_audience }}"
toc_vpn_dash_auth_use_audience: true
toc_vpn_disable_anonymous_metrics: true
toc_vpn_disable_letsencrypt: true
toc_vpn_idp_mgmt_client_id: "{{ __toc_vpn_client_id }}"
toc_vpn_idp_mgmt_client_secret: ""
toc_vpn_idp_mgmt_extra_password: "{{ toc_vpn_service_account_password }}"
toc_vpn_idp_mgmt_extra_username: "{{ toc_vpn_service_account_uname }}"
toc_vpn_mgmt_api_cert_file: "/etc/letsencrypt/live/{{ toc_vpn_service_fqdn }}/fullchain.pem"
toc_vpn_mgmt_api_cert_key_file: "/etc/letsencrypt/live/{{ toc_vpn_service_fqdn }}/privkey.pem"
toc_vpn_mgmt_api_endpoint: "https://{{ toc_vpn_service_fqdn }}"
toc_vpn_mgmt_api_port: 33073

toc_vpn_mgmt_dns_domain: "netbird-{{ toc_vpn_workspace }}.toc"

toc_vpn_mgmt_idp: "authentik"
toc_vpn_mgmt_idp_signkey_refresh: false
toc_vpn_mgmt_single_account_mode_domain: "{{ toc_vpn_service_fqdn }}"
toc_vpn_signal_port: 443
toc_vpn_signal_protocol: "https"
toc_vpn_store_config_engine: "sqlite"
toc_vpn_token_source: "accessToken"
toc_vpn_turn_external_ip: "{{ toc_infra_edge_public_ipv4 }}"
toc_vpn_turn_max_port: 49500
toc_vpn_turn_min_port: 49000
toc_vpn_turn_user: "self"
toc_vpn_use_auth0: false
toc_vpn_turn_domain: "{{ toc_vpn_service_fqdn }}"
toc_vpn_turn_password: >-
  {{
    lookup('password', toc_vpn_secrets_dir + '/pass.turn length=32 chars=ascii_letters,digits')
    | b64encode
    | regex_replace('=$', '')
  }}