diff --git a/config-node.yaml b/config-node.yaml index be59e1b..9e299b9 100644 --- a/config-node.yaml +++ b/config-node.yaml @@ -24,6 +24,7 @@ pki: # "{nebula ip}": ["{routable ip/dns name}:{routable port}"] static_host_map: "10.10.100.1": ["185.112.144.69:4242"] + "10.10.100.21": ["93.95.230.219:4242"] lighthouse: # am_lighthouse is used to enable lighthouse functionality for a node. This should ONLY be true on nodes @@ -33,9 +34,9 @@ lighthouse: # delegated to for resolution #serve_dns: false #dns: - # The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP. - #host: 0.0.0.0 - #port: 53 + # The DNS host defines the IP to bind the dns listener to. This also allows binding to the nebula node IP. + #host: 0.0.0.0 + #port: 53 # interval is the number of seconds between updates from this node to a lighthouse. # during updates, a node sends information about its current IP addresses to each node. interval: 60 @@ -53,21 +54,21 @@ lighthouse: # "deny" rules are present, then you MUST set a rule for "0.0.0.0/0" as the # default. #remote_allow_list: - # Example to block IPs from this subnet from being used for remote IPs. - #"172.16.0.0/12": false + # Example to block IPs from this subnet from being used for remote IPs. + #"172.16.0.0/12": false - # A more complicated example, allow public IPs but only private IPs from a specific subnet - #"0.0.0.0/0": true - #"10.0.0.0/8": false - #"10.42.42.0/24": true + # A more complicated example, allow public IPs but only private IPs from a specific subnet + #"0.0.0.0/0": true + #"10.0.0.0/8": false + #"10.42.42.0/24": true # EXPERIMENTAL: This option my change or disappear in the future. # Optionally allows the definition of remote_allow_list blocks # specific to an inside VPN IP CIDR. #remote_allow_ranges: - # This rule would only allow only private IPs for this VPN range - #"10.42.42.0/24": - #"192.168.0.0/16": true + # This rule would only allow only private IPs for this VPN range + #"10.42.42.0/24": + #"192.168.0.0/16": true # local_allow_list allows you to filter which local IP addresses we advertise # to the lighthouses. This uses the same logic as `remote_allow_list`, but @@ -77,12 +78,12 @@ lighthouse: # the inverse). CIDR rules are matched after interface name rules. # Default is all local IP addresses. #local_allow_list: - # Example to block tun0 and all docker interfaces. - #interfaces: - #tun0: false - #'docker.*': false - # Example to only advertise this subnet to the lighthouse. - #"10.0.0.0/8": true + # Example to block tun0 and all docker interfaces. + #interfaces: + #tun0: false + #'docker.*': false + # Example to only advertise this subnet to the lighthouse. + #"10.0.0.0/8": true # Port Nebula will be listening on. The default here is 4242. For a lighthouse node, the port should be defined, # however using port 0 will dynamically assign a port and is recommended for roaming nodes. @@ -133,19 +134,19 @@ punchy: # sshd can expose informational and administrative functions via ssh this is a #sshd: - # Toggles the feature - #enabled: true - # Host and port to listen on, port 22 is not allowed for your safety - #listen: 127.0.0.1:2222 - # A file containing the ssh host private key to use - # A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null - #host_key: ./ssh_host_ed25519_key - # A file containing a list of authorized public keys - #authorized_users: - #- user: steeeeve - # keys can be an array of strings or single string - #keys: - #- "ssh public key string" +# Toggles the feature +#enabled: true +# Host and port to listen on, port 22 is not allowed for your safety +#listen: 127.0.0.1:2222 +# A file containing the ssh host private key to use +# A decent way to generate one: ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N "" < /dev/null +#host_key: ./ssh_host_ed25519_key +# A file containing a list of authorized public keys +#authorized_users: +#- user: steeeeve +# keys can be an array of strings or single string +#keys: +#- "ssh public key string" # Configure the private interface. Note: addr is baked into the nebula certificate tun: @@ -178,7 +179,6 @@ tun: # mtu: 1300 # metric: 100 - # TODO # Configure logging level logging: @@ -198,39 +198,38 @@ logging: #timestamp_format: "2006-01-02T15:04:05.000Z07:00" #stats: - #type: graphite - #prefix: nebula - #protocol: tcp - #host: 127.0.0.1:9999 - #interval: 10s +#type: graphite +#prefix: nebula +#protocol: tcp +#host: 127.0.0.1:9999 +#interval: 10s - #type: prometheus - #listen: 127.0.0.1:8080 - #path: /metrics - #namespace: prometheusns - #subsystem: nebula - #interval: 10s +#type: prometheus +#listen: 127.0.0.1:8080 +#path: /metrics +#namespace: prometheusns +#subsystem: nebula +#interval: 10s - # enables counter metrics for meta packets - # e.g.: `messages.tx.handshake` - # NOTE: `message.{tx,rx}.recv_error` is always emitted - #message_metrics: false +# enables counter metrics for meta packets +# e.g.: `messages.tx.handshake` +# NOTE: `message.{tx,rx}.recv_error` is always emitted +#message_metrics: false - # enables detailed counter metrics for lighthouse packets - # e.g.: `lighthouse.rx.HostQuery` - #lighthouse_metrics: false +# enables detailed counter metrics for lighthouse packets +# e.g.: `lighthouse.rx.HostQuery` +#lighthouse_metrics: false # Handshake Manager Settings #handshakes: - # Handshakes are sent to all known addresses at each interval with a linear backoff, - # Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout - # A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out - #try_interval: 100ms - #retries: 20 - # trigger_buffer is the size of the buffer channel for quickly sending handshakes - # after receiving the response for lighthouse queries - #trigger_buffer: 64 - +# Handshakes are sent to all known addresses at each interval with a linear backoff, +# Wait try_interval after the 1st attempt, 2 * try_interval after the 2nd, etc, until the handshake is older than timeout +# A 100ms interval with the default 10 retries will give a handshake 5.5 seconds to resolve before timing out +#try_interval: 100ms +#retries: 20 +# trigger_buffer is the size of the buffer channel for quickly sending handshakes +# after receiving the response for lighthouse queries +#trigger_buffer: 64 # Nebula security group configuration firewall: