Network Options
turbo.networking.argo-tunnel.enable
Enable Argo Tunnel Endpoint
Type: boolean
Default
false
turbo.networking.argo-tunnel.tunnels
Tunnels to create
to generate token: cloudflared tunnel create my-secret-app
Type: attribute set of submodule
Default
{}
Example
"my-secret-app = {\n credentialsFile = \"/persist/secrets/cf-vnc-tunnel.json\";\n tunnelId = \"abcdefgh-abcd-abcd-abcd-abcdabcdabcd\";\n ingress = [\n {\n service = \"http://[::1]\";\n }\n ];\n};\n"
turbo.networking.argo-tunnel.tunnels.<name>.credentialsFile
Credential JSON file for tunnel
Type: path
Default
null
turbo.networking.argo-tunnel.tunnels.<name>.ingress
Ingress to create
Type: list of submodule
Default
[]
turbo.networking.argo-tunnel.tunnels.<name>.ingress.*.hostname
match rules for host
Type: null or string
Default
null
Example
"gitlab.widgetcorp.tech\n"
turbo.networking.argo-tunnel.tunnels.<name>.ingress.*.service
target URL https://developers.cloudflare.com/cloudflare-one/applications/non-http
Type: string
Example
"http://localhost:80\n"
turbo.networking.argo-tunnel.tunnels.<name>.tunnelId
Tunnel UUID
Type: string
Default
null
turbo.networking.firewall.enable
Enable the ferm firewall
Type: boolean
Default
false
turbo.networking.firewall.extraConfigs
Extra configs to be added
Type: list of string
Default
[]
turbo.networking.firewall.filterInputRules
Common INPUT rules for both v4 and v6
Type: list of submodule
Default
[]
turbo.networking.firewall.filterInputRules.*.action
Action
Type: string
Default
"ACCEPT"
turbo.networking.firewall.filterInputRules.*.args
Extra arguments following the action
Type: null or string
Default
null
turbo.networking.firewall.filterInputRules.*.daddr
Destination address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.filterInputRules.*.description
Description
Type: null or string
Default
null
turbo.networking.firewall.filterInputRules.*.dport
Destination port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.filterInputRules.*.extraFilters
Extra filters
Type: string
Default
""
turbo.networking.firewall.filterInputRules.*.interface
Incoming interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.filterInputRules.*.mark
Match mark
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.filterInputRules.*.module
Load module
Type: null or string
Default
null
turbo.networking.firewall.filterInputRules.*.outerface
Outgoing interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.filterInputRules.*.proto
Protocol
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.filterInputRules.*.saddr
Source address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.filterInputRules.*.sport
Source port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip
ip
Type: submodule
Default
{}
turbo.networking.firewall.ip.filter
filter table
Type: submodule
Default
{}
turbo.networking.firewall.ip.filter.appends
Extra configs to be appended
Type: list of string
Default
[]
turbo.networking.firewall.ip.filter.chains
Chains
Type: attribute set of submodule
Default
{}
turbo.networking.firewall.ip.filter.chains.<name>.appends
Rules to append
Type: list of string
Default
[]
turbo.networking.firewall.ip.filter.chains.<name>.policy
Policy
Type: null or string
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.prepends
Rules to prepend
Type: list of string
Default
[]
turbo.networking.firewall.ip.filter.chains.<name>.rules
Rules
Type: list of submodule
Default
[]
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.action
Action
Type: string
Default
"ACCEPT"
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.args
Extra arguments following the action
Type: null or string
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.daddr
Destination address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.description
Description
Type: null or string
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.dport
Destination port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.extraFilters
Extra filters
Type: string
Default
""
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.interface
Incoming interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.mark
Match mark
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.module
Load module
Type: null or string
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.outerface
Outgoing interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.proto
Protocol
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.saddr
Source address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.chains.<name>.rules.*.sport
Source port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.filter.prepends
Extra configs to be prepended
Type: list of string
Default
[]
turbo.networking.firewall.ip.mangle
mangle table
Type: submodule
Default
{}
turbo.networking.firewall.ip.mangle.appends
Extra configs to be appended
Type: list of string
Default
[]
turbo.networking.firewall.ip.mangle.chains
Chains
Type: attribute set of submodule
Default
{}
turbo.networking.firewall.ip.mangle.chains.<name>.appends
Rules to append
Type: list of string
Default
[]
turbo.networking.firewall.ip.mangle.chains.<name>.policy
Policy
Type: null or string
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.prepends
Rules to prepend
Type: list of string
Default
[]
turbo.networking.firewall.ip.mangle.chains.<name>.rules
Rules
Type: list of submodule
Default
[]
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.action
Action
Type: string
Default
"ACCEPT"
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.args
Extra arguments following the action
Type: null or string
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.daddr
Destination address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.description
Description
Type: null or string
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.dport
