SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 12:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

nebula: Assert routability of lighthouses

Browse source
This commit is contained in:
SebastianStork 2025-12-25 20:00:44 +01:00
parent d58da5ce7d
commit de16ca49e8
Signed by: SebastianStork
SSH key fingerprint: SHA256:iEM011ogNMG1q8+U500adGu/9rpPuZ2KnFtbdLeqTiI
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/system/services/nebula/default.nix
View file

@ -55,6 +55,11 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.udp = lib.optional (cfg.routablePort != null) cfg.routablePort; meta.ports.udp = lib.optional (cfg.routablePort != null) cfg.routablePort;
assertions = lib.singleton {
assertion = cfg.isLighthouse -> cfg.routableAddress != null;
message = "'${hostname}' is a Nebula lighthouse, but routableAddress is not set. Lighthouses must be publicly reachable.";
};
sops.secrets."nebula/host-key" = { sops.secrets."nebula/host-key" = {
owner = config.users.users.nebula-main.name; owner = config.users.users.nebula-main.name;
restartUnits = [ "nebula@main.service" ]; restartUnits = [ "nebula@main.service" ];