Hello, first of all thank you very much for your work on rootless and distroless images as well as all the knowledge you shared!
- As said in the issue title, it seems the actions to build this image are not triggered anymore. Is it voluntary ?
- You may not be interested but I wanted to share how I modified the management config to use the embedded IdP (that can itself connect to external ones later if needed). This seems easier to deploy and requires less config to get started.
To use the embedded IdP, one should remove the HttpConfig, IdpManagerConfig and PKCEAuthorizationFlow sections from the management.json file and modify the EmbeddedIdP section to look like this:
"EmbeddedIdP": {
"Enabled": true,
"DataDir": "/netbird/etc",
"Issuer": "https://${NETBIRD_FQDN}/oauth2",
"DashboardRedirectURIs": [
"https://${NETBIRD_FQDN}/nb-auth",
"https://${NETBIRD_FQDN}/nb-silent-auth"
],
"Storage": {
"Type": "postgres",
"Config": {
"DSN": "${NETBIRD_STORE_ENGINE_POSTGRES_DSN} sslmode=disable"
}
}
},
- I also enabled the STUN server embedded in the "new" relay server.
This removes the need for the TURNConfig section in the management.json
- I'm not sure I understand the usefulness of the custom management executable you provide. The official one already uses the environment variables of the container to substitute them in the management.json file. Am I missing something ?
I'm totally open to share my config files if you are interested by my changes.
Hello, first of all thank you very much for your work on rootless and distroless images as well as all the knowledge you shared!
To use the embedded IdP, one should remove the
HttpConfig,IdpManagerConfigandPKCEAuthorizationFlowsections from the management.json file and modify theEmbeddedIdPsection to look like this:This removes the need for the
TURNConfigsection in the management.jsonI'm totally open to share my config files if you are interested by my changes.