| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 |
- pki:
- ca: /etc/nebula/vagrant-test-ca.crt
- cert: /etc/nebula/host.crt
- key: /etc/nebula/host.key
- # Port Nebula will be listening on
- listen:
- host: 0.0.0.0
- port: 4242
- # sshd can expose informational and administrative functions via ssh
- sshd:
- # Toggles the feature
- enabled: true
- # Host and port to listen on
- listen: 127.0.0.1:2222
- # A file containing the ssh host private key to use
- host_key: /etc/ssh/ssh_host_ed25519_key
- # A file containing a list of authorized public keys
- authorized_users:
- {% for user in nebula_users %}
- - user: {{ user.name }}
- keys:
- {% for key in user.ssh_auth_keys %}
- - "{{ key }}"
- {% endfor %}
- {% endfor %}
- local_range: 10.168.0.0/16
- static_host_map:
- # lighthouse
- {{ hostvars[groups['lighthouse'][0]][vagrant_ifce]['ipv4']['address'] | to_nebula_ip }}: ["{{ hostvars[groups['lighthouse'][0]][vagrant_ifce]['ipv4']['address']}}:4242"]
- default_route: "0.0.0.0"
- lighthouse:
- {% if 'lighthouse' in group_names %}
- am_lighthouse: true
- serve_dns: true
- {% else %}
- am_lighthouse: false
- {% endif %}
- interval: 60
- hosts:
- - {{ hostvars[groups['lighthouse'][0]][vagrant_ifce]['ipv4']['address'] | to_nebula_ip }}
-
- # Configure the private interface
- tun:
- dev: nebula1
- # Sets MTU of the tun dev.
- # MTU of the tun must be smaller than the MTU of the eth0 interface
- mtu: 1300
- # TODO
- # Configure logging level
- logging:
- level: info
- format: json
- firewall:
- conntrack:
- tcp_timeout: 12m
- udp_timeout: 3m
- default_timeout: 10m
- max_connections: 100,000
- inbound:
- - proto: icmp
- port: any
- host: any
- - proto: any
- port: 22
- host: any
- {% if "lighthouse" in groups %}
- - proto: any
- port: 53
- host: any
- {% endif %}
- outbound:
- - proto: any
- port: any
- host: any
|
