2026-01-21 15:11:34 +01:00
2 changed files with 28 additions and 38 deletions
--- a/flake.lock
+++ b/flake.lock
@ -88,11 +88,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1766549013,
-        "narHash": "sha256-GTT+poVhfyQ3JoKIneAT8tZgUEt0KyC6jN6LewIDYLY=",
+        "lastModified": 1766203416,
+        "narHash": "sha256-UrIuqnXvM+73owAiq1zjHNtaWrv72wD1yKO6jTowhTQ=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "356637020672729e7d406e65cb2e72a633301aba",
+        "rev": "8b55bb199045aa79e2965b7482b04ee4773192e3",
        "type": "gitlab"
      },
      "original": {
@ -160,11 +160,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766553861,
-        "narHash": "sha256-ZbnG01yA3O8Yr1vUm3+NQ2qk9iRhS5bloAnuXHHy7+c=",
+        "lastModified": 1765979862,
+        "narHash": "sha256-/r9/1KamvbHJx6I40H4HsSXnEcBAkj46ZwibhBx9kg0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0999ed8f965bbbd991437ad9c5ed3434cecbc30e",
+        "rev": "d3135ab747fd9dac250ffb90b4a7e80634eacbe9",
        "type": "github"
      },
      "original": {
@ -191,11 +191,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1766568855,
-        "narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=",
+        "lastModified": 1764440730,
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
        "type": "github"
      },
      "original": {
@ -207,11 +207,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1766473571,
-        "narHash": "sha256-5G1NDO2PulBx1RoaA6U1YoUDX0qZslpPxv+n5GX6Qto=",
+        "lastModified": 1765838191,
+        "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "76701a179d3a98b07653e2b0409847499b2a07d3",
+        "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6",
        "type": "github"
      },
      "original": {
@ -238,11 +238,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1766309749,
-        "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=",
+        "lastModified": 1766070988,
+        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816",
+        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
        "type": "github"
      },
      "original": {
@ -294,11 +294,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766289575,
-        "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=",
+        "lastModified": 1765836173,
+        "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "9836912e37aef546029e48c8749834735a6b9dad",
+        "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
        "type": "github"
      },
      "original": {
@ -382,11 +382,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766369649,
-        "narHash": "sha256-8Z/4upd/AS7pU72QS3GesaWeTgM4VcrSf85bh9fxum8=",
+        "lastModified": 1766225876,
+        "narHash": "sha256-e7kkh5axo86jc7QRMnWYpHNf9hHbG53xMTzr5v63cjw=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "94058abef65a5f2916f4d9da67d9966039366514",
+        "rev": "4ee8ee764ea5cf2fcb44684d04488b8f5e2115b7",
        "type": "github"
      },
      "original": {
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@ -9,16 +9,13 @@ let

  hostname = config.networking.hostName;

-  nodes =
+  lighthouses =
    self.nixosConfigurations
    |> lib.filterAttrs (name: _: name != hostname)
    |> lib.attrValues
    |> lib.map (value: value.config.custom.services.nebula.node)
-    |> lib.filter (node: node.enable);
-
-  lighthouses = nodes |> lib.filter (node: node.isLighthouse);
-
-  routableNodes = nodes |> lib.filter (node: node.routableAddress != null);
+    |> lib.filter (nebula: nebula.enable)
+    |> lib.filter (nebula: nebula.isLighthouse);
 in
 {
  options.custom.services.nebula.node = {
@ -31,15 +28,15 @@ in
      type = lib.types.nonEmptyStr;
      default = "";
    };
-    isLighthouse = lib.mkEnableOption "";

+    isLighthouse = lib.mkEnableOption "";
    routableAddress = lib.mkOption {
      type = lib.types.nullOr lib.types.nonEmptyStr;
      default = null;
    };
    routablePort = lib.mkOption {
      type = lib.types.nullOr lib.types.port;
-      default = if cfg.routableAddress != null then 47141 else null;
+      default = if cfg.isLighthouse then 47141 else null;
    };

    pubPath = lib.mkOption {
@ -53,12 +50,7 @@ in
  };

  config = lib.mkIf cfg.enable {
-    meta.ports.udp = lib.optional (cfg.routablePort != null) cfg.routablePort;
-
-    assertions = lib.singleton {
-      assertion = cfg.isLighthouse -> cfg.routableAddress != null;
-      message = "'${hostname}' is a Nebula lighthouse, but routableAddress is not set. Lighthouses must be publicly reachable.";
-    };
+    meta.ports.udp = lib.optional (cfg.routablePort != 0) cfg.routablePort;

    sops.secrets."nebula/host-key" = {
      owner = config.users.users.nebula-main.name;
@ -78,9 +70,8 @@ in
      lighthouses = lib.mkIf (!cfg.isLighthouse) (
        lighthouses |> lib.map (lighthouse: lighthouse.address)
      );
-
      staticHostMap =
-        routableNodes
+        lighthouses
        |> lib.map (lighthouse: {
          name = lighthouse.address;
          value = lib.singleton "${lighthouse.routableAddress}:${toString lighthouse.routablePort}";
@ -103,7 +94,6 @@ in
      settings = {
        pki.disconnect_invalid = true;
        cipher = "aes";
-        logging.level = "warning";
      };
    };
  };