Add Nebula config
This commit is contained in:
parent
de0ec2365a
commit
0c19b401c5
|
@ -102,6 +102,31 @@
|
||||||
chroot = false;
|
chroot = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nebula.networks.beatific = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# Network certificate and host credentials
|
||||||
|
ca = "/etc/nebula/beatific/ca.crt";
|
||||||
|
cert = "/etc/nebula/beatific/empyrean.crt";
|
||||||
|
key = "/etc/nebula/beatific/empyrean.key";
|
||||||
|
|
||||||
|
# This host has a well-known IP at prgmr, so it can function as a lighthouse/entry node
|
||||||
|
isLighthouse = true;
|
||||||
|
|
||||||
|
# Listen to connection requests from the public Internet
|
||||||
|
listen.port = 4242;
|
||||||
|
listen.host = "vpn.alogoulogoi.com";
|
||||||
|
|
||||||
|
# Don't filter anything at the VPN level.
|
||||||
|
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
|
||||||
|
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
# Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
|
||||||
|
punchy = { punch = true; response = true; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowPing = true;
|
allowPing = true;
|
||||||
|
|
Loading…
Reference in New Issue