fix(nebula): connectivity issues

Enabled NAT punching, IPv6 connectivity and filtered out Docker addresses.
diogotcorreia · Jun 21, 2024 · 2249318 · 2249318
1 parent 6392b6c
commit 2249318
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/modules/services/nebula.nix b/modules/services/nebula.nix
@@ -76,6 +76,8 @@ in {
         "192.168.100.1"
         "192.168.100.7"
       ];
+      # listen on both ipv4 and ipv6
+      listen.host = "[::]";
 
       firewall.outbound =
         [
@@ -98,6 +100,29 @@ in {
         "192.168.100.1" = ["zeus.diogotc.com:4242"];
         "192.168.100.7" = ["phobos.diogotc.com:4242"];
       };
+
+      settings = {
+        # punch through firewall NATs
+        punchy = {
+          punch = true;
+          respond = true;
+        };
+
+        static_map = {
+          # fetch both A and AAAA DNS records for lighthouses
+          network = "ip";
+        };
+
+        lighthouse = {
+          local_allow_list = {
+            interfaces = {
+              # don't advertise docker IPs to lighthouse
+              "docker.*" = false;
+              "br-[0-9a-f]{12}" = false;
+            };
+          };
+        };
+      };
     };
   };
 }