72 lines
1.4 KiB
Django/Jinja
72 lines
1.4 KiB
Django/Jinja
pki:
|
|
ca: /etc/nebula/ca.crt
|
|
cert: /etc/nebula/config.crt
|
|
key: /etc/nebula/config.key
|
|
|
|
static_host_map:
|
|
# Primary lighthouse (InterServer datacenter)
|
|
"{{ lighthouse_nebula_ip }}": ["{{ lighthouse_bridge_ip }}:4242", "{{ lighthouse_public_ip }}:4242"]
|
|
# Home lighthouse (Dell) for reduced latency from home
|
|
"{{ home_lighthouse_nebula_ip }}": ["{{ home_lighthouse_public_ip }}:4242"]
|
|
|
|
lighthouse:
|
|
am_lighthouse: false
|
|
interval: 60
|
|
hosts:
|
|
- "{{ lighthouse_nebula_ip }}"
|
|
- "{{ home_lighthouse_nebula_ip }}"
|
|
|
|
punchy:
|
|
punch: true
|
|
respond: true
|
|
|
|
relay:
|
|
relays:
|
|
- "{{ lighthouse_nebula_ip }}"
|
|
- "{{ home_lighthouse_nebula_ip }}"
|
|
|
|
listen:
|
|
host: 0.0.0.0
|
|
port: 0
|
|
|
|
tun:
|
|
dev: nebula1
|
|
drop_local_broadcast: true
|
|
drop_multicast: true
|
|
|
|
firewall:
|
|
conntrack:
|
|
tcp_timeout: 12h
|
|
udp_timeout: 3m
|
|
default_timeout: 10m
|
|
|
|
outbound:
|
|
- port: any
|
|
proto: any
|
|
host: any
|
|
|
|
inbound:
|
|
# Admin (laptop) has full access
|
|
- port: any
|
|
proto: any
|
|
group: admin
|
|
|
|
# Infrastructure can talk to each other
|
|
- port: any
|
|
proto: any
|
|
group: infrastructure
|
|
|
|
# Projects can access infrastructure services
|
|
- port: any
|
|
proto: any
|
|
group: projects
|
|
|
|
# AD domain machines can reach infrastructure (DNS forwarding, etc.)
|
|
- port: any
|
|
proto: any
|
|
group: ad
|
|
|
|
# Allow ICMP from anyone (ping)
|
|
- port: any
|
|
proto: icmp
|
|
host: any |