mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 05:39:05 +08:00
vps6 enable nebula
This commit is contained in:
parent
82c5d9c087
commit
9ae78ee549
@ -253,6 +253,7 @@
|
||||
misskey-proxy = { "xn--qbtm095lrg0bfka60z.chn.moe" = {}; "xn--s8w913fdga.chn.moe" = {}; };
|
||||
coturn.enable = true;
|
||||
synapse-proxy."synapse.chn.moe" = {};
|
||||
nebula = { enable = true; lighthouse = null; };
|
||||
};
|
||||
boot =
|
||||
{
|
||||
|
@ -11,6 +11,7 @@ inputs:
|
||||
./xray.nix
|
||||
./coturn.nix
|
||||
./synapse.nix
|
||||
./nebula
|
||||
# ./docker.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
|
5
modules/services/nebula/ca.crt
Normal file
5
modules/services/nebula/ca.crt
Normal file
@ -0,0 +1,5 @@
|
||||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CkAKDm5lYnVsYS5jaG4ubW9lKLCXwacGMLD+xbYGOiDwt/rshddhDhyoSVl52cJA
|
||||
LEgU1ea4Q4L28v/MVXOkUUABEkANATGg8DOPwHmwq6xN2DATxYDCibb5x3qSctHx
|
||||
RIr8UAr2TlvOQfzoBw3v4DWsqaEC1U5Hw6iQsQp5sQ8DGU4O
|
||||
-----END NEBULA CERTIFICATE-----
|
6
modules/services/nebula/chn-PC.crt
Normal file
6
modules/services/nebula/chn-PC.crt
Normal file
@ -0,0 +1,6 @@
|
||||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CmAKAnBjEgqDpKGFDID+//8PKO2hwacGMK/+xbYGOiB7i4bfFMM0+9q52Dj4/Y8h
|
||||
0IaBkutBjmkeaLQ80a8FXEogKO75tUZ9s0oquFXtII1eFrODJVliKAavN+m8fNqd
|
||||
p9YSQD7vjiZOcMzKvz98diLoX8PudoxsovuOrU22EEBvNi80Lhoi41axLsFORzDu
|
||||
El34B/13QO0hi2tlviZvJbI91Ao=
|
||||
-----END NEBULA CERTIFICATE-----
|
48
modules/services/nebula/default.nix
Normal file
48
modules/services/nebula/default.nix
Normal file
@ -0,0 +1,48 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nebula = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
# null: is lighthouse, non-empty string: is not lighthouse, and use this string as lighthouse address.
|
||||
lighthouse = mkOption { type = types.nullOr types.nonEmptyStr; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) nebula;
|
||||
inherit (builtins) concatStringsSep;
|
||||
in mkIf nebula.enable
|
||||
{
|
||||
services.nebula.networks.nebula =
|
||||
{
|
||||
enable = true;
|
||||
ca = ./ca.crt;
|
||||
cert = ./. + "/${inputs.config.nixos.system.hostname}.crt";
|
||||
key = inputs.config.sops.templates."nebula/key-template".path;
|
||||
isLighthouse = nebula.lighthouse == null;
|
||||
lighthouses = if nebula.lighthouse == null then [] else [ "192.168.82.1" ];
|
||||
staticHostMap = if nebula.lighthouse == null then {} else { "192.168.82.1" = [ nebula.lighthouse ]; };
|
||||
listen.port = if nebula.lighthouse == null then 4242 else 0;
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."nebula/key-template" =
|
||||
{
|
||||
content = concatStringsSep "\n"
|
||||
[
|
||||
"-----BEGIN NEBULA X25519 PRIVATE KEY-----"
|
||||
inputs.config.sops.placeholder."nebula/key"
|
||||
"-----END NEBULA X25519 PRIVATE KEY-----"
|
||||
];
|
||||
owner = inputs.config.systemd.services."nebula@nebula".serviceConfig.User;
|
||||
group = inputs.config.systemd.services."nebula@nebula".serviceConfig.Group;
|
||||
};
|
||||
secrets."nebula/key" = {};
|
||||
};
|
||||
networking.firewall = if nebula.lighthouse != null then {} else
|
||||
{
|
||||
allowedTCPPorts = [ 4242 ];
|
||||
allowedUDPPorts = [ 4242 ];
|
||||
};
|
||||
};
|
||||
}
|
6
modules/services/nebula/vps6.crt
Normal file
6
modules/services/nebula/vps6.crt
Normal file
@ -0,0 +1,6 @@
|
||||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CmIKBHZwczYSCoGkoYUMgP7//w8ohJnBpwYwr/7FtgY6IPKlZIGl2zkbjoEbmZho
|
||||
7mMfTWkx0XppzZup96IROdJYSiAo7vm1Rn2zSiq4Ve0gjV4Ws4MlWWIoBq836bx8
|
||||
2p2n1hJAOvcgC7UjiOGvq9oyv86vdrppIkjOxwz7znpDJAeNrxEURSTsmeCCB7BO
|
||||
6rEQZ6b4kXqgRXr08OpBnW6FeMvFCA==
|
||||
-----END NEBULA CERTIFICATE-----
|
6
modules/services/nebula/vps7.crt
Normal file
6
modules/services/nebula/vps7.crt
Normal file
@ -0,0 +1,6 @@
|
||||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CmIKBHZwczcSCoKkoYUMgP7//w8okpnBpwYwr/7FtgY6IAeBowLj1DamSObhmIF7
|
||||
bb1tBTjnl4dvRPQSOY3JflBfSiAo7vm1Rn2zSiq4Ve0gjV4Ws4MlWWIoBq836bx8
|
||||
2p2n1hJAoCxYon4eLiRfMfmhQR9fKC+8kn3QwILjdvUpn6EyMOZJfOEfeNbm0Ffh
|
||||
aedtdOdvl3Gd1WJ45HrZXwHE+nRSCQ==
|
||||
-----END NEBULA CERTIFICATE-----
|
@ -60,6 +60,8 @@ send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
coturn:
|
||||
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
|
||||
nebula:
|
||||
key: ENC[AES256_GCM,data:1zvyGKsyJESAbf6tUCy6hX93rDXEYNA5QBsqV4Ag4+cksToQ5IubchciQt4=,iv:ZG+pCofTTGx6LcJ05qohotRcX6MK4JsUzL2DfmKE4eI=,tag:o/Vm72d4QbfLXoSVwXZYhw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -84,8 +86,8 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-29T13:47:17Z"
|
||||
mac: ENC[AES256_GCM,data:yJPCvlmADSnMvVXMtPhrmp9DOZ/pj1ey2/SZCpZhbBkYDa+sSg48YCKqMPwqyx7PdkQHfVjhyen+eRJjczbeaTclClpGKRkQJzW7qArZz4dF5sfD+q64i8zjVmjxX2Pajb/iHWbQiax7kp5YSgYEKXSP3caCb73fu7aL3Tm9Isw=,iv:6o5MaH/Oy53HabDNDITz1XHDNBila5KgtkU4mwmfkwg=,tag:nuo0srgaAfhEP2xPp2r43w==,type:str]
|
||||
lastmodified: "2023-08-31T09:19:50Z"
|
||||
mac: ENC[AES256_GCM,data:oXNW63+apUuSgla4kycVWrFpNFpaZstsdaNPym2qYJoi/kJblnA94T61ad/WxdLXFYK0eiVRvD5geNjQ62wQ4OGhHw8rAvBEynK6ayF8CFgDXmJCRjGPXIx8dN6gl/voxLf6kVkL/PtC7LH1j8jnEYMadWwG+5ohSw1jB/y60Bs=,iv:YsCd5Ib/9FzQF0sMv8WQMJ4vNkMGRMetFRH+zN4/gzY=,tag:lQ4/AotElVBWcT2BJuY0Bw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
Loading…
Reference in New Issue
Block a user