Thank you @sean and sorry for the late reply. I really appreciate your support!
If you can successfully run the commands shown in the service file then you should be able to get it running here.
I think this might be a dead end. Nebula needs to create a
utun device to run, which normally requires root. My hope was that by declaring a
systemd user unit that required
CAP_NET_BIND_SERVICE I could work around root, but I doubt this would fly on a shared host 🙂
Like I said earlier, this is more of an intellectual curiosity than a need at this point.
BTW, if you are familiar with Tailscale, Nebula is identical in purpose, but uses a different PKI architecture and is fully OSS. Can be quite handy for placing a number of hosts on the same virtual "overlay" network.