diff --git a/config-node.yaml b/config-node.yaml index 9e299b9..6f3c29a 100644 --- a/config-node.yaml +++ b/config-node.yaml @@ -34,9 +34,9 @@ lighthouse: # delegated to for resolution #serve_dns: false #dns: - # The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP. - #host: 0.0.0.0 - #port: 53 + # The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP. + #host: 0.0.0.0 + #port: 53 # interval is the number of seconds between updates from this node to a lighthouse. # during updates, a node sends information about its current IP addresses to each node. interval: 60 @@ -54,21 +54,21 @@ lighthouse: # "deny" rules are present, then you MUST set a rule for "0.0.0.0/0" as the # default. #remote_allow_list: - # Example to block IPs from this subnet from being used for remote IPs. - #"172.16.0.0/12": false + # Example to block IPs from this subnet from being used for remote IPs. + #"172.16.0.0/12": false - # A more complicated example, allow public IPs but only private IPs from a specific subnet - #"0.0.0.0/0": true - #"10.0.0.0/8": false - #"10.42.42.0/24": true + # A more complicated example, allow public IPs but only private IPs from a specific subnet + #"0.0.0.0/0": true + #"10.0.0.0/8": false + #"10.42.42.0/24": true # EXPERIMENTAL: This option my change or disappear in the future. # Optionally allows the definition of remote_allow_list blocks # specific to an inside VPN IP CIDR. #remote_allow_ranges: - # This rule would only allow only private IPs for this VPN range - #"10.42.42.0/24": - #"192.168.0.0/16": true + # This rule would only allow only private IPs for this VPN range + #"10.42.42.0/24": + #"192.168.0.0/16": true # local_allow_list allows you to filter which local IP addresses we advertise # to the lighthouses. This uses the same logic as `remote_allow_list`, but @@ -78,12 +78,12 @@ lighthouse: # the inverse). CIDR rules are matched after interface name rules. # Default is all local IP addresses. #local_allow_list: - # Example to block tun0 and all docker interfaces. - #interfaces: - #tun0: false - #'docker.*': false - # Example to only advertise this subnet to the lighthouse. - #"10.0.0.0/8": true + # Example to block tun0 and all docker interfaces. + #interfaces: + #tun0: false + #'docker.*': false + # Example to only advertise this subnet to the lighthouse. + #"10.0.0.0/8": true # Port Nebula will be listening on. The default here is 4242. For a lighthouse node, the port should be defined, # however using port 0 will dynamically assign a port and is recommended for roaming nodes. @@ -134,19 +134,19 @@ punchy: # sshd can expose informational and administrative functions via ssh this is a #sshd: -# Toggles the feature -#enabled: true -# Host and port to listen on, port 22 is not allowed for your safety -#listen: 127.0.0.1:2222 -# A file containing the ssh host private key to use -# A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null -#host_key: ./ssh_host_ed25519_key -# A file containing a list of authorized public keys -#authorized_users: -#- user: steeeeve -# keys can be an array of strings or single string -#keys: -#- "ssh public key string" + # Toggles the feature + #enabled: true + # Host and port to listen on, port 22 is not allowed for your safety + #listen: 127.0.0.1:2222 + # A file containing the ssh host private key to use + # A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null + #host_key: ./ssh_host_ed25519_key + # A file containing a list of authorized public keys + #authorized_users: + #- user: steeeeve + # keys can be an array of strings or single string + #keys: + #- "ssh public key string" # Configure the private interface. Note: addr is baked into the nebula certificate tun: @@ -198,38 +198,38 @@ logging: #timestamp_format: "2006-01-02T15:04:05.000Z07:00" #stats: -#type: graphite -#prefix: nebula -#protocol: tcp -#host: 127.0.0.1:9999 -#interval: 10s + #type: graphite + #prefix: nebula + #protocol: tcp + #host: 127.0.0.1:9999 + #interval: 10s -#type: prometheus -#listen: 127.0.0.1:8080 -#path: /metrics -#namespace: prometheusns -#subsystem: nebula -#interval: 10s + #type: prometheus + #listen: 127.0.0.1:8080 + #path: /metrics + #namespace: prometheusns + #subsystem: nebula + #interval: 10s -# enables counter metrics for meta packets -# e.g.: `messages.tx.handshake` -# NOTE: `message.{tx,rx}.recv_error` is always emitted -#message_metrics: false + # enables counter metrics for meta packets + # e.g.: `messages.tx.handshake` + # NOTE: `message.{tx,rx}.recv_error` is always emitted + #message_metrics: false -# enables detailed counter metrics for lighthouse packets -# e.g.: `lighthouse.rx.HostQuery` -#lighthouse_metrics: false + # enables detailed counter metrics for lighthouse packets + # e.g.: `lighthouse.rx.HostQuery` + #lighthouse_metrics: false # Handshake Manager Settings #handshakes: -# Handshakes are sent to all known addresses at each interval with a linear backoff, -# Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout -# A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out -#try_interval: 100ms -#retries: 20 -# trigger_buffer is the size of the buffer channel for quickly sending handshakes -# after receiving the response for lighthouse queries -#trigger_buffer: 64 + # Handshakes are sent to all known addresses at each interval with a linear backoff, + # Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout + # A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out + #try_interval: 100ms + #retries: 20 + # trigger_buffer is the size of the buffer channel for quickly sending handshakes + # after receiving the response for lighthouse queries + #trigger_buffer: 64 # Nebula security group configuration firewall: