Refactor some network configs into a common module
This commit is contained in:
parent
d1bd491141
commit
08c0e42639
|
@ -1,6 +1,8 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
beatific = import ../../modules/beatific.nix;
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./fileserver.nix
|
./fileserver.nix
|
||||||
|
@ -155,7 +157,7 @@
|
||||||
};
|
};
|
||||||
};*/
|
};*/
|
||||||
|
|
||||||
services.nebula.networks.beatific = {
|
services.nebula.networks.beatific = lib.recursiveUpdate beatific.nebula-defaults {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
# Network certificate and host credentials
|
# Network certificate and host credentials
|
||||||
|
@ -163,23 +165,12 @@
|
||||||
cert = "/etc/nebula/beatific/catacomb.crt";
|
cert = "/etc/nebula/beatific/catacomb.crt";
|
||||||
key = "/etc/nebula/beatific/catacomb.key";
|
key = "/etc/nebula/beatific/catacomb.key";
|
||||||
|
|
||||||
listen.port = 4242;
|
|
||||||
|
|
||||||
# Connect to the lighthouse at empyrean
|
# Connect to the lighthouse at empyrean
|
||||||
# Note that this is a VPN address, not a public address
|
# Note that this is a VPN address, not a public address
|
||||||
lighthouses = [ "10.22.20.1" ];
|
lighthouses = [ beatific.empyrean-vpn-ip ];
|
||||||
|
|
||||||
# Map the lighthouse address to its public address
|
# Map the lighthouse address to its public address
|
||||||
staticHostMap = { "10.22.20.1" = [ "vpn.alogoulogoi.com:4242" ]; };
|
staticHostMap = beatific.empyrean-host-map;
|
||||||
|
|
||||||
# Don't filter anything at the VPN level
|
|
||||||
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
|
|
||||||
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
# Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
|
|
||||||
punchy = { punch = true; response = true; };
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.zfs = {
|
services.zfs = {
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Shared configuration values
|
||||||
|
let
|
||||||
|
nebula-port = 4242;
|
||||||
|
empyrean-vpn-ip = "10.22.20.1";
|
||||||
|
empyrean-ext-dns = "vpn.alogoulogoi.com";
|
||||||
|
in {
|
||||||
|
nebula-defaults = {
|
||||||
|
listen.port = nebula-port;
|
||||||
|
|
||||||
|
# Don't filter at the VPN level
|
||||||
|
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
|
||||||
|
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
# Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
|
||||||
|
punchy = { punch = true; response = true; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
inherit empyrean-vpn-ip;
|
||||||
|
empyrean-host-map = { ${empyrean-vpn-ip} = [ "${empyrean-ext-dns}:${toString nebula-port}" ]; };
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue