From 70be5b0e44d7ea8f145b34951c31c15bf4d6a3d2 Mon Sep 17 00:00:00 2001
From: AndrewPaglusch <AndrewPaglusch@users.noreply.github.com>
Date: Fri, 8 Dec 2023 22:49:54 -0600
Subject: [PATCH] add lighthouse relay function

---
 defaults/main.yml                  |  2 ++
 templates/lighthouse_config.yml.j2 |  8 ++++++--
 templates/node_config.yml.j2       | 10 ++++++++--
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 0cdf0e1..92f36e9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,7 @@ nebula_client_cert_duration: "43800h0m0s" #5 years
 nebula_clean_install: false
 nebula_lighthouse_build_hosts_file: true
 nebula_node_lighthouse_in_hosts_file: true
+nebula_node_use_lighthouse_as_relay: true
 nebula_install_check_cron: true
 
 
@@ -13,6 +14,7 @@ nebula_lighthouse_hostname: lighthouse
 nebula_lighthouse_internal_ip_addr: 192.168.77.1
 nebula_lighthouse_public_hostname: my-nebula-server.com
 nebula_lighthouse_public_port: 4242
+nebula_lighthouse_is_relay: true
 nebula_lighthouse_extra_config: {}
 
 nebula_firewall_block_action: drop
diff --git a/templates/lighthouse_config.yml.j2 b/templates/lighthouse_config.yml.j2
index a0c9e1b..8806bde 100644
--- a/templates/lighthouse_config.yml.j2
+++ b/templates/lighthouse_config.yml.j2
@@ -49,6 +49,10 @@ punchy: true
 #
 punch_back: true
 
+relay:
+  am_relay: {{ nebula_lighthouse_is_relay }}
+  use_relays: false
+
 tun:
   # sensible defaults. don't monkey with these unless
   # you're CERTAIN you know what you're doing.
@@ -74,8 +78,8 @@ logging:
 # one node from another.
 #
 firewall:
-  outbound_action: {{ nebula_firewall_block_action | default('drop') }}
-  inbound_action: {{ nebula_firewall_block_action | default('drop') }}
+  outbound_action: {{ nebula_firewall_block_action }}
+  inbound_action: {{ nebula_firewall_block_action }}
   conntrack:
     tcp_timeout: 120h
     udp_timeout: 3m
diff --git a/templates/node_config.yml.j2 b/templates/node_config.yml.j2
index 410af49..cce328f 100644
--- a/templates/node_config.yml.j2
+++ b/templates/node_config.yml.j2
@@ -40,6 +40,12 @@ listen:
 #
 punchy: true
 
+relay:
+  am_relay: false
+  use_relays: {{ nebula_node_use_lighthouse_as_relay }}
+  relays:
+    - {{ nebula_lighthouse_internal_ip_addr }}
+
 # "punch_back" allows the other node to try punching out to you,
 # if you're having trouble punching out to it. Useful for stubborn
 # networks with symmetric NAT, etc.
@@ -71,8 +77,8 @@ logging:
 # one node from another.
 #
 firewall:
-  outbound_action: {{ nebula_firewall_block_action | default('drop') }}
-  inbound_action: {{ nebula_firewall_block_action | default('drop') }}
+  outbound_action: {{ nebula_firewall_block_action }}
+  inbound_action: {{ nebula_firewall_block_action }}
   conntrack:
     tcp_timeout: 120h
     udp_timeout: 3m