59 lines
1.1 KiB
YAML
59 lines
1.1 KiB
YAML
pki:
|
|
ca: /etc/nebula/ca.crt
|
|
cert: /etc/nebula/{{ ansible_fqdn }}.crt
|
|
key: /etc/nebula/{{ ansible_fqdn }}.key
|
|
|
|
static_host_map:
|
|
"{{ nebula_lighthouse_ip }}": ["{{ nebula_lighthouse_public_ip }}:{{ nebula_lighthouse_port }}"]
|
|
|
|
|
|
lighthouse:
|
|
am_lighthouse: "{{ nebula_is_lighthouse | lower }}"
|
|
interval: 60
|
|
hosts:
|
|
{% if not nebula_is_lighthouse %}
|
|
- "{{ nebula_lighthouse_ip }}"
|
|
{% endif %}
|
|
|
|
listen:
|
|
host: 0.0.0.0
|
|
port: "{{ nebula_is_lighthouse | ternary(nebula_lighthouse_port, 0) }}"
|
|
|
|
punchy:
|
|
punch: true
|
|
|
|
tun:
|
|
disabled: false
|
|
dev: nebula1
|
|
drop_local_broadcast: false
|
|
drop_multicast: false
|
|
tx_queue: 500
|
|
mtu: 1300
|
|
routes:
|
|
unsafe_routes:
|
|
{% if ansible_fqdn != "ingress" %}
|
|
- route: "{{ pve_hosts.internal_cidr }}"
|
|
via: "{{ nebula.clients.ingress.ip }}"
|
|
{% endif %}
|
|
|
|
|
|
logging:
|
|
level: info
|
|
format: text
|
|
|
|
firewall:
|
|
conntrack:
|
|
tcp_timeout: 12m
|
|
udp_timeout: 3m
|
|
default_timeout: 10m
|
|
max_connections: 100000
|
|
|
|
outbound:
|
|
- port: any
|
|
proto: any
|
|
host: any
|
|
|
|
inbound:
|
|
- port: any
|
|
proto: any
|
|
host: any
|