From 54deb035f7509e42f31e351ad825b30018d81bb7 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Thu, 7 Aug 2025 15:50:23 +0000
Subject: [PATCH] working nebula inhstance

---
 hosts/common/core/nebula.nix | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/hosts/common/core/nebula.nix b/hosts/common/core/nebula.nix
index 21f1c70..218341a 100644
--- a/hosts/common/core/nebula.nix
+++ b/hosts/common/core/nebula.nix
@@ -11,21 +11,14 @@ in {
     then [''Hey you don't have a nebula config for this host, you should fix this ASAP so you can be connected to the mesh. If you don't know how to do this then contact your admin'']
     else [];
 
-  sops.secrets."keys/nebula" = lib.mkIf (builtins.hasAttr "${config.hostSpec.hostName}" s.hosts) {};
+  sops.secrets."keys/nebula" = lib.mkIf (builtins.hasAttr "${config.hostSpec.hostName}" s.hosts) {
+    owner = "nebula-wce";
+    inherit (config.users.users.${config.hostSpec.username}) group;
+  };
   services.nebula.networks.wce = lib.mkIf (builtins.hasAttr "${config.hostSpec.hostName}" s.hosts) {
     inherit (s) ca lighthouses staticHostMap;
     inherit (s.hosts.${config.hostSpec.hostName}) cert isLighthouse;
     key = config.sops.secrets."keys/nebula".path;
     enable = true;
-    firewall.outbound = {
-      host = lib.mkDefault "any";
-      port = lib.mkDefault "any";
-      proto = lib.mkDefault "any";
-    };
-    firewall.inbound = {
-      host = lib.mkDefault "any";
-      port = lib.mkDefault "any";
-      proto = lib.mkDefault "any";
-    };
   };
 }