From b4f740e7bee99b9d1d79f556b66b467c9050e536 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Wed, 4 Mar 2026 21:50:50 +0100 Subject: [PATCH] nebula: Move advertise address/port options --- hosts/srv-core/default.nix | 9 ++++---- modules/nixos/networking/overlay.nix | 16 -------------- modules/nixos/services/nebula/default.nix | 26 +++++++++++++++++------ 3 files changed, 24 insertions(+), 27 deletions(-) diff --git a/hosts/srv-core/default.nix b/hosts/srv-core/default.nix index 6e44d94..cdb792d 100644 --- a/hosts/srv-core/default.nix +++ b/hosts/srv-core/default.nix @@ -15,10 +15,6 @@ overlay = { address = "10.254.250.6"; isLighthouse = true; - advertise = { - address = "130.83.103.62"; - port = 47033; - }; }; underlay = { interface = "enp2s0"; @@ -28,6 +24,11 @@ }; services = { + nebula.advertise = { + address = "130.83.103.62"; + port = 47033; + }; + recursive-nameserver = { enable = true; blockAds = true; diff --git a/modules/nixos/networking/overlay.nix b/modules/nixos/networking/overlay.nix index 70d5101..42b7afa 100644 --- a/modules/nixos/networking/overlay.nix +++ b/modules/nixos/networking/overlay.nix @@ -51,22 +51,6 @@ in }; isLighthouse = lib.mkEnableOption ""; - - advertise = { - address = lib.mkOption { - type = lib.types.nullOr lib.types.nonEmptyStr; - default = - if config.custom.networking.underlay.isPublic then - config.custom.networking.underlay.address - else - null; - }; - port = lib.mkOption { - type = lib.types.nullOr lib.types.port; - default = if cfg.advertise.address != null then config.custom.services.nebula.listenPort else null; - }; - }; - role = lib.mkOption { type = lib.types.enum [ "client" diff --git a/modules/nixos/services/nebula/default.nix b/modules/nixos/services/nebula/default.nix index 64e8b03..d361d3d 100644 --- a/modules/nixos/services/nebula/default.nix +++ b/modules/nixos/services/nebula/default.nix @@ -2,6 +2,7 @@ config, self, lib, + allHosts, ... }: let @@ -27,7 +28,17 @@ in listenPort = lib.mkOption { type = lib.types.port; - default = if (netCfg.overlay.advertise.address != null) then 47141 else 0; + default = if (cfg.advertise.address != null) then 47141 else 0; + }; + advertise = { + address = lib.mkOption { + type = lib.types.nullOr lib.types.nonEmptyStr; + default = if netCfg.underlay.isPublic then netCfg.underlay.address else null; + }; + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = if cfg.advertise.address != null then cfg.listenPort else null; + }; }; caCertificateFile = lib.mkOption { @@ -50,7 +61,7 @@ in config = lib.mkIf cfg.enable { assertions = lib.singleton { - assertion = netCfg.overlay.isLighthouse -> netCfg.overlay.advertise.address != null; + assertion = netCfg.overlay.isLighthouse -> cfg.advertise.address != null; message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` or `overlay.advertise.address` are not set. Lighthouses must be publicly reachable."; }; @@ -96,11 +107,12 @@ in relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses; staticHostMap = - netCfg.peers - |> lib.filter (peer: peer.overlay.advertise.address != null) - |> lib.map (peer: { - name = peer.overlay.address; - value = lib.singleton "${peer.overlay.advertise.address}:${toString peer.overlay.advertise.port}"; + allHosts + |> lib.attrValues + |> lib.filter (host: host.config.custom.services.nebula.advertise.address != null) + |> lib.map (host: { + name = host.config.custom.networking.overlay.address; + value = lib.singleton "${host.config.custom.services.nebula.advertise.address}:${toString host.config.custom.services.nebula.advertise.port}"; }) |> lib.listToAttrs;