135 lines
4.1 KiB
Plaintext
135 lines
4.1 KiB
Plaintext
|
# Nebula Configuration ({{ ansible_managed }})
|
||
|
|
||
|
# PKI
|
||
|
pki:
|
||
|
ca: {{ nebula_config_dir }}/ca.crt
|
||
|
cert: {{ nebula_config_dir }}/{{ nebula_nodename }}.crt
|
||
|
key: {{ nebula_config_dir }}/{{ nebula_nodename }}.key
|
||
|
{% if nebula_pki_disconnect_invalid %}
|
||
|
disconnect_invalid: {{ nebula_pki_disconnect_invalid }}
|
||
|
{% endif %}
|
||
|
{% if nebula_pki_blocklist|length >= 1 %}
|
||
|
blocklist:
|
||
|
{{ nebula_pki_blocklist | to_nice_yaml(indent=2) | indent(width=4) }}
|
||
|
{% endif %}
|
||
|
|
||
|
# static host map
|
||
|
static_host_map:
|
||
|
{% for host in ansible_play_hosts_all %}
|
||
|
{% if (hostvars[host]['nebula_am_lighthouse']|default(false)) and (hostvars[host]['nebula_is_member']|default(true)) %}
|
||
|
"{{ hostvars[host]['nebula_ip'].split('/')[0] }}": ["{{ hostvars[host]['nebula_routable_ip']|default('NONE') }}:{{ hostvars[host]['nebula_listen_port']|default('4242') }}"]
|
||
|
{% endif %}
|
||
|
{% endfor %}
|
||
|
|
||
|
{% if nebula_static_map %}
|
||
|
static_map:
|
||
|
{% if nebula_static_map_cadence is defined %}
|
||
|
cadence: {{ nebula_static_map_cadence }}
|
||
|
{% endif %}
|
||
|
{% if nebula_static_map_network is defined %}
|
||
|
network: {{ nebula_static_map_network }}
|
||
|
{% endif %}
|
||
|
{% if nebula_static_map_network is defined %}
|
||
|
lookup_timeout: {{ nebula_static_map_lookup_timeout }}
|
||
|
{% endif %}
|
||
|
{% endif %}
|
||
|
|
||
|
# lighthouse configuration
|
||
|
lighthouse:
|
||
|
am_lighthouse: {{ nebula_am_lighthouse }}
|
||
|
interval: {{ nebula_lighthouse_interval }}
|
||
|
hosts:
|
||
|
{% if not nebula_am_lighthouse %}
|
||
|
{% for host in ansible_play_hosts_all %}
|
||
|
{% if (hostvars[host]['nebula_am_lighthouse']|default(false)) and (hostvars[host]['nebula_is_member']|default(true)) %}
|
||
|
- '{{ hostvars[host]['nebula_ip'].split('/')[0] }}'
|
||
|
{% endif %}
|
||
|
{% endfor %}
|
||
|
{% endif %}
|
||
|
|
||
|
# listen configuration
|
||
|
listen:
|
||
|
host: {{ nebula_listen_host }}
|
||
|
port: {{ nebula_listen_port }}
|
||
|
{% if nebula_listen_batch is defined %}
|
||
|
batch: {{ nebula_listen_batch }}
|
||
|
{% endif %}
|
||
|
{% if nebula_listen_read_buffer is defined %}
|
||
|
read_buffer: {{ nebula_listen_read_buffer }}
|
||
|
{% endif %}
|
||
|
{% if nebula_listen_write_buffer is defined %}
|
||
|
write_buffer: {{ nebula_listen_write_buffer }}
|
||
|
{% endif %}
|
||
|
{% if nebula_listen_send_recv_error is defined %}
|
||
|
send_recv_error: {{ nebula_listen_send_recv_error }}
|
||
|
{% endif %}
|
||
|
|
||
|
# punchy
|
||
|
punchy:
|
||
|
punch: {{ nebula_punchy_punch }}
|
||
|
{% if nebula_punchy_respond is defined %}
|
||
|
repond: {{ nebula_punchy_respond }}
|
||
|
{% endif %}
|
||
|
{% if nebula_punchy_respond_delay is defined %}
|
||
|
repond_delay: {{ nebula_punchy_respond_delay }}
|
||
|
{% endif %}
|
||
|
{% if nebula_punchy_delay is defined %}
|
||
|
delay: {{ nebula_punchy_delay }}
|
||
|
{% endif %}
|
||
|
|
||
|
{% if nebula_cipher is defined %}
|
||
|
# cipher
|
||
|
cipher: {{ nebula_cipher }}
|
||
|
{% endif %}
|
||
|
{% if nebula_preferred_ranges|length >= 1 %}
|
||
|
preferred_ranges: {{ nebula_preferred_ranges }}
|
||
|
{% endif %}
|
||
|
{% if nebula_routines is defined %}
|
||
|
routines: {{ nebula_routines }}
|
||
|
{% endif %}
|
||
|
|
||
|
# tun
|
||
|
tun:
|
||
|
disabled: {{ nebula_tun_disabled }}
|
||
|
dev: {{ nebula_tun_dev }}
|
||
|
drop_local_broadcast: {{ nebula_tun_drop_local_broadcast }}
|
||
|
drop_multicast: {{ nebula_tun_drop_multicast }}
|
||
|
tx_queue: {{ nebula_tun_tx_queue }}
|
||
|
mtu: {{ nebula_tun_mtu }}
|
||
|
{% if nebula_use_system_route_table %}
|
||
|
use_system_route_table: {{ nebula_use_system_route_table }}
|
||
|
{% if nebula_routes|length >= 1 %}
|
||
|
routes:
|
||
|
{{ nebula_routes|to_nice_yaml(indent=2)|indent(width=4) }}
|
||
|
{% else %}
|
||
|
routes:
|
||
|
{% endif %}
|
||
|
{% if nebula_unsafe_routes|length >= 1 %}
|
||
|
unsafe_routes:
|
||
|
{{ nebula_unsafe_routes|to_nice_yaml(indent=2)|indent(width=4) }}
|
||
|
{% else %}
|
||
|
unsafe_routes:
|
||
|
{% endif %}
|
||
|
|
||
|
# logging
|
||
|
logging:
|
||
|
level: {{ nebula_logging_level }}
|
||
|
format: {{ nebula_logging_format }}
|
||
|
disable_timestamp: {{ nebula_logging_disable_timestamp }}
|
||
|
|
||
|
firewall:
|
||
|
{% if nebula_firewall_outbound_action is defined %}
|
||
|
outbound_action: {{ nebula_firewall_outbound_action }}
|
||
|
{% endif %}
|
||
|
{% if nebula_firewall_inbound_action is defined %}
|
||
|
inbound_action: {{ nebula_firewall_inbound_action }}
|
||
|
{% endif %}
|
||
|
conntrack:
|
||
|
tcp_timeout: {{ nebula_firewall_conntrack_tcp_timeout }}
|
||
|
udp_timeout: {{ nebula_firewall_conntrack_udp_timeout }}
|
||
|
default_timeout: {{ nebula_firewall_conntrack_default_timeout }}
|
||
|
inbound:
|
||
|
{{ nebula_firewall_inbound_rules | to_nice_yaml(indent=2) | indent(width=4) }}
|
||
|
outbound:
|
||
|
{{ nebula_firewall_outbound_rules | to_nice_yaml(indent=2) | indent(width=4) }}
|