mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nebula

Browse Source
This commit is contained in:
mjallen18
2026-02-13 13:14:35 -06:00
parent 869a320ede
commit 6ebc1bb103
6 changed files with 293 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
modules/nixos/services/nebula-lighthouse/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
namespace,
...
}:
with lib;
let
name = "nebula-lighthouse";
cfg = config.${namespace}.services.${name};
rootUrl = "https://lighthouse.${namespace}.dev/";
ca = config.sops.secrets."pi4/nebula/ca-cert".path;
cert = config.sops.secrets."pi4/nebula/lighthouse-cert".path;
key = config.sops.secrets."pi4/nebula/lighthouse-key".path;
nebulaConfig = lib.${namespace}.mkModule {
inherit config name;
description = "nebula";
options = { };
moduleConfig = {
services.nebula.networks = {
jallen-nebula = {
enable = true;
enableReload = true;
isLighthouse = true;
ca = ca;
cert = cert;
key = key;
lighthouse = {
dns = {
enable = true;
host = "localhost";
port = 53;
};
};
listen = {
host = cfg.listenAddress;
port = cfg.port;
};
# lighthouses = [
# "10.1.1.1"
# ];
};
};
};
};
in
{
imports = [
nebulaConfig
./sops.nix
];
}

45
modules/nixos/services/nebula-lighthouse/sops.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.nebula-lighthouse;
in
{
config = mkIf cfg.enable {
sops = {
secrets = {
"pi4/nebula/ca-cert" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = "nebula-nas-nebula";
group = "nebula-nas-nebula";
restartUnits = [ "nebula@nas-nebula.service" ];
};
"pi4/nebula/ca-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = "nebula-nas-nebula";
group = "nebula-nas-nebula";
restartUnits = [ "nebula@nas-nebula.service" ];
};
"pi4/nebula/lighthouse-cert" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = "nebula-nas-nebula";
group = "nebula-nas-nebula";
restartUnits = [ "nebula@nas-nebula.service" ];
};
"pi4/nebula/lighthouse-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = "nebula-nas-nebula";
group = "nebula-nas-nebula";
restartUnits = [ "nebula@nas-nebula.service" ];
};
};
};
};
}

