diff options
Diffstat (limited to 'systems/v-coord1/default.nix')
-rw-r--r-- | systems/v-coord1/default.nix | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/systems/v-coord1/default.nix b/systems/v-coord1/default.nix index ec91e9c..6d97da8 100644 --- a/systems/v-coord1/default.nix +++ b/systems/v-coord1/default.nix @@ -61,6 +61,11 @@ in time.timeZone = "UTC"; sops.secrets.root-password.neededForUsers = true; + # User = networkId; + # nameToId = netName: "nebula-${netName}"; + sops.secrets.nebula-sefidel-internal-ca = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-cert = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-key = { owner = "nebula-sefidel-internal"; }; users.users.root.hashedPasswordFile = config.sops.secrets.root-password.path; users.users.root.openssh.authorizedKeys.keys = maintainerKeys; @@ -78,6 +83,28 @@ in sops.enable = true; services.tailscale.enable = true; + services.nebula = { + enable = true; + + networks.sefidel-internal = { + ca = config.sops.secrets.nebula-sefidel-internal-ca.path; + cert = config.sops.secrets.nebula-sefidel-internal-cert.path; + key = config.sops.secrets.nebula-sefidel-internal-key.path; + + isLighthouse = true; + isRelay = true; + + settings = { + lighthouse = { + serve_dns = true; + dns = { + host = "100.64.0.1"; + port = 53; + }; + }; + }; + }; + }; }; # This value determines the NixOS release from which the default |