pki:
  ca: /etc/nebula/ca.crt
  cert: /etc/nebula/{{ ansible_hostname }}.crt
  key: /etc/nebula/{{ ansible_hostname }}.key

static_host_map:
  "{{ nebula_lighthouse_ip }}": ["{{ nebula_lighthouse_public_ip }}:{{ nebula_lighthouse_port }}"]


lighthouse:
  am_lighthouse: "{{ nebula_is_lighthouse | lower }}"
  interval: 60
  hosts:
{% if not nebula_is_lighthouse %}
    - "{{ nebula_lighthouse_ip }}"
{% endif %}

listen:
  host: 0.0.0.0
  port: "{{ nebula_listen_port }}"

punchy:
  punch: true

tun:
  disabled: false
  dev: nebula1
  drop_local_broadcast: false
  drop_multicast: false
  tx_queue: 500
  mtu: 1300
  routes:
  unsafe_routes:
{% if ansible_hostname != "ingress" %}
    - route: "{{ pve_hosts.internal_cidr }}"
      via: "{{ nebula.clients.ingress.ip }}"
{% endif %}


logging:
  level: info
  format: text

firewall:
  conntrack:
    tcp_timeout: 12m
    udp_timeout: 3m
    default_timeout: 10m
    max_connections: 100000

  outbound:
    - port: any
      proto: any
      host: any

  inbound:
    - port: any
      proto: any
      host: any