feat(nixos/haruka): configure nebula

1 files changed, 31 insertions, 0 deletions

diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix
index f0a8f3d..320aa4c 100644
--- a/nixos/haruka/configuration.nix
+++ b/nixos/haruka/configuration.nix
@@ -224,6 +224,37 @@
   services.tailscale.useRoutingFeatures = "both";
   programs.trayscale.enable = true;
 
+  # User = networkId;
+  # nameToId = netName: "nebula-${netName}";
+  sops.secrets.nebula-sefidel-internal-ca = { owner = "nebula-sefidel-internal"; };
+  sops.secrets.nebula-sefidel-internal-cert = { owner = "nebula-sefidel-internal"; };
+  sops.secrets.nebula-sefidel-internal-key = { owner = "nebula-sefidel-internal"; };
+
+  services.nebula.networks = {
+    sefidel-internal = {
+      enable = false;
+
+      ca = config.sops.secrets.nebula-sefidel-internal-ca.path;
+      cert = config.sops.secrets.nebula-sefidel-internal-cert.path;
+      key = config.sops.secrets.nebula-sefidel-internal-key.path;
+
+      staticHostMap = {
+        "100.64.0.1" = [ "v-coord1.sefidel.net:4242" ];
+      };
+
+      lighthouses = [ "100.64.0.1" ];
+      relays = [ "100.64.0.1" ];
+
+      firewall.inbound = [
+        {
+          host = "any";
+          port = "any";
+          proto = "any";
+        }
+      ];
+    };
+  };
+
   services.greetd = {
     enable = true;
     vt = 2;