add nebula mesh vpn

2025-08-27 16:28:21 +02:00 · 2025-08-27 16:28:21 +02:00 · 21b1832dca
commit 21b1832dca
parent df0b6e5187
12 changed files with 203 additions and 3 deletions
--- a/sys/profiles/network/nebula.nix
+++ b/sys/profiles/network/nebula.nix
@ -0,0 +1,32 @@
+{config, ...}: {
+  services.nebula.networks.xunmesh = {
+    enable = true;
+    staticHostMap = {
+      "30.0.0.1" = ["172.245.52.19:4242"];
+    };
+    cert = config.sops.secrets.nebula-cert.path;
+    key = config.sops.secrets.nebula-key.path;
+    ca = config.sops.secrets.nebula-ca-cert.path;
+    firewall = {
+      inbound = [
+        {
+          host = "any";
+          port = "any";
+          proto = "any";
+        }
+      ];
+      outbound = [
+        {
+          host = "any";
+          port = "any";
+          proto = "any";
+        }
+      ];
+    };
+    settings = {
+      preferred_ranges = ["192.168.50.0/24"];
+      lighthouse.hosts = ["30.0.0.1"];
+      punchy.punch = true;
+    };
+  };
+}