nixos-configs/hosts/mpl/nebula.nix

{config, ...}: let
  inherit (import ../../modules/nebula/shared.nix) userGroup;
in {
  sops.secrets."nebula-key" = {
    mode = "0440";
    owner = userGroup;
    group = userGroup;
  };

  # TODO: why?
  networking.firewall.allowedUDPPorts = [4242];

  gen.nebula = {
    enable = true;
    enableLighthouse = false;

    cert = ../../keys/n-usr-min-fwl.crt;
    key = config.sops.secrets."nebula-key".path;

    extraInbound = [
      # Allow iperf3 from anyone
      {
        port = 5201;
        proto = "any";
        host = "any";
      }
    ];
  };
}
initial commit 2024-12-27 16:44:03 -06:00			`{config, ...}: let`
			`inherit (import ../../modules/nebula/shared.nix) userGroup;`
			`in {`
			`sops.secrets."nebula-key" = {`
			`mode = "0440";`
			`owner = userGroup;`
			`group = userGroup;`
			`};`

			`# TODO: why?`
			`networking.firewall.allowedUDPPorts = [4242];`

			`gen.nebula = {`
			`enable = true;`
			`enableLighthouse = false;`

			`cert = ../../keys/n-usr-min-fwl.crt;`
			`key = config.sops.secrets."nebula-key".path;`

			`extraInbound = [`
			`# Allow iperf3 from anyone`
			`{`
			`port = 5201;`
			`proto = "any";`
			`host = "any";`
			`}`
			`];`
			`};`
			`}`