infra/nixos/hosts/silver/services/nebula.nix

{config, ...}: let
  inherit (import ../../../modules/nebula/shared.nix) userGroup;
in {
  sops.secrets."svc-nebula-key" = {
    mode = "0440";
    owner = userGroup;
    group = userGroup;
  };

  networking.firewall.allowedUDPPorts = [4242];

  gen.nebula = {
    enable = true;
    enableLighthouse = true;

    cert = ../../../keys/lh-silver.crt;
    key = config.sops.secrets."svc-nebula-key".path;

    extraInbound = [];
  };
}
Deployment of Nebula 2024-10-15 16:02:42 -05:00			`{config, ...}: let`
Make a module for Nebula mesh (and fix hardening module) 2024-12-14 17:15:55 -06:00			`inherit (import ../../../modules/nebula/shared.nix) userGroup;`
Deployment of Nebula 2024-10-15 16:02:42 -05:00			`in {`
			`sops.secrets."svc-nebula-key" = {`
			`mode = "0440";`
			`owner = userGroup;`
			`group = userGroup;`
			`};`

Make a module for Nebula mesh (and fix hardening module) 2024-12-14 17:15:55 -06:00			`networking.firewall.allowedUDPPorts = [4242];`

			`gen.nebula = {`
			`enable = true;`
			`enableLighthouse = true;`
Revert kubernetes 2024-11-03 20:30:30 -06:00
Deployment of Nebula 2024-10-15 16:02:42 -05:00			`cert = ../../../keys/lh-silver.crt;`
			`key = config.sops.secrets."svc-nebula-key".path;`

Make a module for Nebula mesh (and fix hardening module) 2024-12-14 17:15:55 -06:00			`extraInbound = [];`
Deployment of Nebula 2024-10-15 16:02:42 -05:00			`};`
			`}`