Nebula: Difference between revisions

← Older edit

Retrieved from "https://wiki.nixos.org/wiki/Nebula"

@@ Line 10: / Line 10: @@
-A simple configuration may look like:
+A simple lighthouse configuration may look like:
 <syntaxhighlight lang="nix">
    environment.systemPackages = with pkgs; [ nebula ];
    services.nebula.networks.mesh = {
-     enable = false;
+     enable = true;
      isLighthouse = true;
-     cert = "/etc/nebulanode.crt";
+     cert = "/etc/nebula/beacon.crt"; # The name of this lighthouse is beacon.
-     key = "/etc/nebula/node.key";
+     key = "/etc/nebula/beacon.key";
      ca = "/etc/nebula/ca.crt";
    };
+</syntaxhighlight>
+A node configuration may look like:
+<syntaxhighlight lang="nix">
+  environment.systemPackages = with pkgs; [ nebula ];
+  services.nebula.networks.mesh = {
+    enable = true;
+    isLighthouse = false;
+    lighthouses = [ "192.168.100.1" ];
+    settings = {
+        cipher= "aes";
+        };
+    cert = "/etc/nebula/host.crt";
+    key = "/etc/nebula/host.key";
+    ca = "/etc/nebula/ca.crt";
+    staticHostMap = {
+        "192.168.100.1" = [
+                "PUBLICLIGHTHOUSEIPHERE:4242"
+                ];
+        };
+    firewall.outbound = [
+  {
+    host = "any";
+    port = "any";
+    proto = "any";
+  }
+];
+    firewall.inbound = [
+  {
+    host = "any";
+    port = "any";
+    proto = "any";
+  }
+];
+  };
+</syntaxhighlight>
+The configuration files in `/etc/nebula` need to be readable by the Nebula service:
+<syntaxhighlight lang="bash">
+sudo chmod --reference /etc/nix /etc/nebula
+sudo chmod --reference /etc/nix/nix.conf /etc/nebula/*
 </syntaxhighlight>
@@ Line 36: / Line 79: @@
 Of these four files produced, you should do as much as you can to keep <code>ca.key</code> secure.
-(...more coming soon...)
+[[Category:Networking]]