9
secrets/nas-secrets.yaml
View File

@@ -75,6 +75,11 @@ jallen-nas:
server:
username: ENC[AES256_GCM,data:pD7AWpTcwU1G5fHo,iv:y0Ys8sjgIH/bwsLLKzyfPowgrlKAaGBArdXlPqGT+6g=,tag:AKbdJ9Br9mpla/hr3rOF3A==,type:str]
password: ENC[AES256_GCM,data:HGh6pPDCV0w=,iv:lFPjGjFALlX6U/4MWLCJ282q5OReNdklmAR+qFmSCJs=,tag:AYrsjhuST/eSpgmRpv+dfQ==,type:str]
nebula:
ca-cert: ENC[AES256_GCM,data:tJgJ01YwftotyK9vHrACH45210Y8FbbfB9IgRBHGZGa6H+jRo2MxQ/70C4yx90R4+XkVVQ/mWcUe9msIgKjmPiGkj94IDYXwXfFoqEL+jzXYVVbGo9abADY8BfkSsLpz2XhbPOlcOwpinPgj8zjUuM1SsScAxeSb5dmyuvLrH4FNAn3AWU6afRyomC0kvYiaiAxpqNEV/vDeqjER/YDgaWfVFw7PjOPdk+uRkZXbjmwM3UPHKwZesx1ML2Ddp6WpE/ndvJdE1fmibBE/oSphaKG/K5HVZUtGpCjzE4HEl5j3hC/BMm9Rw7vfe7JwW5bOovMOgqVJv+CCvorUxA==,iv:vByzR6wOWFQ+botfyQRj2IE9FUOSTYhnF0IfInHilxU=,tag:wgH75f2NNDNnOF0RHNNjww==,type:str]
ca-key: ENC[AES256_GCM,data:AldM5QTLWo7B4kC2wE4ShWUWiytVu/quPJHNSUGH21tfMrfXICPxlAx0nmyWXP42p6w3ZI54p+SiqAw2YhN1mZL4sZe5d7XYUB90nt9lTsmCZVe9u5s1mdbdlQTWhiSsolN8tG6CDCEj5dCC74Gi4K4U0XAB8w1KANGrMZ7s9GpEqtlUDdj2kbhLo6ZYTh28PAZiuMPf+DxiVyH84F8BtO930PBmx1eq19nli1lK,iv:xxNgIv5s0dRU/MQBeha45SwPz/lUbfI/sZat+32kLKY=,tag:alAm0f0Xcbz0HEuF8bcE8A==,type:str]
lighthouse-cert: ENC[AES256_GCM,data:zo3kUEDxEJN42fit7GmdSRC6BOQUQBkd+bf7pC1hxdVyJ9Ws6+ZeJAiRTYxrSVIef49kUioXRhE7jYcX61pl0mpMO0HgVwjGSu0yAkED1AjBDI8btISIti2zeAU0jF3N2/IDdIZF/fLo5fw5dAplAv0kgtTyTr7IaNCeJivQgHfyc8IM57xmV/vqmJJ2COTIuwbQ/qClDG0k/0DvqY5Vlxq9aNiigryw68iLxVUWnPp+JmJczzFefkxUsVSyKW3goeOBTeo75ztcVEkapHMycEjabqlNTa011rb+dr8X1sonBomRc2b0e/mY3Ni6EDw0TEOKrXA7uQCIUrav0nog8YnB2O4kQ39wsjIDzuZzBmURKzz8jy3Jk28Qkk6zDn6tyPTDXAgEMPXpcxMa65Qhd5XiN8sBzc3vk+U=,iv:cTmQPMe3HBZ4WPakrblddKZAh4u4VYjgPF0X6tYDvmo=,tag:YFp9RSL9WjadWzOH4aMD1w==,type:str]
lighthouse-key: ENC[AES256_GCM,data:YP7AkkPxDj1jctEziASe6D7gm/xscpPTwUJ/cOUfxXYq0euBmHP2twaZePOwohGbbEU4mzNYRAuQuF+5KzzbXfU89QixZ4XpMhACHgB02q71vDOFeX+gPQlzx+biL3TfbhVnZRRParyLJg9uqToa3P9csygacWCnH1A8FdY83g==,iv:PONNwnjIC+UNkZ1bCjJBeA7ic7IkkN96YJVYmao1SJ0=,tag:rO2Hnl/zizSliQVd8t6kNA==,type:str]
sops:
shamir_threshold: 1
age:
@@ -222,8 +227,8 @@ sops:
L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co
7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-12T04:19:13Z"
mac: ENC[AES256_GCM,data:t3sxHQSeVb1agLpIuC4Mm/6hIvlhA4d4WWJu8y3vm3rHafhZK9HKQYDJ48fB/oMNpszy0IcgSP7j9WQPPKKAcsDRj7fHu67Z9lFyv+C12leBm1kCKmp5e4fl8aykQRSxT2Sy5eo4yt+8PTUOd8Cet3tYO/riSgvWtL6iCEjO9ik=,iv:7uLvDk7suunzx2kVoK8JV/bAFeHnJDDF+vInhiw2K6I=,tag:Dnov7AhsMzLaJT9p9f99Sg==,type:str]
lastmodified: "2026-02-13T18:10:02Z"
mac: ENC[AES256_GCM,data:jlpS9HHfFqZPUZGr+2pgun/zw5Yr6HRYO1VepqvZzQC1DUK3dBTFvkfJlmsUME52bPFZac/0zRRo85C6FGM0prm+G+aROQxJ1OdWgzK8CbULs7UpMdWxUJLlJT1N5ov7S0NB612D0a0SgI6kQQDIvQs5JaWMEjDlhLy/pTz5/zw=,iv:ZwultH7UxHzV7NosnqdFV1JMUd+e2ajBuOaBgxJdEms=,tag:4d7FPC/ba8A3L2vzYyGwRQ==,type:str]
pgp:
- created_at: "2026-02-06T15:34:30Z"
enc: |-

