72 lines
2.6 KiB
YAML
72 lines
2.6 KiB
YAML
---
|
|
nebula_version: 1.8.0
|
|
nebula_network_name: "My Nebula Mesh Network"
|
|
nebula_network_cidr: 24
|
|
nebula_ca_cert_duration: "87600h0m0s" #10 years
|
|
nebula_client_cert_duration: "43800h0m0s" #5 years
|
|
nebula_clean_install: false
|
|
nebula_lighthouse_build_hosts_file: true
|
|
nebula_node_lighthouse_in_hosts_file: true
|
|
nebula_node_use_lighthouse_as_relay: true
|
|
nebula_install_check_cron: true
|
|
|
|
# Multi-lighthouse configuration
|
|
# Each lighthouse needs: hostname, internal_ip, public_hostname, public_port
|
|
# The FIRST lighthouse in the list is the "primary" lighthouse:
|
|
# - It stores the CA key and signs all certificates
|
|
# - All other lighthouses fetch their certs from it
|
|
#
|
|
# Example:
|
|
# nebula_lighthouses:
|
|
# - hostname: lighthouse1
|
|
# internal_ip: 192.168.77.1
|
|
# public_hostname: lh1.example.com
|
|
# public_port: 4242
|
|
# is_relay: true
|
|
# - hostname: lighthouse2
|
|
# internal_ip: 192.168.77.2
|
|
# public_hostname: lh2.example.com
|
|
# public_port: 4242
|
|
# is_relay: true
|
|
nebula_lighthouses: []
|
|
|
|
# Legacy single-lighthouse variables (still supported for backwards compatibility)
|
|
# If nebula_lighthouses is empty, these are used to build a single-lighthouse setup.
|
|
nebula_lighthouse_hostname: lighthouse
|
|
nebula_lighthouse_internal_ip_addr: 192.168.77.1
|
|
nebula_lighthouse_public_hostname: my-nebula-server.com
|
|
nebula_lighthouse_public_port: 4242
|
|
nebula_lighthouse_is_relay: true
|
|
nebula_lighthouse_extra_config: {}
|
|
|
|
# Lighthouse remote_allow_list configuration
|
|
# Controls IP ranges that this node will consider when handshaking to another node
|
|
# Format: CIDR: boolean (true to allow, false to deny)
|
|
# If all rules are "allow", default will be "deny", and vice-versa
|
|
# If both "allow" and "deny" rules are present, you MUST set a rule for "0.0.0.0/0" as default
|
|
nebula_lighthouse_remote_allow_list: {}
|
|
|
|
# Lighthouse local_allow_list configuration
|
|
# Filters which local IP addresses are advertised to the lighthouses
|
|
# Can specify interfaces map of regular expressions to match against interface names
|
|
# Format: CIDR: boolean or interfaces: { interface_regex: boolean }
|
|
nebula_lighthouse_local_allow_list: {}
|
|
|
|
nebula_metrics_prometheus_enabled: false
|
|
nebula_metrics_prometheus_listen: "127.0.0.1:4244"
|
|
nebula_metrics_prometheus_path: "/metrics"
|
|
nebula_metrics_prometheus_namespace: nebula
|
|
nebula_metrics_prometheus_interval: 10s
|
|
|
|
nebula_firewall_block_action: drop
|
|
|
|
nebula_inbound_rules:
|
|
- { port: "any", proto: "any", host: "any" }
|
|
nebula_outbound_rules:
|
|
- { port: "any", proto: "any", host: "any" }
|
|
|
|
nebula_sshd_enabled: false
|
|
nebula_sshd_listen: "127.0.0.1:2222"
|
|
nebula_sshd_authorized_users: []
|
|
nebula_sshd_trusted_cas: []
|