# {{ ansible_managed }} server: listenAddress: ":80" exposedAddress: "https://{{ netbird_coordinator__domain }}:443" stunPorts: [3478] metricsPort: 9090 healthcheckAddress: ":9000" logLevel: "info" logFile: "console" authSecret: "{{ vault.netbird.auth_secret }}" dataDir: "/var/lib/netbird" auth: issuer: "https://{{ netbird_coordinator__domain }}/oauth2" signKeyRefreshEnabled: true dashboardRedirectURIs: - "https://{{ netbird_coordinator__domain }}/nb-auth" - "https://{{ netbird_coordinator__domain }}/nb-silent-auth" cliRedirectURIs: - "http://localhost:53000/" reverseProxy: # to_json (not a loop) so an empty override renders [] not YAML null — # null would mean "trust no proxy" and silently break X-Forwarded-* from Caddy. trustedHTTPProxies: {{ netbird_coordinator__trusted_proxies | to_json }} store: engine: "sqlite" encryptionKey: "{{ vault.netbird.datastore_key }}"