Destination port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.extraFilters
Extra filters
Type: string
Default
""
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.interface
Incoming interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.mark
Match mark
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.module
Load module
Type: null or string
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.outerface
Outgoing interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.proto
Protocol
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.saddr
Source address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.chains.<name>.rules.*.sport
Source port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.mangle.prepends
Extra configs to be prepended
Type: list of string
Default
[]
turbo.networking.firewall.ip.nat
nat table
Type: submodule
Default
{}
turbo.networking.firewall.ip.nat.appends
Extra configs to be appended
Type: list of string
Default
[]
turbo.networking.firewall.ip.nat.chains
Chains
Type: attribute set of submodule
Default
{}
turbo.networking.firewall.ip.nat.chains.<name>.appends
Rules to append
Type: list of string
Default
[]
turbo.networking.firewall.ip.nat.chains.<name>.policy
Policy
Type: null or string
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.prepends
Rules to prepend
Type: list of string
Default
[]
turbo.networking.firewall.ip.nat.chains.<name>.rules
Rules
Type: list of submodule
Default
[]
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.action
Action
Type: string
Default
"ACCEPT"
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.args
Extra arguments following the action
Type: null or string
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.daddr
Destination address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.description
Description
Type: null or string
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.dport
Destination port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.extraFilters
Extra filters
Type: string
Default
""
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.interface
Incoming interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.mark
Match mark
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.module
Load module
Type: null or string
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.outerface
Outgoing interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.proto
Protocol
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.saddr
Source address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.chains.<name>.rules.*.sport
Source port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip.nat.prepends
Extra configs to be prepended
Type: list of string
Default
[]
turbo.networking.firewall.ip6
ip6
Type: submodule
Default
{}
turbo.networking.firewall.ip6.filter
filter table
Type: submodule
Default
{}
turbo.networking.firewall.ip6.filter.appends
Extra configs to be appended
Type: list of string
Default
[]
turbo.networking.firewall.ip6.filter.chains
Chains
Type: attribute set of submodule
Default
{}
turbo.networking.firewall.ip6.filter.chains.<name>.appends
Rules to append
Type: list of string
Default
[]
turbo.networking.firewall.ip6.filter.chains.<name>.policy
Policy
Type: null or string
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.prepends
Rules to prepend
Type: list of string
Default
[]
turbo.networking.firewall.ip6.filter.chains.<name>.rules
Rules
Type: list of submodule
Default
[]
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.action
Action
Type: string
Default
"ACCEPT"
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.args
Extra arguments following the action
Type: null or string
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.daddr
Destination address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.description
Description
Type: null or string
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.dport
Destination port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.extraFilters
Extra filters
Type: string
Default
""
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.interface
Incoming interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.mark
Match mark
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.module
Load module
Type: null or string
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.outerface
Outgoing interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.proto
Protocol
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.saddr
Source address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.chains.<name>.rules.*.sport
Source port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.filter.prepends
Extra configs to be prepended
Type: list of string
Default
[]
turbo.networking.firewall.ip6.mangle
mangle table
Type: submodule
Default
{}
turbo.networking.firewall.ip6.mangle.appends
Extra configs to be appended
Type: list of string
Default
[]
turbo.networking.firewall.ip6.mangle.chains
Chains
Type: attribute set of submodule
Default
{}
turbo.networking.firewall.ip6.mangle.chains.<name>.appends
Rules to append
Type: list of string
Default
[]
turbo.networking.firewall.ip6.mangle.chains.<name>.policy
Policy
Type: null or string
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.prepends
Rules to prepend
Type: list of string
Default
[]
turbo.networking.firewall.ip6.mangle.chains.<name>.rules
Rules
Type: list of submodule
Default
[]
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.action
Action
Type: string
Default
"ACCEPT"
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.args
Extra arguments following the action
Type: null or string
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.daddr
Destination address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.description
Description
Type: null or string
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.dport
