StefanMewes/Nebula-Ansible-Role
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

config/lighthouse: add support for remote and local allow lists

Browse Source
This commit is contained in:
Matt Burchett
2025-09-20 06:07:45 +00:00
committed by Andrew Paglusch
parent 394aabc1d8
commit c6f6548f97
3 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
defaults/main.yml
View File

@@ -17,6 +17,19 @@ nebula_lighthouse_public_port: 4242
nebula_lighthouse_is_relay: true
nebula_lighthouse_extra_config: {}
# Lighthouse remote_allow_list configuration
# Controls IP ranges that this node will consider when handshaking to another node
# Format: CIDR: boolean (true to allow, false to deny)
# If all rules are "allow", default will be "deny", and vice-versa
# If both "allow" and "deny" rules are present, you MUST set a rule for "0.0.0.0/0" as default
nebula_lighthouse_remote_allow_list: {}
# Lighthouse local_allow_list configuration
# Filters which local IP addresses are advertised to the lighthouses
# Can specify interfaces map of regular expressions to match against interface names
# Format: CIDR: boolean or interfaces: { interface_regex: boolean }
nebula_lighthouse_local_allow_list: {}
nebula_metrics_prometheus_enabled: false
nebula_metrics_prometheus_listen: "127.0.0.1:4244"
nebula_metrics_prometheus_path: "/metrics"