# Shared configuration values
let
  nebula-port = 4242;
  empyrean-vpn-ip = "10.22.20.1";
  empyrean-ext-dns = "vpn.alogoulogoi.com";
in {
  nebula-defaults = {
    listen.port = nebula-port;

    # Don't filter at the VPN level
    firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
    firewall.inbound  = [ { port = "any"; proto = "any"; host = "any"; } ];

    settings = {
      # Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
      punchy = { punch = true; response = true; };
    };
  };

  inherit empyrean-vpn-ip;
  empyrean-host-map = { ${empyrean-vpn-ip} = [ "${empyrean-ext-dns}:${toString nebula-port}" ]; };
}