Destination port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.extraFilters
Extra filters
Type: string
Default
""
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.interface
Incoming interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.mark
Match mark
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.module
Load module
Type: null or string
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.outerface
Outgoing interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.proto
Protocol
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.saddr
Source address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.chains.<name>.rules.*.sport
Source port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.mangle.prepends
Extra configs to be prepended
Type: list of string
Default
[]
turbo.networking.firewall.ip6.nat
nat table
Type: submodule
Default
{}
turbo.networking.firewall.ip6.nat.appends
Extra configs to be appended
Type: list of string
Default
[]
turbo.networking.firewall.ip6.nat.chains
Chains
Type: attribute set of submodule
Default
{}
turbo.networking.firewall.ip6.nat.chains.<name>.appends
Rules to append
Type: list of string
Default
[]
turbo.networking.firewall.ip6.nat.chains.<name>.policy
Policy
Type: null or string
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.prepends
Rules to prepend
Type: list of string
Default
[]
turbo.networking.firewall.ip6.nat.chains.<name>.rules
Rules
Type: list of submodule
Default
[]
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.action
Action
Type: string
Default
"ACCEPT"
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.args
Extra arguments following the action
Type: null or string
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.daddr
Destination address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.description
Description
Type: null or string
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.dport
Destination port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.extraFilters
Extra filters
Type: string
Default
""
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.interface
Incoming interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.mark
Match mark
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.module
Load module
Type: null or string
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.outerface
Outgoing interface
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.proto
Protocol
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.saddr
Source address
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.chains.<name>.rules.*.sport
Source port
Type: null or string or unsigned integer, meaning >=0 or list of string or unsigned integer, meaning >=0
Default
null
turbo.networking.firewall.ip6.nat.prepends
Extra configs to be prepended
Type: list of string
Default
[]
turbo.networking.firewall.macros
Macros
If you define a macro named abc, then @abc@ in all rules will be replaced with its content.
Type: attribute set of string
Default
{}
turbo.networking.firewall.portForward
A list of port-forward rules to render
Type: list of submodule
Default
[]
turbo.networking.firewall.portForward.*.dstIp
Forward to which host
Type: string
Example
"192.168.1.100"
turbo.networking.firewall.portForward.*.dstPort
Outbound dst port
Type: unsigned integer, meaning >=0
Example
22
turbo.networking.firewall.portForward.*.interface
Inbound interface
Type: string
Default
""
Example
"eth0"
turbo.networking.firewall.portForward.*.protocol
What protocol to forward
Type: null or one of "tcp", "udp"
Default
null
turbo.networking.firewall.portForward.*.srcPort
Inbound dst port
Type: unsigned integer, meaning >=0
Example
22
turbo.networking.isp-split-tunnel.enable
Whether to enable ISP split-tunneling setup.
Type: boolean
Default
false
Example
true
turbo.networking.isp-split-tunnel.interface
Name of the provider interface
Type: string
turbo.networking.isp-split-tunnel.v4
Provider IPv4 address
Type: null or string
Default
null
turbo.networking.isp-split-tunnel.v6
Provider IPv6 address
Type: null or string
Default
null
turbo.networking.ngtun.defaultGroupConfig.fullMesh
Whether to enable full mesh for all nodes in the group
Type: boolean
Default
false
turbo.networking.ngtun.defaultGroupConfig.hubs
Nodes to which all nodes in the group should have a tunnel
Useful for regional hub-and-spokes networks.
Type: list of string
Default
[]
turbo.networking.ngtun.enable
Participate in the mesh
The group configurations must be identical on
all nodes, as the tunnels are created "from their
perspective."
Type: boolean
Default
true
turbo.networking.ngtun.generatedTunnels.<name>.cost
Cost
Type: unsigned integer, meaning >=0
turbo.networking.ngtun.generatedTunnels.<name>.endpoint
Endpoint
Type: null or string
turbo.networking.ngtun.generatedTunnels.<name>.linkLocalId
Link local identifier
Type: unsigned integer, meaning >=0
turbo.networking.ngtun.generatedTunnels.<name>.listenPort
Port to listen on
Type: unsigned integer, meaning >=0
turbo.networking.ngtun.generatedTunnels.<name>.peer
Name of the node
Type: string
turbo.networking.ngtun.generatedTunnels.<name>.persistentKeepalive
Whether to enable persistent keep-alive
Type: boolean
Default
false
turbo.networking.ngtun.generatedTunnels.<name>.publicKey
Peer public key
Type: string
turbo.networking.ngtun.global
Global options
Type: submodule
Default
{}
turbo.networking.ngtun.global.defaultCost
Default cost
Type: unsigned integer, meaning >=0
Default
20
turbo.networking.ngtun.global.fwMark
Firewall mark
Type: unsigned integer, meaning >=0
turbo.networking.ngtun.global.portBase
Port base
For each tunnel, the listening port is computed as: Port Base + 100 * Self ID + Peer ID
Type: unsigned integer, meaning >=0
turbo.networking.ngtun.groups
Groups
Must be identical across all nodes. Specify this in the common configurations.
