30 lines
561 B
Nix
30 lines
561 B
Nix
{config, ...}: let
|
|
inherit (import ../../modules/nebula/shared.nix) userGroup;
|
|
in {
|
|
sops.secrets."nebula-key" = {
|
|
mode = "0440";
|
|
owner = userGroup;
|
|
group = userGroup;
|
|
};
|
|
|
|
# TODO: why?
|
|
networking.firewall.allowedUDPPorts = [4242];
|
|
|
|
gen.nebula = {
|
|
enable = true;
|
|
enableLighthouse = false;
|
|
|
|
cert = ../../keys/n-usr-min-fwl.crt;
|
|
key = config.sops.secrets."nebula-key".path;
|
|
|
|
extraInbound = [
|
|
# Allow iperf3 from anyone
|
|
{
|
|
port = 5201;
|
|
proto = "any";
|
|
host = "any";
|
|
}
|
|
];
|
|
};
|
|
}
|