Jaculabilis
/
nixos-configs
1
1
Fork 0
Code Releases Activity

Refactor some network configs into a common module

This commit is contained in:
Jaculabilis 2023-01-16 17:16:20 +00:00
parent d1bd491141
commit 08c0e42639
2 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
machine/catacomb/default.nix
View File

@ -1,6 +1,8 @@
{ pkgs, ... }: { pkgs, lib, ... }:
{ let
beatific = import ../../modules/beatific.nix;
in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./fileserver.nix ./fileserver.nix
@ -155,7 +157,7 @@
}; };
};*/ };*/
services.nebula.networks.beatific = { services.nebula.networks.beatific = lib.recursiveUpdate beatific.nebula-defaults {
enable = true; enable = true;
# Network certificate and host credentials # Network certificate and host credentials
@ -163,23 +165,12 @@
cert = "/etc/nebula/beatific/catacomb.crt"; cert = "/etc/nebula/beatific/catacomb.crt";
key = "/etc/nebula/beatific/catacomb.key"; key = "/etc/nebula/beatific/catacomb.key";
listen.port = 4242;
# Connect to the lighthouse at empyrean # Connect to the lighthouse at empyrean
# Note that this is a VPN address, not a public address # Note that this is a VPN address, not a public address
lighthouses = [ "10.22.20.1" ]; lighthouses = [ beatific.empyrean-vpn-ip ];
# Map the lighthouse address to its public address # Map the lighthouse address to its public address
staticHostMap = { "10.22.20.1" = [ "vpn.alogoulogoi.com:4242" ]; }; staticHostMap = beatific.empyrean-host-map;
# Don't filter anything at the VPN level
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
settings = {
# Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
punchy = { punch = true; response = true; };
};
}; };
services.zfs = { services.zfs = {

23
modules/beatific.nix Normal file
View File

@ -0,0 +1,23 @@
# Shared configuration values
let
nebula-port = 4242;
empyrean-vpn-ip = "10.22.20.1";
empyrean-ext-dns = "vpn.alogoulogoi.com";
in {
nebula-defaults = {
listen.port = nebula-port;
# Don't filter at the VPN level
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
settings = {
# Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
punchy = { punch = true; response = true; };
};
};
inherit empyrean-vpn-ip;
empyrean-host-map = { ${empyrean-vpn-ip} = [ "${empyrean-ext-dns}:${toString nebula-port}" ]; };
}