Nebula

From NixOS Wiki
Revision as of 00:06, 22 December 2023 by imported>C4lliope (Begin describing Nebula.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Nebula is a meshing overlay network made as an open-source program by Slack. You can seamlessly mesh hundreds, thousands, or more machines across the globe, using minimal changes to your process.

This guide assumes there are a couple of Nix machines you'd like to connect, though you can go through the "Lighthouse Node" section on a single machine as a sample.

Lighthouse Node

In Nebula, a "lighthouse" is a signaling node accessible through a public IP address, using UDP port 4242. A simple configuration may look like: 

  environment.systemPackages = with pkgs; [ nebula ];
  services.nebula.networks.mesh = {
    enable = false;
    isLighthouse = true;
    cert = "/home/user/mesh/node.crt";
    key = "/home/user/mesh/node.key";
    ca = "/home/user/mesh/ca.crt";
  };

Please use your normal login username, or choose some other place on your disk as you like.

Before enabling the service, do you see those certificates referenced under cert, key, and ca? They're easy enough to make.

Be sure you make the certs on the filepath used in your nix config, and use the IP you'd like your lighthouse node to be assigned. 

> mkdir ~/mesh && cd ~/mesh
> nebula-cert ca -name mesh
> nebula-cert sign -ca-crt ./ca.crt -ca-key ./ca.key -name node -ip 10.0.0.180
> ls
ca.crt  ca.key  node.crt  node.key

Of these four, you should do as much as you can to keep ca.key secure.

(...more coming soon...)

Retrieved from "https://wiki.nixos.org/w/index.php?title=Nebula&oldid=11039"