SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 17:49:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

networking: Unify underlay config across hosts

Browse source
This commit is contained in:
SebastianStork 2026-01-30 20:39:59 +01:00
parent 1d1709e1ba
commit 27b5c57023
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
19 changed files with 240 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/system/services/nebula/default.nix
View file

@ -26,13 +26,12 @@ in
config = lib.mkIf cfg.enable {
assertions = lib.singleton {
assertion = netCfg.isLighthouse -> netCfg.underlay.isPublic;
assertion = netCfg.overlay.isLighthouse -> netCfg.underlay.isPublic;
message = "'${netCfg.hostName}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable.";
};
custom.networking.overlay = {
networkAddress = "10.254.250.0";
prefixLength = 24;
networkCidr = "10.254.250.0/24";
domain = "splitleaf.de";
interface = "nebula";
systemdUnit = "nebula@mesh.service";
@ -66,10 +65,10 @@ in
tun.device = netCfg.overlay.interface;
listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
inherit (netCfg) isLighthouse;
lighthouses = lib.mkIf (!netCfg.isLighthouse) (
inherit (netCfg.overlay) isLighthouse;
lighthouses = lib.mkIf (!netCfg.overlay.isLighthouse) (
netCfg.peers
|> lib.filter (peer: peer.isLighthouse)
|> lib.filter (peer: peer.overlay.isLighthouse)
|> lib.map (lighthouse: lighthouse.overlay.address)
);
@ -105,7 +104,7 @@ in
systemd.network.networks."40-nebula" = {
matchConfig.Name = netCfg.overlay.interface;
address = [ "${netCfg.overlay.address}/${toString netCfg.overlay.prefixLength}" ];
address = [ netCfg.overlay.cidr ];
dns = netCfg.overlay.dnsServers;
domains = [ netCfg.overlay.domain ];
};