Nebula-Ansible-Role/defaults/main.yml

nebula_version: 1.8.0
nebula_network_name: "My Nebula Mesh Network"
nebula_network_cidr: 24
nebula_ca_cert_duration: "87600h0m0s" #10 years
nebula_client_cert_duration: "43800h0m0s" #5 years
nebula_clean_install: false
nebula_lighthouse_build_hosts_file: true
nebula_node_lighthouse_in_hosts_file: true
nebula_node_use_lighthouse_as_relay: true
nebula_install_check_cron: true


nebula_lighthouse_hostname: lighthouse
nebula_lighthouse_internal_ip_addr: 192.168.77.1
nebula_lighthouse_public_hostname: my-nebula-server.com
nebula_lighthouse_public_port: 4242
nebula_lighthouse_is_relay: true
nebula_lighthouse_extra_config: {}

# Lighthouse remote_allow_list configuration
# Controls IP ranges that this node will consider when handshaking to another node
# Format: CIDR: boolean (true to allow, false to deny)
# If all rules are "allow", default will be "deny", and vice-versa
# If both "allow" and "deny" rules are present, you MUST set a rule for "0.0.0.0/0" as default
nebula_lighthouse_remote_allow_list: {}

# Lighthouse local_allow_list configuration
# Filters which local IP addresses are advertised to the lighthouses
# Can specify interfaces map of regular expressions to match against interface names
# Format: CIDR: boolean or interfaces: { interface_regex: boolean }
nebula_lighthouse_local_allow_list: {}

nebula_metrics_prometheus_enabled: false
nebula_metrics_prometheus_listen: "127.0.0.1:4244"
nebula_metrics_prometheus_path: "/metrics"
nebula_metrics_prometheus_namespace: nebula
nebula_metrics_prometheus_interval: 10s

nebula_firewall_block_action: drop

nebula_inbound_rules:
  - { port: "any", proto: "any", host: "any" }
nebula_outbound_rules:
  - { port: "any", proto: "any", host: "any" }

nebula_sshd_enabled: false
nebula_sshd_listen: "127.0.0.1:2222"
nebula_sshd_authorized_users: []
nebula_sshd_trusted_cas: []