11
secrets/pi4-secrets.yaml
View File

@@ -2,6 +2,11 @@ pi4:
matt-password: ENC[AES256_GCM,data:2gQOr6LlHNAL0CBk12R8lu1pgMLWc017k7M4xDNSpOM1iqEnoODSeFa2JhjJqf2st3kaJuDVucmiPgBcW51Hm1k+z15Rokz78Q==,iv:pcBy2UWjSEiPIcLayi4wWw2jRB7rdxYUqnVxt3DHKKc=,tag:wSOEVbjDEpUYjrZFe484hQ==,type:str]
sys-public-key: ENC[AES256_GCM,data:4m0G3buO6ao+hzpEQ5pFAjqrd9DjLE+ld+N3KT4mYdRfUD/SfcIrpP0ML8c4Omx34J9xPIxBJPAeJp1CNdvMfG4OZ56AB0p+bHVTS3W5GUx+eIeiDsoGQbM=,iv:kU0O88hShlik8xNnk0j2Qbkv+5KNCk03w66stkSlOJs=,tag:pg6SiaH1Mb3my+U8aqE4Lw==,type:str]
sys-priv-key: ENC[AES256_GCM,data:f/gszWqZ62i7SPCs3Jo1KcGrLyW5tk649XyiNEQcWwO6egE725s2PYM4bCkfKcKbyaXduN/L1F4Yos7etfJzmwo0LcW5DnmO0bOizWbSrxF5VYfeVGYeGzvGFOmrQwHPIQRdWrw62YKt1LG0W2boSJ44MDJD8P/po9zwbtiLYat9cLrEFUpWydvZ+i+Ua24fr8NQTD5jRfV7xDhy83gj4X0PDfa9I+PzHpiY9GZFEPJlcxdwRbm2fjc0+7pemJG1hwb/mwLYl5nTfsNPfO4oDJNPDAsUUGL1jYYSSwYZT0HDOVP2ToWXc06B4vIxxacjyZN6my7Sfn5uQkdavhNYUgsyOMV0Dhhow5MD8Mt1w6xv7jODlzK4mb84tU3qWHRRfcmrXDz9ZiQ2YBnhH7vUgcx1J70HwtttR3i0FWFVT92RvO5i83SNZtAgMwvsaIANHCnnhG+ZMnaIURzMAsZAqo2HpRQ18C3X+UKLyvs+scIAjaW1XYDCOR5OdT1CXAv2jWm7Dl9L0QkTysdZ+G5/,iv:hzbJ8cfdpiyXAjSRWxyNHqsq8D2LNNUP8nNvRswJzNw=,tag:ubJiNhOKz7g2hhAsj9JJYw==,type:str]
nebula:
ca-cert: ENC[AES256_GCM,data:FDlXjLyMcKdwXVSP+boKAjNprWDYkKsdmdA7RHK9/+Pa8gUpmhqJKRuJp0ta2T6KTCGdh+cRFBPy0PgME7wkjY5ygjiGJV5ixGIN8x+JkfP+1Moi5GZlYK27JTGoX5I+9bRmSWN9mjoGqby4ms+x/gh2S8OBTpOMWCUhDOjtShr7YEJ57Q4z2stxv+IXxIKkfFAtnpb0a0QdFJZP2/2D5KligoXEL410FGhigHJ1dOLIoXYtqXDtUVMxoouzLf4lrnWCljVYr2OeI39wRPLHOkE+MnhYIHTzre8M9urchCHVTN//tQBWaeeia/lI7rGbduk6vqHZo7fXku1D1A==,iv:3lwMkR9AB7wWxXqW5HTaDFTI+vB4ebSdR1Yg3an89qE=,tag:vLn+lrHa2yLg5KSzW8HUKw==,type:str]
ca-key: ENC[AES256_GCM,data:vKbPalJqrqS2uNiykKMvAZOSUYPZqEovo7xCO80RPqNhoUKQ9snpfsggWTMhk5U5tWWu9aUSBJn7XGXB7aRLuGXCpqtR+N7Rtz+2Ec2BNb9ETnI2AI8/BsTkZe5P2U2cn2va1hXPTPN1xWW7n11DLAqnQTBGizOVNH4mTXktW2JS37k+X1C57CazQoc90iNbOJqPlHI0QjHdhcH8yO7DOnY8f9LdHvBPh6ANfUt4,iv:qtyDl3TfNgwDvTY+H+hJuNEj5g1+01MXixZG9dGJyys=,tag:pyeNhIiiKOilhNEIaJ/abg==,type:str]
