nebula: Move advertise address/port options

2026-03-22 15:29:07 +01:00 · 2026-03-04 21:50:50 +01:00 · 2026-03-04 21:50:50 +01:00 · b4f740e7be
commit b4f740e7be
parent ef17aad9d1
3 changed files with 24 additions and 27 deletions
--- a/hosts/srv-core/default.nix
+++ b/hosts/srv-core/default.nix
@ -15,10 +15,6 @@
        overlay = {
          address = "10.254.250.6";
          isLighthouse = true;
-          advertise = {
-            address = "130.83.103.62";
-            port = 47033;
-          };
        };
        underlay = {
          interface = "enp2s0";
@ -28,6 +24,11 @@
      };

      services = {
+        nebula.advertise = {
+          address = "130.83.103.62";
+          port = 47033;
+        };
+        
        recursive-nameserver = {
          enable = true;
          blockAds = true;
--- a/modules/nixos/networking/overlay.nix
+++ b/modules/nixos/networking/overlay.nix
@ -51,22 +51,6 @@ in
    };

    isLighthouse = lib.mkEnableOption "";
-
-    advertise = {
-      address = lib.mkOption {
-        type = lib.types.nullOr lib.types.nonEmptyStr;
-        default =
-          if config.custom.networking.underlay.isPublic then
-            config.custom.networking.underlay.address
-          else
-            null;
-      };
-      port = lib.mkOption {
-        type = lib.types.nullOr lib.types.port;
-        default = if cfg.advertise.address != null then config.custom.services.nebula.listenPort else null;
-      };
-    };
-
    role = lib.mkOption {
      type = lib.types.enum [
        "client"
--- a/modules/nixos/services/nebula/default.nix
+++ b/modules/nixos/services/nebula/default.nix
@ -2,6 +2,7 @@
  config,
  self,
  lib,
+  allHosts,
  ...
 }:
 let
@ -27,7 +28,17 @@ in

    listenPort = lib.mkOption {
      type = lib.types.port;
-      default = if (netCfg.overlay.advertise.address != null) then 47141 else 0;
+      default = if (cfg.advertise.address != null) then 47141 else 0;
+    };
+    advertise = {
+      address = lib.mkOption {
+        type = lib.types.nullOr lib.types.nonEmptyStr;
+        default = if netCfg.underlay.isPublic then netCfg.underlay.address else null;
+      };
+      port = lib.mkOption {
+        type = lib.types.nullOr lib.types.port;
+        default = if cfg.advertise.address != null then cfg.listenPort else null;
+      };
    };

    caCertificateFile = lib.mkOption {
@ -50,7 +61,7 @@ in

  config = lib.mkIf cfg.enable {
    assertions = lib.singleton {
-      assertion = netCfg.overlay.isLighthouse -> netCfg.overlay.advertise.address != null;
+      assertion = netCfg.overlay.isLighthouse -> cfg.advertise.address != null;
      message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` or `overlay.advertise.address` are not set. Lighthouses must be publicly reachable.";
    };

@ -96,11 +107,12 @@ in
      relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;

      staticHostMap =
-        netCfg.peers
-        |> lib.filter (peer: peer.overlay.advertise.address != null)
-        |> lib.map (peer: {
-          name = peer.overlay.address;
-          value = lib.singleton "${peer.overlay.advertise.address}:${toString peer.overlay.advertise.port}";
+        allHosts
+        |> lib.attrValues
+        |> lib.filter (host: host.config.custom.services.nebula.advertise.address != null)
+        |> lib.map (host: {
+          name = host.config.custom.networking.overlay.address;
+          value = lib.singleton "${host.config.custom.services.nebula.advertise.address}:${toString host.config.custom.services.nebula.advertise.port}";
        })
        |> lib.listToAttrs;