mirror of
https://github.com/slackhq/nebula.git
synced 2025-01-25 17:48:25 +00:00
4f4941e187
* WIP smoke test freebsd * fix bitrot We now test that the firewall blocks inbound on host3 from host2 * WIP ipv6 test * cleanup * rename to make clear * fix filename * restore * no sudo docker * WIP * WIP * WIP * WIP * extra smoke tests * WIP * WIP * add over improvements made in smoke.sh * more tests * use generic/freebsd14 * cleanup from test * smoke test openbsd-amd64 * add netbsd-amd64 * try to fix vagrant
59 lines
1 KiB
Bash
Executable file
59 lines
1 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
FIREWALL_ALL='[{"port": "any", "proto": "any", "host": "any"}]'
|
|
|
|
if [ "$STATIC_HOSTS" ] || [ "$LIGHTHOUSES" ]
|
|
then
|
|
echo "static_host_map:"
|
|
echo "$STATIC_HOSTS" | while read -r NEBULA_IP STATIC
|
|
do
|
|
[ -z "$NEBULA_IP" ] || echo " '$NEBULA_IP': ['$STATIC']"
|
|
done
|
|
echo "$LIGHTHOUSES" | while read -r NEBULA_IP STATIC
|
|
do
|
|
[ -z "$NEBULA_IP" ] || echo " '$NEBULA_IP': ['$STATIC']"
|
|
done
|
|
echo
|
|
fi
|
|
|
|
lighthouse_hosts() {
|
|
if [ "$LIGHTHOUSES" ]
|
|
then
|
|
echo
|
|
echo "$LIGHTHOUSES" | while read -r NEBULA_IP STATIC
|
|
do
|
|
echo " - '$NEBULA_IP'"
|
|
done
|
|
else
|
|
echo "[]"
|
|
fi
|
|
}
|
|
|
|
cat <<EOF
|
|
pki:
|
|
ca: ca.crt
|
|
cert: ${HOST}.crt
|
|
key: ${HOST}.key
|
|
|
|
lighthouse:
|
|
am_lighthouse: ${AM_LIGHTHOUSE:-false}
|
|
hosts: $(lighthouse_hosts)
|
|
remote_allow_list: ${REMOTE_ALLOW_LIST}
|
|
|
|
listen:
|
|
host: 0.0.0.0
|
|
port: ${LISTEN_PORT:-4242}
|
|
|
|
tun:
|
|
dev: ${TUN_DEV:-tun0}
|
|
|
|
firewall:
|
|
inbound_action: reject
|
|
outbound_action: reject
|
|
outbound: ${OUTBOUND:-$FIREWALL_ALL}
|
|
inbound: ${INBOUND:-$FIREWALL_ALL}
|
|
|
|
$(test -t 0 || cat)
|
|
EOF
|