diff options
author | sefidel <contact@sefidel.net> | 2024-01-11 22:28:49 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2024-01-11 22:28:49 +0900 |
commit | b1adb7c9fea00b6b3ad524268d64019e60e4ddd7 (patch) | |
tree | ff2db85d790b0c2056291e1b8be75b302dfc2934 /nixos/haruka/configuration.nix | |
parent | df3fa386b54a85c30d38d19cb6447dc37349c253 (diff) | |
download | nixrc-b1adb7c9fea00b6b3ad524268d64019e60e4ddd7.tar.gz nixrc-b1adb7c9fea00b6b3ad524268d64019e60e4ddd7.zip |
feat(nixos/haruka): configure nebula
Diffstat (limited to 'nixos/haruka/configuration.nix')
-rw-r--r-- | nixos/haruka/configuration.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix index f0a8f3d..320aa4c 100644 --- a/nixos/haruka/configuration.nix +++ b/nixos/haruka/configuration.nix @@ -224,6 +224,37 @@ services.tailscale.useRoutingFeatures = "both"; programs.trayscale.enable = true; + # User = networkId; + # nameToId = netName: "nebula-${netName}"; + sops.secrets.nebula-sefidel-internal-ca = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-cert = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-key = { owner = "nebula-sefidel-internal"; }; + + services.nebula.networks = { + sefidel-internal = { + enable = false; + + ca = config.sops.secrets.nebula-sefidel-internal-ca.path; + cert = config.sops.secrets.nebula-sefidel-internal-cert.path; + key = config.sops.secrets.nebula-sefidel-internal-key.path; + + staticHostMap = { + "100.64.0.1" = [ "v-coord1.sefidel.net:4242" ]; + }; + + lighthouses = [ "100.64.0.1" ]; + relays = [ "100.64.0.1" ]; + + firewall.inbound = [ + { + host = "any"; + port = "any"; + proto = "any"; + } + ]; + }; + }; + services.greetd = { enable = true; vt = 2; |