NixOS Wiki

Nebula: Difference between revisions

← Older edit
VisualWikitext
imported>C4lliope
Raise concerns around NAT and port forwarding.
m added node/client config for nebula mesh network.
 
(4 intermediate revisions by 3 users not shown)
Line 5: Line 5:
== Lighthouse Node ==
== Lighthouse Node ==


In Nebula, a "lighthouse" is a signaling node accessible through a public IP address, using UDP port 4242. A simple configuration may look like:
In Nebula, a "lighthouse" is a signaling node accessible through a public IP address, using UDP port 4242.
 
Because you're likely using a cloud server option for your lighthouse, there is a chance you'll be unable to use NixOS on that node. Double check the [[NixOS_friendly_hosters| NixOS friendly hosters article]] your options for running NixOS in the cloud], or choose a secondary distribution and look for the <code>nebula</code> package, and go through [https://nebula.defined.net/docs/guides/quick-start/ the Quick Start guide].
 
 
A simple lighthouse configuration may look like:


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
   environment.systemPackages = with pkgs; [ nebula ];
   environment.systemPackages = with pkgs; [ nebula ];
   services.nebula.networks.mesh = {
   services.nebula.networks.mesh = {
     enable = false;
     enable = true;
     isLighthouse = true;
     isLighthouse = true;
     cert = "/etc/nebulanode.crt";
     cert = "/etc/nebula/beacon.crt"; # The name of this lighthouse is beacon.
     key = "/etc/nebula/node.key";
     key = "/etc/nebula/beacon.key";
     ca = "/etc/nebula/ca.crt";
     ca = "/etc/nebula/ca.crt";
   };
   };
</syntaxhighlight>
</syntaxhighlight>


Because you're likely using a VPS server for your lighthouse, there is a chance you'll be unable to use NixOS on that node. Check the package manager of your distribution for the <code>nebula</code> package, and go through the Quick Start guide: https://nebula.defined.net/docs/guides/quick-start/
A node configuration may look like:
 
<syntaxhighlight lang="nix">
  environment.systemPackages = with pkgs; [ nebula ];
  services.nebula.networks.mesh = {
    enable = true;
    isLighthouse = false;
    lighthouses = [ "192.168.100.1" ];
    settings = {
        cipher= "aes";
        };
    cert = "/etc/nebula/host.crt";
    key = "/etc/nebula/host.key";
    ca = "/etc/nebula/ca.crt";
    staticHostMap = {
        "192.168.100.1" = [
                "PUBLICLIGHTHOUSEIPHERE:4242"
                ];
        };
    firewall.outbound = [
  {
    host = "any";
    port = "any";
    proto = "any";
  }
];
    firewall.inbound = [
  {
    host = "any";
    port = "any";
    proto = "any";
  }
];
  };
</syntaxhighlight>
 
The configuration files in `/etc/nebula` need to be readable by the Nebula service:
 
<syntaxhighlight lang="bash">
sudo chmod --reference /etc/nix /etc/nebula
sudo chmod --reference /etc/nix/nix.conf /etc/nebula/*
</syntaxhighlight>
 


Here is a quick process for making a certificate authority (<code>ca</code>) and a certificate for a lighthouse node, called "<code>beacon</code>".
Here is a quick process for making a certificate authority (<code>ca</code>) and a certificate for a lighthouse node, called "<code>beacon</code>".
Line 32: Line 79:
Of these four files produced, you should do as much as you can to keep <code>ca.key</code> secure.
Of these four files produced, you should do as much as you can to keep <code>ca.key</code> secure.


(...more coming soon...)
[[Category:Networking]]
<syntaxhighlight lang="nix">
</syntaxhighlight>
<syntaxhighlight lang="nix">
</syntaxhighlight>
<syntaxhighlight lang="nix">
</syntaxhighlight>
Retrieved from "https://wiki.nixos.org/wiki/Nebula"