Skip to content

Nebula

Jump to bottom
Dmitry Nourell edited this page Dec 14, 2025 · 3 revisions

Installation

As Hackfed is built entirely on IPv6, you need a nightly build (as of Dec 2025) of Nebula available there: https://github.com/NebulaOSS/nebula-nightly/releases

Certificate Request

To join Hackfed, you need to submit a public key to Technical Committee to exchange it for a valid Nebula Certificate.

# Generate a keypair
nebula-cert keygen -out-key acme.key -out-pub acme.pub

# acme.pub is the public key you need.

Configuration

This configuration example is enough to participate as a Hackfed node without any additional changes.

# The firewall is default deny. There is no way to write a deny rule.
firewall:
  # Allow all traffic from this node
  outbound:
    - port: any
      proto: any
      host: any

  inbound:
    # Allow ICMP from any nodes
    - port: any
      proto: icmp
      host: any

    # Allow IAX2 on 4569
    - port: 4569
      proto: any
      host: any

    # Allow Hackfed/Phonebook on 7767/tcp
    - port: 7767
      proto: tcp
      host: any

# Keychain
pki:
  ca: /etc/nebula/ca.crt
  cert: /etc/nebula/host.crt
  key: /etc/nebula/host.key

# Use AES-256-GCM
cipher: aes

# List of known hosts and their public IPs to bootstrap from
static_host_map:
  "fd79:7636:1f08:883d::008": ["lanskoe.loc.bksp.in:39242"]
  "fd79:7636:1f08:883d::009": ["ta.leitud.ee:39242"]

# Lighthouses are used by hosts to discover each other.
lighthouse:
  am_lighthouse: false
  hosts:
    - "fd79:7636:1f08:883d::008"
    - "fd79:7636:1f08:883d::009"

# Listen for Nebula connections on all interfaces
listen:
  host: "::"
  port: 39242

# Spawn "hackfed0" TUN interface for Nebula traffic
tun:
  dev: hackfed0

# Only output errors
logging:
  level: error
  format: text

Please refer to Nebula Config Reference for more info and available opts.

Lighthouse

Note

Being Lighthouse requires a static IP address and somewhat stable uptime.

You may help Hackfed peers to discover each other by enabling Lighthouse capability on your node.

To do this, introduce the following changes to your configuration file:

lighthouse:
  # Enable Lighthouse capability
  am_lighthouse: true

  # Remove other Lighthouses addresses
  # hosts:

Then, reach out to Technical Committee so we can verify and include your node into list of available Lighthouses.

Clone this wiki locally