StefanMewes/Nebula-Ansible-Role
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add lighthouse relay function

Browse Source
This commit is contained in:
AndrewPaglusch
2023-12-08 22:49:54 -06:00
committed by Andrew Paglusch
parent 68d04e63c3
commit 70be5b0e44
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@@ -6,6 +6,7 @@ nebula_client_cert_duration: "43800h0m0s" #5 years
nebula_clean_install: false nebula_clean_install: false
nebula_lighthouse_build_hosts_file: true nebula_lighthouse_build_hosts_file: true
nebula_node_lighthouse_in_hosts_file: true nebula_node_lighthouse_in_hosts_file: true
nebula_node_use_lighthouse_as_relay: true
nebula_install_check_cron: true nebula_install_check_cron: true
@@ -13,6 +14,7 @@ nebula_lighthouse_hostname: lighthouse
nebula_lighthouse_internal_ip_addr: 192.168.77.1 nebula_lighthouse_internal_ip_addr: 192.168.77.1
nebula_lighthouse_public_hostname: my-nebula-server.com nebula_lighthouse_public_hostname: my-nebula-server.com
nebula_lighthouse_public_port: 4242 nebula_lighthouse_public_port: 4242
nebula_lighthouse_is_relay: true
nebula_lighthouse_extra_config: {} nebula_lighthouse_extra_config: {}
nebula_firewall_block_action: drop nebula_firewall_block_action: drop

8
templates/lighthouse_config.yml.j2
View File

@@ -49,6 +49,10 @@ punchy: true
# #
punch_back: true punch_back: true
relay:
am_relay: {{ nebula_lighthouse_is_relay }}
use_relays: false
tun: tun:
# sensible defaults. don't monkey with these unless # sensible defaults. don't monkey with these unless
# you're CERTAIN you know what you're doing. # you're CERTAIN you know what you're doing.
@@ -74,8 +78,8 @@ logging:
# one node from another. # one node from another.
# #
firewall: firewall:
outbound_action: {{ nebula_firewall_block_action | default('drop') }} outbound_action: {{ nebula_firewall_block_action }}
inbound_action: {{ nebula_firewall_block_action | default('drop') }} inbound_action: {{ nebula_firewall_block_action }}
conntrack: conntrack:
tcp_timeout: 120h tcp_timeout: 120h
udp_timeout: 3m udp_timeout: 3m

10
templates/node_config.yml.j2
View File

@@ -40,6 +40,12 @@ listen:
# #
punchy: true punchy: true
relay:
am_relay: false
use_relays: {{ nebula_node_use_lighthouse_as_relay }}
relays:
- {{ nebula_lighthouse_internal_ip_addr }}
# "punch_back" allows the other node to try punching out to you, # "punch_back" allows the other node to try punching out to you,
# if you're having trouble punching out to it. Useful for stubborn # if you're having trouble punching out to it. Useful for stubborn
# networks with symmetric NAT, etc. # networks with symmetric NAT, etc.
@@ -71,8 +77,8 @@ logging:
# one node from another. # one node from another.
# #
firewall: firewall:
outbound_action: {{ nebula_firewall_block_action | default('drop') }} outbound_action: {{ nebula_firewall_block_action }}
inbound_action: {{ nebula_firewall_block_action | default('drop') }} inbound_action: {{ nebula_firewall_block_action }}
conntrack: conntrack:
tcp_timeout: 120h tcp_timeout: 120h
udp_timeout: 3m udp_timeout: 3m