infrastructure
/
ansible-role-nebula
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-role-nebula/templates/config.yml.j2

130 lines
4.0 KiB
Django/Jinja
Raw Blame History

# Nebula Configuration {{ ansible_managed }}
# PKI
pki:
ca: {{ nebula_config_dir }}/ca.crt
cert: {{ nebula_config_dir }}/{{ nebula_nodename }}.crt
key: {{ nebula_config_dir }}/{{ nebula_nodename }}.key
{% if nebula_pki_disconnect_invalid %}
disconnect_invalid: {{ nebula_pki_disconnect_invalid }}
{% endif %}
{% if nebula_pki_blocklist|length >= 1 %}
blocklist:
{{ nebula_pki_blocklist | to_nice_yaml(indent=2) | indent(width=4) }}
{% endif %}
# static host map
static_host_map:
{% for host in ansible_play_hosts_all %}
{% if (hostvars[host]['nebula_am_lighthouse']|default(false)) and (hostvars[host]['nebula_is_member']|default(true)) %}
"{{ hostvars[host]['nebula_ip'].split('/')[0] }}": ["{{ hostvars[host]['nebula_routable_ip']|default('NONE') }}:{{ hostvars[host]['nebula_listen_port']|default('4242') }}"]
{% endif %}
{% endfor %}
{% if nebula_static_map %}
static_map:
{% if nebula_static_map_cadence is defined %}
cadence: {{ nebula_static_map_cadence }}
{% endif %}
{% if nebula_static_map_network is defined %}
network: {{ nebula_static_map_network }}
{% endif %}
{% if nebula_static_map_network is defined %}
lookup_timeout: {{ nebula_static_map_lookup_timeout }}
{% endif %}
{% endif %}
# lighthouse configuration
lighthouse:
am_lighthouse: {{ nebula_am_lighthouse }}
interval: {{ nebula_lighthouse_interval }}
hosts:
{% if not nebula_am_lighthouse %}
{% for host in ansible_play_hosts_all %}
{% if (hostvars[host]['nebula_am_lighthouse']|default(false)) and (hostvars[host]['nebula_is_member']|default(true)) %}
- '{{ hostvars[host]['nebula_ip'].split('/')[0] }}'
{% endif %}
{% endfor %}
{% endif %}
# listen configuration
listen:
host: {{ nebula_listen_host }}
port: {{ nebula_listen_port }}
{% if nebula_listen_batch is defined %}
batch: {{ nebula_listen_batch }}
{% endif %}
{% if nebula_listen_read_buffer is defined %}
read_buffer: {{ nebula_listen_read_buffer }}
{% endif %}
{% if nebula_listen_write_buffer is defined %}
write_buffer: {{ nebula_listen_write_buffer }}
{% endif %}
{% if nebula_listen_send_recv_error is defined %}
send_recv_error: {{ nebula_listen_send_recv_error }}
{% endif %}
# punchy
punchy:
punch: {{ nebula_punchy_punch }}
{% if nebula_punchy_respond is defined %}
repond: {{ nebula_punchy_respond }}
{% endif %}
{% if nebula_punchy_respond_delay is defined %}
repond_delay: {{ nebula_punchy_respond_delay }}
{% endif %}
{% if nebula_punchy_delay is defined %}
delay: {{ nebula_punchy_delay }}
{% endif %}
{% if nebula_cipher is defined %}
# cipher
cipher: {{ nebula_cipher }}
{% endif %}
{% if nebula_preferred_ranges|length >= 1 %}
preferred_ranges: {{ nebula_preferred_ranges }}
{% endif %}
{% if nebula_routines is defined %}
routines: {{ nebula_routines }}
{% endif %}
# tun
tun:
disabled: {{ nebula_tun_disabled }}
dev: {{ nebula_tun_dev }}
drop_local_broadcast: {{ nebula_tun_drop_local_broadcast }}
drop_multicast: {{ nebula_tun_drop_multicast }}
tx_queue: {{ nebula_tun_tx_queue }}
mtu: {{ nebula_tun_mtu }}
{% if nebula_use_system_route_table %}
use_system_route_table: {{ nebula_use_system_route_table }}
{% if nebula_routes|length >= 1 %}
routes:
{{ nebula_routes|to_nice_yaml(indent=2)|indent(width=4) }}
{% else %}
routes:
{% endif %}
{% if nebula_unsafe_routes|length >= 1 %}
unsafe_routes:
{{ nebula_unsafe_routes|to_nice_yaml(indent=2)|indent(width=4) }}
{% else %}
unsafe_routes:
{% endif %}
# logging
logging:
level: {{ nebula_logging_level }}
format: {{ nebula_logging_format }}
disable_timestamp: {{ nebula_logging_disable_timestamp }}
firewall:
conntrack:
tcp_timeout: {{ nebula_firewall_conntrack_tcp_timeout }}
udp_timeout: {{ nebula_firewall_conntrack_udp_timeout }}
default_timeout: {{ nebula_firewall_conntrack_default_timeout }}
max_connections: {{ nebula_firewall_conntrack_max_connections }}
inbound:
{{ nebula_firewall_inbound_rules | to_nice_yaml(indent=2) | indent(width=4) }}
outbound:
{{ nebula_firewall_outbound_rules | to_nice_yaml(indent=2) | indent(width=4) }}
Reference in New Issue View Git Blame Copy Permalink