mastus: add nebula

mastus/configuration.nix

@@ -17,6 +17,7 @@
       ./radicale.nix
       # ./ttrss.nix
       ./dns.nix
+      ./nebula.nix
     ];
 
   boot.loader.grub.enable = true;

mastus/nebula.nix

@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+let mastus = "37.252.120.145";
+in {
+  services.nebula.networks.gabriel = {
+    enable = true;
+    ca = "/etc/nebula/gabriel/ca.crt";
+    cert = "/etc/nebula/gabriel/mastus.crt";
+    key = "/etc/nebula/gabriel/mastus.key";
+
+    isLighthouse = true;
+    staticHostMap = {
+      "192.168.18.36" = [ "${mastus}:4242" ];
+    };
+
+    firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
+
+    settings.lighthouse.dns = { host = "0.0.0.0"; port = 53; };
+  };
+
+  networking.firewall.allowedUDPPorts = [ 4242 ];
+}