StefanMewes/Nebula-Ansible-Role
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Ansible Role for Nebula

Quickly and easily deploy the Nebula Overlay VPN software onto all of your hosts.

What Is Nebula

Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world.

You can read more about Nebula on the official repo

Example Playbook

---
- name: Deploy Nebula (multi-lighthouse)
  hosts: all
  gather_facts: yes
  user: ansible
  become: yes
  vars:
    nebula_version: 1.8.0
    nebula_network_name: "My Company Nebula"
    nebula_network_cidr: 16

    # --- Multi-Lighthouse Configuration ---
    # The FIRST entry is the primary (hosts the CA key).
    # All additional entries are secondaries.
    nebula_lighthouses:
      - hostname: lighthouse1
        internal_ip: 10.43.0.1
        public_hostname: lh1.example.com
        public_port: 4242
        is_relay: true
      - hostname: lighthouse2
        internal_ip: 10.43.0.2
        public_hostname: lh2.example.com
        public_port: 4242
        is_relay: true

    nebula_firewall_block_action: reject
    nebula_inbound_rules:
      - { port: "any", proto: "icmp", host: "any" }
      - { port: 22, proto: "tcp", host: "any" }
    nebula_outbound_rules:
      - { port: "any", proto: "any", host: "any" }

  roles:
    - role: nebula

Example Inventory

[nebula_lighthouse]
lighthouse1.example.com
lighthouse2.example.com

[servers]
web01.example.com nebula_internal_ip_addr=10.43.0.10
docker01.example.com nebula_internal_ip_addr=10.43.0.11
db01.example.com nebula_internal_ip_addr=10.43.0.12

Note: More variables can be found in the role defaults.

SSH Debug Console

This role supports Nebula's built-in SSH debug console feature. To enable it, set:

nebula_sshd_enabled: true
nebula_sshd_listen: "127.0.0.1:2222"  # Optional, defaults to 127.0.0.1:2222
nebula_sshd_authorized_users:
  - user: admin
    keys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... admin@host"
    key_files:
      - "/path/to/admin.pub"
  - user: developer
    key_files:
      - "~/.ssh/developer_key.pub"

You can specify SSH keys either:

  • Inline using the keys field with the full public key string
  • From files using the key_files field with paths to public key files
  • Both in the same user entry

The role automatically generates an ED25519 SSH host key at /opt/nebula/ssh_host_ed25519_key when the SSH daemon is enabled.

Running the Playbook

ansible-playbook -i inventory nebula.yml
Reference in New Issue View Git Blame Copy Permalink
Description
Nebula VPN Overlay Network Installer With Ansible
encryptionnebulanetworkingoverlayslackhqvpn
Readme 133 KiB
Languages
Jinja 100%