46 lines
1 KiB
Nix
46 lines
1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
services.nebula.networks.bbs = {
|
|
enable = lib.mkDefault config.mtxyz.platform.private;
|
|
ca = "${inputs.self}/secrets/nebula/ca.crt";
|
|
cert = "${inputs.self}/secrets/nebula/${config.networking.hostName}.bbs.lan.crt";
|
|
key = "${inputs.self}/secrets/nebula/${config.networking.hostName}.bbs.lan.key";
|
|
staticHostMap = {
|
|
"10.7.0.1" = [ "5.161.60.61:4242" ];
|
|
};
|
|
lighthouses = [ "10.7.0.1" ];
|
|
firewall = {
|
|
outbound = [
|
|
{
|
|
port = "any";
|
|
proto = "any";
|
|
host = "any";
|
|
}
|
|
];
|
|
inbound = [
|
|
{
|
|
port = "any";
|
|
proto = "icmp";
|
|
host = "any";
|
|
}
|
|
] ++ lib.optional config.services.openssh.enable {
|
|
port = 22;
|
|
proto = "tcp";
|
|
group = "bailey";
|
|
};
|
|
};
|
|
settings = {
|
|
punchy = {
|
|
punch = true;
|
|
};
|
|
};
|
|
};
|
|
networking.networkmanager.insertNameservers = lib.optional config.services.nebula.networks.bbs.enable "10.7.0.1";
|
|
}
|