nixos/nebula-lighthouse-service: init module

2025-10-22 13:20:19 +00:00
parent d263b03d7e
commit d43a689188
6 changed files with 101 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-2511.section.md
+++ b/nixos/doc/manual/release-notes/rl-2511.section.md
@@ -128,6 +128,8 @@

 - [dwl](https://codeberg.org/dwl/dwl), a compact, hackable compositor for Wayland based on wlroots. Available as [programs.dwl](#opt-programs.dwl.enable).

+- [nebula-lighthouse-service](https://github.com/manuels/nebula-lighthouse-service), a public nebula lighthouse service. Avaliable as [services.nebula-lighthouse-service](#opt-services.nebula-lighthouse-service.enable).
+
 - [angrr](https://github.com/linyinfeng/angrr), a service that automatically cleans up old auto GC roots. Available as [services.angrr](#opt-services.angrr.enable).

 - [Sharkey](https://joinsharkey.org), a Sharkish microblogging platform. Available as [services.sharkey](#opt-services.sharkey.enable).
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1267,6 +1267,7 @@
  ./services/networking/ncdns.nix
  ./services/networking/ncps.nix
  ./services/networking/ndppd.nix
+  ./services/networking/nebula-lighthouse-service.nix
  ./services/networking/nebula.nix
  ./services/networking/netbird.nix
  ./services/networking/netbird/server.nix
--- a/nixos/modules/services/networking/nebula-lighthouse-service.nix
+++ b/nixos/modules/services/networking/nebula-lighthouse-service.nix
@@ -0,0 +1,59 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.services.nebula-lighthouse-service;
+  settingsFormat = pkgs.formats.yaml { };
+in
+{
+
+  options.services.nebula-lighthouse-service = {
+    enable = lib.mkEnableOption ''If enabled, NixOS will enable a systemd unit for nebula-lighthouse-service'';
+    settings = lib.mkOption {
+      type = settingsFormat.type;
+      default = { };
+      description = ''
+        Configuration for nebula-lighthouse-service.
+      '';
+      example = ''
+        max-port = 65535;
+        min-port = 49152;
+        "webserver.ip" = "127.0.0.1";
+        "webserver.port" = 8080;
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nebula-lighthouse-service.settings = {
+      min-port = lib.mkDefault 49152;
+      max-port = lib.mkDefault 65535;
+      "webserver.port" = lib.mkDefault 8080;
+      "webserver.ip" = lib.mkDefault "127.0.0.1";
+    };
+    environment.etc."nebula-lighthouse-service/config.yaml".source =
+      settingsFormat.generate "nebula-lighthouse-service-config.yaml" cfg.settings;
+    systemd.services.nebula-lighthouse-service = {
+      description = "Run nebula-lighthouse-service";
+      wants = [ "basic.target" ];
+      after = [
+        "basic.target"
+        "network.target"
+      ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "exec";
+        Restart = "always";
+        ExecStart = "${pkgs.nebula-lighthouse-service}/bin/nebula-lighthouse-service";
+        StateDirectory = "nebula-lighthouse-service";
+      };
+    };
+  };
+  meta.maintainers = with lib.maintainers; [
+    bloominstrong
+  ];
+}
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1013,6 +1013,7 @@ in
  ndppd = runTest ./ndppd.nix;
  nebula.connectivity = runTest ./nebula/connectivity.nix;
  nebula.reload = runTest ./nebula/reload.nix;
+  nebula-lighthouse-service = runTest ./nebula-lighthouse-service.nix;
  neo4j = runTest ./neo4j.nix;
  netbird = runTest ./netbird.nix;
  netbox-upgrade = runTest ./web-apps/netbox-upgrade.nix;
--- a/nixos/tests/nebula-lighthouse-service.nix
+++ b/nixos/tests/nebula-lighthouse-service.nix
@@ -0,0 +1,33 @@
+{ pkgs, lib, ... }:
+{
+  name = "nebula-lighthouse-service";
+
+  meta.maintainers = with lib.maintainers; [
+    bloominstrong
+  ];
+
+  nodes.machine =
+    { ... }:
+    {
+      environment.systemPackages = with pkgs; [
+        nebula
+      ];
+      services.nebula-lighthouse-service.enable = true;
+
+    };
+
+  testScript = ''
+    start_all()
+    machine.succeed(
+      'nebula-cert ca -duration $((10*365*24*60))m -name "NLS Test" -out-crt ca.crt -out-key ca.key',
+      'nebula-cert sign -duration $((365*24*60))m -ca-crt ca.crt -ca-key ca.key -name "lighthouse" -groups "lighthouse" -ip "10.0.100.1/24" -out-crt lighthouse.crt -out-key lighthouse.key'
+    )
+    machine.wait_for_unit("nebula-lighthouse-service.service")
+    machine.wait_for_open_port(8080)
+    machine.succeed(
+      'curl -X POST "http://127.0.0.1:8080/lighthouse/" -F ca_crt=@./ca.crt -F host_crt=@./lighthouse.crt -F host_key=@./lighthouse.key',
+      'curl -X GET "http://127.0.0.1:8080/lighthouse/" -F ca_crt=@./ca.crt -F host_crt=@./lighthouse.crt -F host_key=@./lighthouse.key',
+      'pgrep -x nebula'
+    )
+  '';
+}
--- a/pkgs/by-name/ne/nebula-lighthouse-service/package.nix
+++ b/pkgs/by-name/ne/nebula-lighthouse-service/package.nix
@@ -3,6 +3,7 @@
  fetchFromGitHub,
  python3Packages,
  nebula,
+  nixosTests,
 }:

 python3Packages.buildPythonApplication rec {
@@ -45,6 +46,10 @@ python3Packages.buildPythonApplication rec {
    "nebula_lighthouse_service"
  ];

+  passthru.tests = {
+    nebula-lighthouse-service = nixosTests.nebula-lighthouse-service;
+  };
+
  meta = {
    description = "Public Nebula VPN Lighthouse Service, you can use it in case you don’t have a publicly accessible server to run your own Nebula Lighthouse";
    homepage = "https://github.com/manuels/nebula-lighthouse-service";