Does anybody know if there is any chance of running a Nebula node on an Opalstack shared server?
This is really just an intellectual curiosity more than anything else. The Opalstack server is already a public IP, so it kind of defeats the point of adding it to a Nebula mesh.
I found this service file below that requires CAP_NET_ADMIN
and CAP_NET_BIND_SERVICE
privileges for the process.
Then I realised that Opalstack appears to disable systemctl --user
calls.
Anyway 🙂 Any takers?
# Systemd unit file for Nebula
#
[Unit]
Description=Nebula
Wants=basic.target
After=basic.target network.target
Before=sshd.service
[Service]
ExecStartPre=/home/username/local/nebula/nebula -test -config /home/username/.config/nebula/config.yaml
ExecStart=/home/username/local/nebula/nebula -config /home/username/.config/nebula/config.yaml
ExecReload=/bin/kill -HUP $MAINPID
RuntimeDirectory=nebula
ConfigurationDirectory=nebula
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ProtectControlGroups=true
ProtectHome=true
ProtectKernelTunables=true
ProtectSystem=full
User=nebula
Group=nebula
SyslogIdentifier=nebula
Restart=always
RestartSec=2
TimeoutStopSec=5
StartLimitInterval=0
LimitNOFILE=131072
Nice=-1
[Install]
WantedBy=multi-user.target