Merge pull request #8 from a-mcf/add-relay-support

Trozz · web-flow · commit e645fade2d64 · 2023-06-12T20:31:35.000+01:00
Update to 1.6.1, add relay support
diff --git a/README.md b/README.md
@@ -40,6 +40,9 @@ Role Variables
 | `local_range` | String | Local range is used to define a hint about the local network range | NA | No |
 | `sshd.enabled` | Boolean | sshd can expose informational and administrative functions via ssh | NA | No |
 | `sshd.listen` | String | IP / Port for admin SSH functions | NA | No |
+| `relay.relays` | List | IP of hosts to use as a relay | NA | No |
+| `relay.am_relay` | String | Indicate whether host should act as a relay  | `false` | No |
+| `relay.use_relays` | String | Indicate whether host should attempt to connect through relays | `true` | No |
 | `metrics.prometheus` | Boolean | Enables prometheus server | NA | No |
 | `outbound` | List | Outbound rules for the built in firewall | `See Below` | Yes |
 | `inbound` | List | Inbound rules for the built in firewall | `See Below` | Yes |
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 # defaults file for .
-nebula_version: 1.5.0
+nebula_version: 1.6.1
 
 # force overwrite
 nebula_force_install: false
@@ -11,6 +11,10 @@ nebula_bin_directory: /bin
 # this will cause net.ipv4.ip_forward to be set to 1 to allow unsafe routes
 enable_ip_forward: false
 
+relay:
+  am_relay: "false"
+  use_relays: "true"
+
 tun:
   dev_name: nebula1
   drop_local_broadcast: false
diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2
@@ -71,6 +71,25 @@ sshd:
         #- "ssh public key string"
 {% endif %}
 
+{% if relay is defined %}
+# EXPERIMENTAL: relay support for networks that can't establish direct connections.
+relay:
+  # Relays are a list of Nebula IP's that peers can use to relay packets to me.
+  # IPs in this list must have am_relay set to true in their configs, otherwise
+  # they will reject relay requests.
+{% if relay.relays is defined %}
+  relays:
+{% for relay_host in relay.relays %}
+    - {{ relay_host }}
+{% endfor %}
+{% endif %}
+  # Set am_relay to true to permit other hosts to list my IP in their relays config. Default false.
+  am_relay: {{ relay.am_relay | default("false") }}
+  # Set use_relays to false to prevent this instance from attempting to establish connections through relays.
+  # default true
+  use_relays: {{ relay.use_relay | default("true") }}
+{% endif %}
+
 # Configure the private interface. Note: addr is baked into the nebula certificate
 tun:
   # Name of the device
