.github/workflows/update.yml

@@ -1,7 +1,7 @@
 name: "Update"
 on:
   schedule:
-    - cron: "0 4 * * 2,5" # Tue, Fri at 04:00 UTC
+    - cron: "0 4 * * 1,3,6" # Mon, Wed, Sat at 04:00 UTC
   workflow_dispatch:
 jobs:
   update:

hosts/srv-core/default.nix

@@ -15,6 +15,10 @@
         overlay = {
           address = "10.254.250.6";
           isLighthouse = true;
+          advertise = {
+            address = "130.83.103.62";
+            port = 47033;
+          };
         };
         underlay = {
           interface = "enp2s0";
@@ -24,11 +28,6 @@
       };
 
       services = {
-        nebula.advertise = {
-          address = "130.83.103.62";
-          port = 47033;
-        };
-
         recursive-nameserver = {
           enable = true;
           blockAds = true;

modules/nixos/networking/overlay.nix

@@ -51,6 +51,22 @@ in
     };
 
     isLighthouse = lib.mkEnableOption "";
+
+    advertise = {
+      address = lib.mkOption {
+        type = lib.types.nullOr lib.types.nonEmptyStr;
+        default =
+          if config.custom.networking.underlay.isPublic then
+            config.custom.networking.underlay.address
+          else
+            null;
+      };
+      port = lib.mkOption {
+        type = lib.types.nullOr lib.types.port;
+        default = if cfg.advertise.address != null then config.custom.services.nebula.listenPort else null;
+      };
+    };
+
     role = lib.mkOption {
       type = lib.types.enum [
         "client"

modules/nixos/services/nebula/default.nix

@@ -2,7 +2,6 @@
   config,
   self,
   lib,
-  allHosts,
   ...
 }:
 let
@@ -28,17 +27,7 @@ in
 
     listenPort = lib.mkOption {
       type = lib.types.port;
-      default = if (cfg.advertise.address != null) then 47141 else 0;
+      default = if (netCfg.overlay.advertise.address != null) then 47141 else 0;
-    };
-    advertise = {
-      address = lib.mkOption {
-        type = lib.types.nullOr lib.types.nonEmptyStr;
-        default = if netCfg.underlay.isPublic then netCfg.underlay.address else null;
-      };
-      port = lib.mkOption {
-        type = lib.types.nullOr lib.types.port;
-        default = if cfg.advertise.address != null then cfg.listenPort else null;
-      };
     };
 
     caCertificateFile = lib.mkOption {
@@ -61,7 +50,7 @@ in
 
   config = lib.mkIf cfg.enable {
     assertions = lib.singleton {
-      assertion = netCfg.overlay.isLighthouse -> cfg.advertise.address != null;
+      assertion = netCfg.overlay.isLighthouse -> netCfg.overlay.advertise.address != null;
       message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` or `overlay.advertise.address` are not set. Lighthouses must be publicly reachable.";
     };
 
@@ -107,12 +96,11 @@ in
       relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;
 
       staticHostMap =
-        allHosts
+        netCfg.peers
-        |> lib.attrValues
+        |> lib.filter (peer: peer.overlay.advertise.address != null)
-        |> lib.filter (host: host.config.custom.services.nebula.advertise.address != null)
+        |> lib.map (peer: {
-        |> lib.map (host: {
+          name = peer.overlay.address;
-          name = host.config.custom.networking.overlay.address;
+          value = lib.singleton "${peer.overlay.advertise.address}:${toString peer.overlay.advertise.port}";
-          value = lib.singleton "${host.config.custom.services.nebula.advertise.address}:${toString host.config.custom.services.nebula.advertise.port}";
         })
         |> lib.listToAttrs;