From 1d515f416a12eb6e16a3d563be7ef80bccc05461 Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Wed, 2 Aug 2023 16:29:18 +0000 Subject: [PATCH] Connect backyard to nebula@beatific --- machine/backyard/default.nix | 26 ++++++++++++++++++++++++++ modules/beatific.nix | 1 + 2 files changed, 27 insertions(+) diff --git a/machine/backyard/default.nix b/machine/backyard/default.nix index 45f0104..4f1b3ea 100644 --- a/machine/backyard/default.nix +++ b/machine/backyard/default.nix @@ -24,6 +24,32 @@ ]; }; + services.nebula.networks.beatific = { + enable = true; + + ca = "/etc/nebula/beatific/beatific.crt"; + cert = "/etc/nebula/beatific/backyard.crt"; + key = "/etc/nebula/beatific/backyard.key"; + + listen.port = 4242; + + # Connect to the lighthouse at empyrean + # This should be a VPN address in the static host map + lighthouses = [ "10.22.20.1" ]; + + # Map the lighthouse address to its public address + staticHostMap = { "10.22.20.1" = [ "vpn.alogoulogoi.com:4242" ]; }; + + # Don't filter at the VPN level + firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ]; + firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ]; + + settings = { + # Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other + punchy = { punch = true; response = true; }; + }; + }; + # This value governs how some stateful data, like databases, are handled # across different versions of NixOS. This should not be changed to a new # release unless the sysadmin has determined that no services would be diff --git a/modules/beatific.nix b/modules/beatific.nix index ced1707..f3ef28a 100644 --- a/modules/beatific.nix +++ b/modules/beatific.nix @@ -68,6 +68,7 @@ in { curl git htop + nebula python3 vim wget