SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:b11001f5bb9600be31c9c5bd7e9bcb11863929d3
Branches Tags
SebastianStork:main
SebastianStork:develop
..
compare: SebastianStork:9a101eeeac378ac9106a8b66c96bc5b82164cf78
Branches Tags
SebastianStork:main
SebastianStork:develop

2 commits
b11001f5bb ... 9a101eeeac

Author SHA1 Message Date
SebastianStork
9a101eeeac
nebula: Reset logging level to info 2026-01-06 21:36:43 +01:00
SebastianStork
ef6cdd8e22
nebula: Roll out to all hosts 2026-01-06 21:33:46 +01:00
9 changed files with 49 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/vps-monitor/default.nix
View file

@ -20,9 +20,19 @@
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
services.tailscale = { services = {
enable = true; tailscale = {
ssh.enable = true; enable = true;
ssh.enable = true;
};
nebula.node = {
enable = true;
address = "10.254.250.5";
routableAddress = "188.245.223.145";
isLighthouse = true;
isServer = true;
};
}; };
web-services = web-services =

6
hosts/vps-monitor/keys/nebula.crt Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIGqoESAC3Zwcy1tb25pdG9yoQcEBQr++gUYhQRpWTmKhgRrKH30hyAVQ/4ZW6re
1yzFagxOA4SEMyUQWl7UCMJuYEUyO3NFaIIgEsH4GM7MoMHRA9Ua4racnsVImNb4
0fhIMdlx2Y8Gx3iDQJo2nQl5Atwka8UCU3FteaMSrgSxQW6HhBE7pwYMhlWdrusn
KUloRoe8tDpEWEO3qc+iQsgpr5Tuo27QUD77igs=
-----END NEBULA CERTIFICATE V2-----

3
hosts/vps-monitor/keys/nebula.pub Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
EsH4GM7MoMHRA9Ua4racnsVImNb40fhIMdlx2Y8Gx3g=
-----END NEBULA X25519 PUBLIC KEY-----

7
hosts/vps-monitor/secrets.json
View file

@ -10,6 +10,9 @@
"grafana": { "grafana": {
"admin-password": "ENC[AES256_GCM,data:2YRh4DT+1w5W/X3ELIe3Uu2EnMIHG4gUhV5ri6E=,iv:owHyuoupNQO09aRBgU2phIwxg22U1rUqKyYbw2193m4=,tag:dopVQwf4Ewf+lsFterfDOA==,type:str]" "admin-password": "ENC[AES256_GCM,data:2YRh4DT+1w5W/X3ELIe3Uu2EnMIHG4gUhV5ri6E=,iv:owHyuoupNQO09aRBgU2phIwxg22U1rUqKyYbw2193m4=,tag:dopVQwf4Ewf+lsFterfDOA==,type:str]"
}, },
"nebula": {
"host-key": "ENC[AES256_GCM,data:usSLqYOvDAAs7z1xo+gccDqgUE78upK+k522ldKcPoFKKBH87Us7gi6+XAOMDQ79U6i8j4l1lAE8kRdqDuvasodESHVSW9gSnnv5E73MVr0d1Snh7tAewVzneac+2R2R8tUzKzwzWM5SyyvJSoKGBg8WmGzdGT8UqC623utlYQ==,iv:NoZ2u8IK4g1Kwb6uZZ1jXJH4eFO9Jj5Phi5hPM4K72o=,tag:9mOv6oSESH+8r2ZC4yUE+w==,type:str]"
},
"sops": { "sops": {
"age": [ "age": [
{ {
@ -21,8 +24,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-12-09T12:25:24Z", "lastmodified": "2026-01-03T15:47:25Z",
"mac": "ENC[AES256_GCM,data:RlXJ6lSCzVKpmcSWuCCFKZLG5O6ltPq4yA7nZeWiFYJBJ9gIhVM/fLfqOk2a+msWDg5WDYXCyfARPhKzH6AnS0kK+yqdkytGklQUKLlBuWvswuiWycvShc+04hClpyn/76nTK6yQeXeYK+b807uc5PJHGnBweEteBLShFbSTfIY=,iv:FtYfeckV45KtgYp+V1ZSupV26gYEm3T3Vi/RovDWlAo=,tag:k1clC/bsLC1FCLuaB6ypMg==,type:str]", "mac": "ENC[AES256_GCM,data:fEtJdI0I7Tiv21n30ZcxMdOsf4emevkouRmMW+100GEY19rL/VtAIXkvaaygdz/sGXXzLeANReLjo5Ryp93x8854eravT4nQ8IXpNlCgdBXmq7QgUD/nc5kaOj0//3neAxE+ht5MPWm+AbfO4kYDKTmF9GFoLRZMfyvrWXTVv4M=,iv:h4RUkWkr6PABpj0yp+YRhgJ/0X6kwpMyB30qVMbO2to=,tag:8a+w96TwPXk15GZdryWneQ==,type:str]",
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.11.0" "version": "3.11.0"
} }

