boma/roles/netbird_coordinator/defaults/main.yml
sjat ab1b0678ab feat(netbird): coordinator service role (combined server + dashboard, v0.72.4)
First real service role. NetBird v0.72.4 self-hosted control plane: single
netbirdio/netbird-server:0.72.4 (management + signal + relay + STUN + embedded
Dex) plus netbirdio/dashboard:v2.39.0, both on the shared boma Docker network so
the M4a Caddy fronts them. Renders docker-compose.yml + config.yaml (secrets from
vault.netbird.*, no_log) + dashboard.env. STUN 3478/udp host-exposed; everything
else via the proxy. netbird_coordinator__manage gates the compose-up for Molecule.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 17:49:57 +02:00

15 lines
865 B
YAML

---
# NetBird coordinator (self-hosted mesh-VPN control plane, ADR-016).
# Combined server image (Management + Signal + Relay + STUN) plus the dashboard UI.
netbird_coordinator__server_image: "netbirdio/netbird-server:0.72.4"
netbird_coordinator__dashboard_image: "netbirdio/dashboard:v2.39.0"
netbird_coordinator__base_dir: /opt/services/netbird
netbird_coordinator__domain: netbird.askari.wingu.me
# Source IP ranges Caddy fronts NetBird from, rendered into config.yaml
# server.reverseProxy.trustedHTTPProxies. NetBird trusts X-Forwarded-* only from
# these. MUST cover the Caddy container's source IP on the boma Docker network —
# verify the actual bridge subnet at deploy (docker network inspect boma) and tighten.
netbird_coordinator__trusted_proxies: ["172.16.0.0/12"]
netbird_coordinator__manage: true # set false in Molecule to render without Docker