StefanMewes/Nebula-Ansible-Role
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

config/lighthouse: add support for remote and local allow lists

Browse Source
This commit is contained in:
Matt Burchett
2025-09-20 06:07:45 +00:00
committed by Andrew Paglusch
parent 394aabc1d8
commit c6f6548f97
3 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
templates/lighthouse_config.yml.j2
View File

@@ -28,9 +28,34 @@ lighthouse:
# format:
#
# - "192.168.77.1"
{% if nebula_lighthouse_extra_config|length > 0 %}
{{- nebula_lighthouse_extra_config | to_nice_yaml | indent(2) }}
{% if nebula_lighthouse_remote_allow_list|length > 0 %}
# remote_allow_list controls IP ranges that this node will consider when handshaking
remote_allow_list:
{% for cidr, allow in nebula_lighthouse_remote_allow_list.items() %}
'{{ cidr }}': {{ allow | lower }}
{% endfor %}
{% endif %}
{% if nebula_lighthouse_local_allow_list|length > 0 %}
# local_allow_list filters which local IP addresses we advertise to the lighthouses
local_allow_list:
{% if nebula_lighthouse_local_allow_list.interfaces is defined %}
interfaces:
{% for interface, allow in nebula_lighthouse_local_allow_list.interfaces.items() %}
'{{ interface }}': {{ allow | lower }}
{% endfor %}
{% endif %}
{% for key, value in nebula_lighthouse_local_allow_list.items() %}
{% if key != 'interfaces' %}
'{{ key }}': {{ value | lower }}
{% endif %}
{% endfor %}
{% endif %}
{% if nebula_lighthouse_extra_config|length > 0 %}
{{- nebula_lighthouse_extra_config | to_nice_yaml | indent(2) }}
{% endif %}
listen:
# 0.0.0.0 means "all interfaces," which is probably what you want