88 lines
1.2 KiB
YAML
88 lines
1.2 KiB
YAML
pki:
|
|
ca: /etc/nebula/ca.crt
|
|
cert: /etc/nebula/{{ hostname }}.crt
|
|
key: /etc/nebula/{{ hostname }}.key
|
|
static_host_map:
|
|
"192.168.9.1": ["167.71.79.60:4242"]
|
|
lighthouse:
|
|
# am_lighthouse is used to enable lighthouse functionality for a node. This should ONLY be true on nodes
|
|
# you have configured to be lighthouses in your network
|
|
am_lighthouse: false
|
|
interval: 60
|
|
hosts:
|
|
listen:
|
|
host: 0.0.0.0
|
|
port: 4242
|
|
punchy:
|
|
punch: true
|
|
|
|
relay:
|
|
am_relay: false
|
|
use_relays: true
|
|
|
|
tun:
|
|
disabled: false
|
|
dev: nebula1
|
|
drop_local_broadcast: false
|
|
drop_multicast: false
|
|
tx_queue: 500
|
|
mtu: 1300
|
|
routes:
|
|
#- mtu: 8800
|
|
# route: 10.0.0.0/16
|
|
|
|
unsafe_routes:
|
|
logging:
|
|
level: info
|
|
format: text
|
|
firewall:
|
|
outbound_action: drop
|
|
inbound_action: drop
|
|
|
|
conntrack:
|
|
tcp_timeout: 12m
|
|
udp_timeout: 3m
|
|
default_timeout: 10m
|
|
|
|
outbound:
|
|
- port: any
|
|
proto: any
|
|
host: any
|
|
|
|
inbound:
|
|
- port: any
|
|
proto: icmp
|
|
host: any
|
|
|
|
- port: 22 #GIT
|
|
proto: tcp
|
|
groups:
|
|
- admin
|
|
- ansible
|
|
|
|
- port: 8080
|
|
proto: tcp
|
|
groups:
|
|
-admin
|
|
|
|
|
|
- port: 3001
|
|
proto: tcp
|
|
groups:
|
|
-admin
|
|
|
|
- port: 8080
|
|
proto: tcp
|
|
groups:
|
|
-admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|