Merge branch 'mark_new_lighthouse' into 'main'
add new lighthouse in marks 1984 VPS See merge request scott/infranet!1
This commit is contained in:
commit
53208e116c
117
config-node.yaml
117
config-node.yaml
|
@ -24,6 +24,7 @@ pki:
|
||||||
# "{nebula ip}": ["{routable ip/dns name}:{routable port}"]
|
# "{nebula ip}": ["{routable ip/dns name}:{routable port}"]
|
||||||
static_host_map:
|
static_host_map:
|
||||||
"10.10.100.1": ["185.112.144.69:4242"]
|
"10.10.100.1": ["185.112.144.69:4242"]
|
||||||
|
"10.10.100.21": ["93.95.230.219:4242"]
|
||||||
|
|
||||||
lighthouse:
|
lighthouse:
|
||||||
# am_lighthouse is used to enable lighthouse functionality for a node. This should ONLY be true on nodes
|
# am_lighthouse is used to enable lighthouse functionality for a node. This should ONLY be true on nodes
|
||||||
|
@ -33,9 +34,9 @@ lighthouse:
|
||||||
# delegated to for resolution
|
# delegated to for resolution
|
||||||
#serve_dns: false
|
#serve_dns: false
|
||||||
#dns:
|
#dns:
|
||||||
# The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP.
|
# The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP.
|
||||||
#host: 0.0.0.0
|
#host: 0.0.0.0
|
||||||
#port: 53
|
#port: 53
|
||||||
# interval is the number of seconds between updates from this node to a lighthouse.
|
# interval is the number of seconds between updates from this node to a lighthouse.
|
||||||
# during updates, a node sends information about its current IP addresses to each node.
|
# during updates, a node sends information about its current IP addresses to each node.
|
||||||
interval: 60
|
interval: 60
|
||||||
|
@ -53,21 +54,21 @@ lighthouse:
|
||||||
# "deny" rules are present, then you MUST set a rule for "0.0.0.0/0" as the
|
# "deny" rules are present, then you MUST set a rule for "0.0.0.0/0" as the
|
||||||
# default.
|
# default.
|
||||||
#remote_allow_list:
|
#remote_allow_list:
|
||||||
# Example to block IPs from this subnet from being used for remote IPs.
|
# Example to block IPs from this subnet from being used for remote IPs.
|
||||||
#"172.16.0.0/12": false
|
#"172.16.0.0/12": false
|
||||||
|
|
||||||
# A more complicated example, allow public IPs but only private IPs from a specific subnet
|
# A more complicated example, allow public IPs but only private IPs from a specific subnet
|
||||||
#"0.0.0.0/0": true
|
#"0.0.0.0/0": true
|
||||||
#"10.0.0.0/8": false
|
#"10.0.0.0/8": false
|
||||||
#"10.42.42.0/24": true
|
#"10.42.42.0/24": true
|
||||||
|
|
||||||
# EXPERIMENTAL: This option my change or disappear in the future.
|
# EXPERIMENTAL: This option my change or disappear in the future.
|
||||||
# Optionally allows the definition of remote_allow_list blocks
|
# Optionally allows the definition of remote_allow_list blocks
|
||||||
# specific to an inside VPN IP CIDR.
|
# specific to an inside VPN IP CIDR.
|
||||||
#remote_allow_ranges:
|
#remote_allow_ranges:
|
||||||
# This rule would only allow only private IPs for this VPN range
|
# This rule would only allow only private IPs for this VPN range
|
||||||
#"10.42.42.0/24":
|
#"10.42.42.0/24":
|
||||||
#"192.168.0.0/16": true
|
#"192.168.0.0/16": true
|
||||||
|
|
||||||
# local_allow_list allows you to filter which local IP addresses we advertise
|
# local_allow_list allows you to filter which local IP addresses we advertise
|
||||||
# to the lighthouses. This uses the same logic as `remote_allow_list`, but
|
# to the lighthouses. This uses the same logic as `remote_allow_list`, but
|
||||||
|
@ -77,12 +78,12 @@ lighthouse:
|
||||||
# the inverse). CIDR rules are matched after interface name rules.
|
# the inverse). CIDR rules are matched after interface name rules.
|
||||||
# Default is all local IP addresses.
|
# Default is all local IP addresses.
|
||||||
#local_allow_list:
|
#local_allow_list:
|
||||||
# Example to block tun0 and all docker interfaces.
|
# Example to block tun0 and all docker interfaces.
|
||||||
#interfaces:
|
#interfaces:
|
||||||
#tun0: false
|
#tun0: false
|
||||||
#'docker.*': false
|
#'docker.*': false
|
||||||
# Example to only advertise this subnet to the lighthouse.
|
# Example to only advertise this subnet to the lighthouse.
|
||||||
#"10.0.0.0/8": true
|
#"10.0.0.0/8": true
|
||||||
|
|
||||||
# Port Nebula will be listening on. The default here is 4242. For a lighthouse node, the port should be defined,
|
# Port Nebula will be listening on. The default here is 4242. For a lighthouse node, the port should be defined,
|
||||||
# however using port 0 will dynamically assign a port and is recommended for roaming nodes.
|
# however using port 0 will dynamically assign a port and is recommended for roaming nodes.
|
||||||
|
@ -133,19 +134,19 @@ punchy:
|
||||||
|
|
||||||
# sshd can expose informational and administrative functions via ssh this is a
|
# sshd can expose informational and administrative functions via ssh this is a
|
||||||
#sshd:
|
#sshd:
|
||||||
# Toggles the feature
|
# Toggles the feature
|
||||||
#enabled: true
|
#enabled: true
|
||||||
# Host and port to listen on, port 22 is not allowed for your safety
|
# Host and port to listen on, port 22 is not allowed for your safety
|
||||||
#listen: 127.0.0.1:2222
|
#listen: 127.0.0.1:2222
|
||||||
# A file containing the ssh host private key to use
|
# A file containing the ssh host private key to use
|
||||||
# A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null
|
# A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null
|
||||||
#host_key: ./ssh_host_ed25519_key
|
#host_key: ./ssh_host_ed25519_key
|
||||||
# A file containing a list of authorized public keys
|
# A file containing a list of authorized public keys
|
||||||
#authorized_users:
|
#authorized_users:
|
||||||
#- user: steeeeve
|
#- user: steeeeve
|
||||||
# keys can be an array of strings or single string
|
# keys can be an array of strings or single string
|
||||||
#keys:
|
#keys:
|
||||||
#- "ssh public key string"
|
#- "ssh public key string"
|
||||||
|
|
||||||
# Configure the private interface. Note: addr is baked into the nebula certificate
|
# Configure the private interface. Note: addr is baked into the nebula certificate
|
||||||
tun:
|
tun:
|
||||||
|
@ -178,7 +179,6 @@ tun:
|
||||||
# mtu: 1300
|
# mtu: 1300
|
||||||
# metric: 100
|
# metric: 100
|
||||||
|
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
# Configure logging level
|
# Configure logging level
|
||||||
logging:
|
logging:
|
||||||
|
@ -198,39 +198,38 @@ logging:
|
||||||
#timestamp_format: "2006-01-02T15:04:05.000Z07:00"
|
#timestamp_format: "2006-01-02T15:04:05.000Z07:00"
|
||||||
|
|
||||||
#stats:
|
#stats:
|
||||||
#type: graphite
|
#type: graphite
|
||||||
#prefix: nebula
|
#prefix: nebula
|
||||||
#protocol: tcp
|
#protocol: tcp
|
||||||
#host: 127.0.0.1:9999
|
#host: 127.0.0.1:9999
|
||||||
#interval: 10s
|
#interval: 10s
|
||||||
|
|
||||||
#type: prometheus
|
#type: prometheus
|
||||||
#listen: 127.0.0.1:8080
|
#listen: 127.0.0.1:8080
|
||||||
#path: /metrics
|
#path: /metrics
|
||||||
#namespace: prometheusns
|
#namespace: prometheusns
|
||||||
#subsystem: nebula
|
#subsystem: nebula
|
||||||
#interval: 10s
|
#interval: 10s
|
||||||
|
|
||||||
# enables counter metrics for meta packets
|
# enables counter metrics for meta packets
|
||||||
# e.g.: `messages.tx.handshake`
|
# e.g.: `messages.tx.handshake`
|
||||||
# NOTE: `message.{tx,rx}.recv_error` is always emitted
|
# NOTE: `message.{tx,rx}.recv_error` is always emitted
|
||||||
#message_metrics: false
|
#message_metrics: false
|
||||||
|
|
||||||
# enables detailed counter metrics for lighthouse packets
|
# enables detailed counter metrics for lighthouse packets
|
||||||
# e.g.: `lighthouse.rx.HostQuery`
|
# e.g.: `lighthouse.rx.HostQuery`
|
||||||
#lighthouse_metrics: false
|
#lighthouse_metrics: false
|
||||||
|
|
||||||
# Handshake Manager Settings
|
# Handshake Manager Settings
|
||||||
#handshakes:
|
#handshakes:
|
||||||
# Handshakes are sent to all known addresses at each interval with a linear backoff,
|
# Handshakes are sent to all known addresses at each interval with a linear backoff,
|
||||||
# Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout
|
# Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout
|
||||||
# A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out
|
# A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out
|
||||||
#try_interval: 100ms
|
#try_interval: 100ms
|
||||||
#retries: 20
|
#retries: 20
|
||||||
# trigger_buffer is the size of the buffer channel for quickly sending handshakes
|
# trigger_buffer is the size of the buffer channel for quickly sending handshakes
|
||||||
# after receiving the response for lighthouse queries
|
# after receiving the response for lighthouse queries
|
||||||
#trigger_buffer: 64
|
#trigger_buffer: 64
|
||||||
|
|
||||||
|
|
||||||
# Nebula security group configuration
|
# Nebula security group configuration
|
||||||
firewall:
|
firewall:
|
||||||
|
|
Loading…
Reference in a new issue