lighthouse-cert: ENC[AES256_GCM,data:EJq8S1vI/SZ8A5MzSdMcuvvSZADuzB7CwPa5dsSUvqSeBkapHbCkJiki885D0TpXfc8SxDDZCMUvv4cAHbH2ZlKhuOB8klT4tm1fP3p/P10WrV8SPje87XZ870mtH8bdoVLrdPHjvmotBkXCskTeSDcDlgS4+fMUrxO8gB5O/HIx1tFn5eDoUtdOAlqYAGDiZALGbI2c3Acwtl5pzI39iHtag7YmAEEUQSY1732e/G79wWd4iaOpKZDo7Uig+PIIpymYZgweNtYNGRl7+xKZsJcB21gVnpofUIm6QDwhg1XJ79WIOacBL3d1IKrdipj7uBMd9HbIhlfioOl1noyqICdg8IjlMgSX2FVDu75gMQu+WpuFhaJn1lcnO1na3UoLfz16bX+7T8fuFWhONAxwKmI7V6nQfmplBsE=,iv:hHsCuoBL9bDnDSlooEJDVFYo8pn38eT+p2bQ6EbJwhI=,tag:/7jZvWvcgcPcQp/HrFY8HA==,type:str]
lighthouse-key: ENC[AES256_GCM,data:BsGgTwdse1aBdZGYUWdNTbn1+tw/gnj+hvxGbaK6hZLoL3Pp0ytGbwt9QcyXUrqJd8SDByhEQM1ZdZQt9PYnA7Urs6RFFyw+nFJCClC8RJ4ncpkOcElu8yRcUZdlQtpRQK3+db6E7/15hzJTEufLf+CUO1Bg8UfDuJQRb5ur4Q==,iv:2/o63fIvyvqb0UdubUI7wyTm7a/hYWl9kQzOoO3IDFg=,tag:E9Fl4HGkTQFrqmOuQLWHzg==,type:str]
sops:
shamir_threshold: 1
age:
@@ -149,8 +154,8 @@ sops:
RWRidzlRQ2Qrb3hZQmI4UkNiOXlNTXMK7e3ZpGsleiDmH3YscwbpkHUo1vF4g34u
dx7EBE89sCYLFHPXk0bkZIOe/CTXUDBDiFHew4zL3I60mwMJKKnisw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-29T02:27:07Z"
mac: ENC[AES256_GCM,data:KYA6RTN+gyczOqCj7c10TJjyVb70zzhD6xDVvLTmpi0oZgl9hp5WNGL1EqcjcPon70U6UpoxixmzRnYil+GNzQWU76CyEaK9xUdrOV+8fBNlknGbzktO6pww6nzO+WuBhLF7fk7q1ozVihuELD5kP7ojM9GtXi+966IMx2j+DWM=,iv:P6WEAZhDxNeqlNEqrlOvYlPUiZJO7c4w84hi0vxnd/s=,tag:C6vOLe2TBGvgueLPAG+iaQ==,type:str]
lastmodified: "2026-02-13T19:10:40Z"
mac: ENC[AES256_GCM,data:HaMU0o8ORSUCrcmppdJwpXj4YgKESOUy9YJPktBvY7s1QhQVqvzNigxcvJcpGFexvy9/I6mBxzc7JYDPuMmSyaaFQyTZ6e47cxshqy5Sxxs6U7lyxPWynnC7nU1F+CWhkqULQ0+v45NB6wilHc+ASOb1JGSF546ffZDmbJ+eDU4=,iv:+5+S63+PtrCvVFdfSAUHUoS342g6LzoICFUpR2OL9ns=,tag:WnksdwIcQCDCmMiIwbSUpQ==,type:str]
pgp:
- created_at: "2026-02-06T15:34:32Z"
enc: |-
@@ -173,4 +178,4 @@ sops:
-----END PGP MESSAGE-----
fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

6
systems/aarch64-linux/pi4/default.nix
View File

@@ -72,6 +72,12 @@
};
};
};
services = {
nebula-lighthouse = {
enable = true;
port = 4242;
};
};
};
services.kmscon = {

4
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -142,6 +142,10 @@ in
};
minecraft = disabled;
mongodb = disabled;
# nebula = {
# enable = true;
# port = 4242;
# };
netbootxyz = {
enable = false;
port = 4000;