Merge branch 'mark_new_lighthouse' into 'main'

add new lighthouse in marks 1984 VPS

See merge request scott/infranet!1
This commit is contained in:
Scott 2022-03-31 13:12:09 +00:00
commit 53208e116c

View file

@ -24,6 +24,7 @@ pki:
# "{nebula ip}": ["{routable ip/dns name}:{routable port}"] # "{nebula ip}": ["{routable ip/dns name}:{routable port}"]
static_host_map: static_host_map:
"10.10.100.1": ["185.112.144.69:4242"] "10.10.100.1": ["185.112.144.69:4242"]
"10.10.100.21": ["93.95.230.219:4242"]
lighthouse: lighthouse:
# am_lighthouse is used to enable lighthouse functionality for a node. This should ONLY be true on nodes # am_lighthouse is used to enable lighthouse functionality for a node. This should ONLY be true on nodes
@ -33,9 +34,9 @@ lighthouse:
# delegated to for resolution # delegated to for resolution
#serve_dns: false #serve_dns: false
#dns: #dns:
# The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP. # The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP.
#host: 0.0.0.0 #host: 0.0.0.0
#port: 53 #port: 53
# interval is the number of seconds between updates from this node to a lighthouse. # interval is the number of seconds between updates from this node to a lighthouse.
# during updates, a node sends information about its current IP addresses to each node. # during updates, a node sends information about its current IP addresses to each node.
interval: 60 interval: 60
@ -53,21 +54,21 @@ lighthouse:
# "deny" rules are present, then you MUST set a rule for "0.0.0.0/0" as the # "deny" rules are present, then you MUST set a rule for "0.0.0.0/0" as the
# default. # default.
#remote_allow_list: #remote_allow_list:
# Example to block IPs from this subnet from being used for remote IPs. # Example to block IPs from this subnet from being used for remote IPs.
#"172.16.0.0/12": false #"172.16.0.0/12": false
# A more complicated example, allow public IPs but only private IPs from a specific subnet # A more complicated example, allow public IPs but only private IPs from a specific subnet
#"0.0.0.0/0": true #"0.0.0.0/0": true
#"10.0.0.0/8": false #"10.0.0.0/8": false
#"10.42.42.0/24": true #"10.42.42.0/24": true
# EXPERIMENTAL: This option my change or disappear in the future. # EXPERIMENTAL: This option my change or disappear in the future.
# Optionally allows the definition of remote_allow_list blocks # Optionally allows the definition of remote_allow_list blocks
# specific to an inside VPN IP CIDR. # specific to an inside VPN IP CIDR.
#remote_allow_ranges: #remote_allow_ranges:
# This rule would only allow only private IPs for this VPN range # This rule would only allow only private IPs for this VPN range
#"10.42.42.0/24": #"10.42.42.0/24":
#"192.168.0.0/16": true #"192.168.0.0/16": true
# local_allow_list allows you to filter which local IP addresses we advertise # local_allow_list allows you to filter which local IP addresses we advertise
# to the lighthouses. This uses the same logic as `remote_allow_list`, but # to the lighthouses. This uses the same logic as `remote_allow_list`, but
@ -77,12 +78,12 @@ lighthouse:
# the inverse). CIDR rules are matched after interface name rules. # the inverse). CIDR rules are matched after interface name rules.
# Default is all local IP addresses. # Default is all local IP addresses.
#local_allow_list: #local_allow_list:
# Example to block tun0 and all docker interfaces. # Example to block tun0 and all docker interfaces.
#interfaces: #interfaces:
#tun0: false #tun0: false
#'docker.*': false #'docker.*': false
# Example to only advertise this subnet to the lighthouse. # Example to only advertise this subnet to the lighthouse.
#"10.0.0.0/8": true #"10.0.0.0/8": true
# Port Nebula will be listening on. The default here is 4242. For a lighthouse node, the port should be defined, # Port Nebula will be listening on. The default here is 4242. For a lighthouse node, the port should be defined,
# however using port 0 will dynamically assign a port and is recommended for roaming nodes. # however using port 0 will dynamically assign a port and is recommended for roaming nodes.
@ -133,19 +134,19 @@ punchy:
# sshd can expose informational and administrative functions via ssh this is a # sshd can expose informational and administrative functions via ssh this is a
#sshd: #sshd:
# Toggles the feature # Toggles the feature
#enabled: true #enabled: true
# Host and port to listen on, port 22 is not allowed for your safety # Host and port to listen on, port 22 is not allowed for your safety
#listen: 127.0.0.1:2222 #listen: 127.0.0.1:2222
# A file containing the ssh host private key to use # A file containing the ssh host private key to use
# A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null # A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null
#host_key: ./ssh_host_ed25519_key #host_key: ./ssh_host_ed25519_key
# A file containing a list of authorized public keys # A file containing a list of authorized public keys
#authorized_users: #authorized_users:
#- user: steeeeve #- user: steeeeve
# keys can be an array of strings or single string # keys can be an array of strings or single string
#keys: #keys:
#- "ssh public key string" #- "ssh public key string"
# Configure the private interface. Note: addr is baked into the nebula certificate # Configure the private interface. Note: addr is baked into the nebula certificate
tun: tun:
@ -178,7 +179,6 @@ tun:
# mtu: 1300 # mtu: 1300
# metric: 100 # metric: 100
# TODO # TODO
# Configure logging level # Configure logging level
logging: logging:
@ -198,39 +198,38 @@ logging:
#timestamp_format: "2006-01-02T15:04:05.000Z07:00" #timestamp_format: "2006-01-02T15:04:05.000Z07:00"
#stats: #stats:
#type: graphite #type: graphite
#prefix: nebula #prefix: nebula
#protocol: tcp #protocol: tcp
#host: 127.0.0.1:9999 #host: 127.0.0.1:9999
#interval: 10s #interval: 10s
#type: prometheus #type: prometheus
#listen: 127.0.0.1:8080 #listen: 127.0.0.1:8080
#path: /metrics #path: /metrics
#namespace: prometheusns #namespace: prometheusns
#subsystem: nebula #subsystem: nebula
#interval: 10s #interval: 10s
# enables counter metrics for meta packets # enables counter metrics for meta packets
# e.g.: `messages.tx.handshake` # e.g.: `messages.tx.handshake`
# NOTE: `message.{tx,rx}.recv_error` is always emitted # NOTE: `message.{tx,rx}.recv_error` is always emitted
#message_metrics: false #message_metrics: false
# enables detailed counter metrics for lighthouse packets # enables detailed counter metrics for lighthouse packets
# e.g.: `lighthouse.rx.HostQuery` # e.g.: `lighthouse.rx.HostQuery`
#lighthouse_metrics: false #lighthouse_metrics: false
# Handshake Manager Settings # Handshake Manager Settings
#handshakes: #handshakes:
# Handshakes are sent to all known addresses at each interval with a linear backoff, # Handshakes are sent to all known addresses at each interval with a linear backoff,
# Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout # Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout
# A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out # A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out
#try_interval: 100ms #try_interval: 100ms
#retries: 20 #retries: 20
# trigger_buffer is the size of the buffer channel for quickly sending handshakes # trigger_buffer is the size of the buffer channel for quickly sending handshakes
# after receiving the response for lighthouse queries # after receiving the response for lighthouse queries
#trigger_buffer: 64 #trigger_buffer: 64
# Nebula security group configuration # Nebula security group configuration
firewall: firewall: