Init some skeleton nebula stuff

ansible/group_vars/all/nebula.yml

@@ -0,0 +1,5 @@
+nebula:
+  subnet: 10.23.2.0/24
+  clients:
+    casey:
+      ip: 10.23.2.1

ansible/host_vars/casey.yml

@@ -0,0 +1 @@
+nebula_is_lighthouse: true

ansible/main.yml

@@ -12,6 +12,7 @@
 - hosts: casey
   roles:
     - gateway
+    - nebula
 
 - hosts:
     - walker

ansible/roles/nebula/defaults/main.yml

@@ -0,0 +1 @@
+nebula_is_lighthouse: false

ansible/roles/nebula/files/nebula.yml

@@ -0,0 +1,55 @@
+pki:
+  ca: /etc/nebula/ca.crt
+  cert: /etc/nebula/host.crt
+  key: /etc/nebula/host.key
+
+static_host_map:
+  "{{ nebula_lighthouse_ip }}": ["{{ nebula_lighthouse_public_ip }}:{{ nebula_lighthouse_port }}"]
+
+
+lighthouse:
+  am_lighthouse: "{{ nebula_is_lighthouse | lower }}"
+  interval: 60
+  hosts:
+    {% if not nebula_is_lighthouse %}
+    - "{{ nebula_lighthouse_ip }}"
+    {% endif %}
+
+listen:
+  host: 0.0.0.0
+  port: "{{ nebula_is_lighthouse | ternary(nebula_lighthouse_port, 0) }}"
+
+punchy:
+  punch: true
+
+tun:
+  disabled: false
+  dev: nebula1
+  drop_local_broadcast: false
+  drop_multicast: false
+  tx_queue: 500
+  mtu: 1300
+  routes:
+  unsafe_routes:
+
+
+logging:
+  level: info
+  format: text
+
+firewall:
+  conntrack:
+    tcp_timeout: 12m
+    udp_timeout: 3m
+    default_timeout: 10m
+    max_connections: 100000
+
+  outbound:
+    - port: any
+      proto: any
+      host: any
+
+  inbound:
+    - port: any
+      proto: any
+      host: any

ansible/roles/nebula/tasks/main.yml

@@ -0,0 +1,19 @@
+- name: Install Nebula
+  package:
+    name: nebula
+  when: ansible_os_family == 'Archlinux'
+  become: true
+
+- name: Create nebula directory
+  file:
+    path: /etc/nebula
+    state: directory
+    mode: "0700"
+  become: true
+
+- name: Install nebula config
+  template:
+    src: files/nebula.yml
+    dest: /etc/nebula/config.yml
+    mode: "0600"
+  become: true

ansible/roles/nebula/vars/main.yml

@@ -0,0 +1,3 @@
+nebula_lighthouse_public_ip: "{{ hosts.casey_ip }}"
+nebula_lighthouse_ip: "{{ nebula.clients.casey.ip }}"
+nebula_lighthouse_port: 6328

ansible/yamllint.yml

@@ -4,6 +4,7 @@ ignore: |
   ansible/galaxy_roles
   ansible/group_vars/all/hosts.yml
   ansible/roles/traefik/files/traefik.yml
+  ansible/roles/nebula/files/nebula.yml
 
 rules:
   document-start: disable

terraform/casey_vps.tf

@@ -57,3 +57,10 @@ resource "vultr_firewall_rule" "casey_mc" {
   from_port         = 25566
   network           = "0.0.0.0/0"
 }
+
+resource "vultr_firewall_rule" "casey_nebula" {
+  firewall_group_id = vultr_firewall_group.casey.id
+  protocol          = "tcp"
+  from_port         = 6328
+  network           = "0.0.0.0/0"
+}