Skip to content

Nebula

services.nebula.networks

Nebula network definitions. Type: attribute set of (submodule)

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.ca

Path to the certificate authority certificate. Type: path

Example

"/etc/nebula/ca.crt"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.cert

Path to the host certificate. Type: path

Example

"/etc/nebula/host.crt"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.enable

Enable or disable this network. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.firewall.inbound

Firewall rules for inbound traffic. Type: list of (attribute set)

Default

[ ]

Example

[{host = "any";port = "any";proto = "any";}]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.firewall.outbound

Firewall rules for outbound traffic. Type: list of (attribute set)

Default

[ ]

Example

[{host = "any";port = "any";proto = "any";}]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.isLighthouse

Whether this node is a lighthouse. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.isRelay

Whether this node is a relay. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.key

Path or reference to the host key. Type: non-empty string or path

Example

"/etc/nebula/host.key"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.lighthouses

List of IPs of lighthouse hosts this node should report to and query from. This should be empty on lighthouse nodes. The IPs should be the lighthouse's Nebula IPs, not their external IPs.

Type: list of string

Default

[ ]

Example

["192.168.100.1"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.listen.host

IP address to listen on. Type: string

Default

"0.0.0.0"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.listen.port

Port number to listen on. Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

if (config.services.nebula.networks.${name}.isLighthouse ||config.services.nebula.networks.${name}.isRelay) then4242else0;

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.package

The nebula package to use. Type: package

Default

pkgs.nebula

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.relays

List of IPs of relays that this node should allow traffic from.

Type: list of string

Default

[ ]

Example

["192.168.100.1"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.settings

Nebula configuration. Refer to https://github.com/slackhq/nebula/blob/master/examples/config.yml for details on supported values.

Type: YAML value

Default

{ }

Example

{lighthouse.dns = {host = "0.0.0.0";port = 53;};}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.staticHostMap

The static host map defines a set of hosts with fixed IP addresses on the internet (or any network). A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel.

Type: attribute set of list of string

Default

{ }

Example

{"192.168.100.1" = ["100.64.22.11:4242"];}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.tun.device

Name of the tun device. Defaults to nebula.${networkName}. Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix

services.nebula.networks.<name>.tun.disable

When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nebula.nix