diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 2889f3e..0cafcba 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -1,7 +1,7 @@ name: "Update" on: schedule: - - cron: "0 4 * * 2,5" # Tue, Fri at 04:00 UTC + - cron: "0 4 * * 1,3,6" # Mon, Wed, Sat at 04:00 UTC workflow_dispatch: jobs: update: diff --git a/hosts/srv-core/default.nix b/hosts/srv-core/default.nix index 0ea5043..6e44d94 100644 --- a/hosts/srv-core/default.nix +++ b/hosts/srv-core/default.nix @@ -15,6 +15,10 @@ overlay = { address = "10.254.250.6"; isLighthouse = true; + advertise = { + address = "130.83.103.62"; + port = 47033; + }; }; underlay = { interface = "enp2s0"; @@ -24,11 +28,6 @@ }; services = { - nebula.advertise = { - address = "130.83.103.62"; - port = 47033; - }; - recursive-nameserver = { enable = true; blockAds = true; diff --git a/modules/nixos/networking/overlay.nix b/modules/nixos/networking/overlay.nix index 42b7afa..70d5101 100644 --- a/modules/nixos/networking/overlay.nix +++ b/modules/nixos/networking/overlay.nix @@ -51,6 +51,22 @@ in }; isLighthouse = lib.mkEnableOption ""; + + advertise = { + address = lib.mkOption { + type = lib.types.nullOr lib.types.nonEmptyStr; + default = + if config.custom.networking.underlay.isPublic then + config.custom.networking.underlay.address + else + null; + }; + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = if cfg.advertise.address != null then config.custom.services.nebula.listenPort else null; + }; + }; + role = lib.mkOption { type = lib.types.enum [ "client" diff --git a/modules/nixos/services/nebula/default.nix b/modules/nixos/services/nebula/default.nix index d361d3d..64e8b03 100644 --- a/modules/nixos/services/nebula/default.nix +++ b/modules/nixos/services/nebula/default.nix @@ -2,7 +2,6 @@ config, self, lib, - allHosts, ... }: let @@ -28,17 +27,7 @@ in listenPort = lib.mkOption { type = lib.types.port; - default = if (cfg.advertise.address != null) then 47141 else 0; - }; - advertise = { - address = lib.mkOption { - type = lib.types.nullOr lib.types.nonEmptyStr; - default = if netCfg.underlay.isPublic then netCfg.underlay.address else null; - }; - port = lib.mkOption { - type = lib.types.nullOr lib.types.port; - default = if cfg.advertise.address != null then cfg.listenPort else null; - }; + default = if (netCfg.overlay.advertise.address != null) then 47141 else 0; }; caCertificateFile = lib.mkOption { @@ -61,7 +50,7 @@ in config = lib.mkIf cfg.enable { assertions = lib.singleton { - assertion = netCfg.overlay.isLighthouse -> cfg.advertise.address != null; + assertion = netCfg.overlay.isLighthouse -> netCfg.overlay.advertise.address != null; message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` or `overlay.advertise.address` are not set. Lighthouses must be publicly reachable."; }; @@ -107,12 +96,11 @@ in relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses; staticHostMap = - allHosts - |> lib.attrValues - |> lib.filter (host: host.config.custom.services.nebula.advertise.address != null) - |> lib.map (host: { - name = host.config.custom.networking.overlay.address; - value = lib.singleton "${host.config.custom.services.nebula.advertise.address}:${toString host.config.custom.services.nebula.advertise.port}"; + netCfg.peers + |> lib.filter (peer: peer.overlay.advertise.address != null) + |> lib.map (peer: { + name = peer.overlay.address; + value = lib.singleton "${peer.overlay.advertise.address}:${toString peer.overlay.advertise.port}"; }) |> lib.listToAttrs;