7
hosts/vps-public/default.nix
View file

@ -26,6 +26,13 @@
ssh.enable = true; ssh.enable = true;
}; };
nebula.node = {
enable = true;
address = "10.254.250.4";
routableAddress = "167.235.73.246";
isServer = true;
};
crowdsec = { crowdsec = {
enable = true; enable = true;
bouncers.firewall = true; bouncers.firewall = true;

6
hosts/vps-public/keys/nebula.crt Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIGpoEOACnZwcy1wdWJsaWOhBwQFCv76BBiFBGlZOWqGBGsoffSHIBVD/hlbqt7X
LMVqDE4DhIQzJRBaXtQIwm5gRTI7c0VogiB2ciqx2b7d1mUPRnrtM5sN+X4Pohtb
kBNPPFUDxwX7SoNAWUNPjR8iSib9C52wEmTzolYIvwbAUnOjMytH01xHUgPhiiTv
Cm4CTtS9vWllCCH682evxo+0I3+PKDRp8DKxCQ==
-----END NEBULA CERTIFICATE V2-----

3
hosts/vps-public/keys/nebula.pub Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
dnIqsdm+3dZlD0Z67TObDfl+D6IbW5ATTzxVA8cF+0o=
-----END NEBULA X25519 PUBLIC KEY-----

7
hosts/vps-public/secrets.json
View file

@ -20,6 +20,9 @@
"outline": { "outline": {
"gitlab-auth-secret": "ENC[AES256_GCM,data:fNxlI0sJdoY9hFxiJz4OdGLv1NyZbMchW/df5VuLBHqeQG19Seul0R1J0Fl+NBFfAAiyHA6oGzXerYLt6KsNDwFmK2ODuw==,iv:TfFyC+JUvb2GaeE8rh9Knj4fPkmoyWvymG9YAN/dpNA=,tag:PXn6uYXtFfV0N5+2fYyCZQ==,type:str]" "gitlab-auth-secret": "ENC[AES256_GCM,data:fNxlI0sJdoY9hFxiJz4OdGLv1NyZbMchW/df5VuLBHqeQG19Seul0R1J0Fl+NBFfAAiyHA6oGzXerYLt6KsNDwFmK2ODuw==,iv:TfFyC+JUvb2GaeE8rh9Knj4fPkmoyWvymG9YAN/dpNA=,tag:PXn6uYXtFfV0N5+2fYyCZQ==,type:str]"
}, },
"nebula": {
"host-key": "ENC[AES256_GCM,data:oi5uWtflxt+LB9ft6DuH+h3owTF8bj9lNKVAVyyZH4Ww5F4tN+GhQDNXHSt4SK4M/9K/M7/VfRjcL0uDJq0SJmI1oy0g/pTF+JcBAV/Z6PAhPWBXxMBkIdL+xYLR5lXmBKnTTkHoIqvBZH7wDHq2kOKrBFU96yFfrMLK1TVv5Q==,iv:eau9vYEVwUjGTgESR2d2QNiBlTZIq5Do97/xZqmrz2c=,tag:aTdQ2vRxI/BByG02VvpPMw==,type:str]"
},
"sops": { "sops": {
"age": [ "age": [
{ {
@ -31,8 +34,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-12-09T12:24:32Z", "lastmodified": "2026-01-03T15:48:23Z",
"mac": "ENC[AES256_GCM,data:96b2vkoRYVIYR7kL8yOjZTG2tpjJyWBFBZ+qIwMsDHxSa3tUULQs+xKbW1gbc06LJMe97ZfKZYAFt2ExJ19Ftw/xJumbuDgX0f7tk7dkx5QrlsUyAGM8T5bOtZDAUAnkAgcJsIepdtTTSW8GsEmiAClynX08c00/jv3PEaF3IPs=,iv:9QAeA05iSP1NKVDa/Mu/hFJ07gDjZdNoVzvrYGT7rhc=,tag:0x/CI8c0F7RW7IANY8DdwA==,type:str]", "mac": "ENC[AES256_GCM,data:p+WJViYWL4HFi7Us7RXJHVDFk8Q0HQ7I+dtV8XrIgBHELp19QTu6BmJ/7G/36Fe1H6h78SmwU3gOdSThDa77CmPlKlGG8aS6edLChJnCWeM0FBl61bvrCgZQwjVq/LZNMwJJIHiktDIPiIgNOwVvTzRCErrH6/UYjH0aGeyRI4g=,iv:6JE/7GAfIrLhRXUMVvFu4roON5zNgmQZY4vJJdgwcS8=,tag:xlDMg/vtqO5VFkbdbSBKxQ==,type:str]",
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.11.0" "version": "3.11.0"
} }

3
modules/system/services/nebula/default.nix
View file

@ -112,8 +112,7 @@ in
settings = { settings = {
pki.disconnect_invalid = true; pki.disconnect_invalid = true;
cipher = "aes"; cipher = "aes";
logging.level = "warning"; lighthouse.local_allow_list.interfaces.${config.services.tailscale.interfaceName} = false;
lighthouse.local_allow_list.interfaces.tailscale0 = false;
}; };
}; };