pki:
  ca: /etc/nebula/ca.crt
  cert: /etc/nebula/host.crt
  key: /etc/nebula/host.key
static_host_map:
  "192.168.9.1": ["167.71.79.60:4242"]
lighthouse:
  am_lighthouse: false
  interval: 60
  hosts:
listen:
  host: 0.0.0.0
  port: 4242
punchy:
  punch: true

relay:
  am_relay: false
  use_relays: true

tun:
  disabled: false
  dev: nebula2
  drop_local_broadcast: false
  drop_multicast: false
  tx_queue: 500
  mtu: 1300
  routes:
    #- mtu: 8800
    #  route: 10.0.0.0/16

  unsafe_routes:
logging:
  level: info
  format: text
firewall:
  outbound_action: drop
  inbound_action: drop

  conntrack:
    tcp_timeout: 12m
    udp_timeout: 3m
    default_timeout: 10m

  outbound:
    - port: any
      proto: any
      host: any

  inbound:
    - port: any  #ping
      proto: icmp
      host: any

    - port: 22  #GIT
      proto: tcp
      groups:
        - admin
        - ansible

    - port: 8080
      proto: tcp
      groups:
        -admin