Type: attribute set of submodule
Default
{}
turbo.networking.ngtun.groups.<name>.fullMesh
Whether to enable full mesh for all nodes in the group
Type: boolean
Default
false
turbo.networking.ngtun.groups.<name>.hubs
Nodes to which all nodes in the group should have a tunnel
Useful for regional hub-and-spokes networks.
Type: list of string
Default
[]
turbo.networking.ngtun.node
Node options
Type: submodule
Default
{}
turbo.networking.ngtun.node.costs
Known costs to specified peers
The cost of a tunnel will be the highest of the specified costs between the two nodes, and defaults to global.defaultCost if neither has specified a cost.
Type: attribute set of unsigned integer, meaning >=0
Default
{}
Example
{"node-b":100,"node-c":1,"node-d":999}
turbo.networking.ngtun.node.endpoint
Static endpoint
It's possible for a node to have no static endpoints at all.
Type: submodule
Default
{}
turbo.networking.ngtun.node.endpoint.ipv4
The IPv4 endpoint (host only)
Type: null or string
Default
null
turbo.networking.ngtun.node.endpoint.ipv6
The IPv6 endpoint (host only)
Type: null or string
Default
null
turbo.networking.ngtun.node.extraPeers
List of additional peers to create tunnels to
Type: list of string
Default
[]
turbo.networking.ngtun.node.groups
Groups this node belongs to
Type: list of string
Default
[]
turbo.networking.ngtun.node.id
Unique numerical ID for the node
This ID must be unique among all nodes, or at least among the nodes it will have a tunnel to.
Type: null or unsigned integer, meaning >=0
Default
null
turbo.networking.ngtun.node.persistentKeepalive
Whether to enable persistent keep-alive for all tunnels on this node.
For "auto", persistent keep-alive will be enabled:
- If the tunnel will be established over an address family for which we don't have a static endpoint
Type: one of "auto", "yes", "no"
Default
"auto"
turbo.networking.ngtun.node.privateKey
WireGuard private key for the node
Type: null or string
Default
null
turbo.networking.ngtun.node.supportedFamilies
List of address families supported by the node.
Defaults to the families for which an endpoint is configured.
Type: list of one of "ipv4", "ipv6"
Default
[]
turbo.networking.rename-interfaces.enable
Rename network interfaces based on MAC address
Type: boolean
Default
false
turbo.networking.rename-interfaces.interfaces
Interfaces
Type: attribute set of string
turbo.networking.rename-interfaces.method
Method to rename the interfaces
Type: one of "udev", "networkd"
Default
"networkd"
turbo.networking.routing.addresses
Addresses of the router.
Type: submodule
Default
{"dn4":null,"dn6":null,"v4":null,"v6":null}
turbo.networking.routing.addresses.dn4
DN42 IPv4 Address
Type: null or string
Default
null
turbo.networking.routing.addresses.dn6
DN42 IPv6 Address
Type: null or string
Default
null
turbo.networking.routing.addresses.v4
IPv4 Address
Type: null or string
Default
null
turbo.networking.routing.addresses.v6
IPv6 Address
Type: null or string
Default
null
turbo.networking.routing.asns
ASNs of the router.
Type: submodule
turbo.networking.routing.asns.dfz
Internet ASN
Type: unsigned integer, meaning >=0
turbo.networking.routing.asns.dn42
DN42 ASN
Type: unsigned integer, meaning >=0
turbo.networking.routing.bird2.baseConfig
Base config package
${baseConfig}/bird.conf will be included in the final configurations.
Type: package
turbo.networking.routing.bird2.bgpSessions
BGP protocol instances
Type: attribute set of submodule
Default
{}
turbo.networking.routing.bird2.bgpSessions.<name>.addPaths
Whether to enable the add-path/multipath extension
Type: boolean or one of "off", "on", "rx", "tx"
Default
false
Example
"rx"
turbo.networking.routing.bird2.bgpSessions.<name>.description
Description
Type: null or string
Default
null
turbo.networking.routing.bird2.bgpSessions.<name>.exportFilter
Replace or add to the default export filter
Take care when using it for iBGP.
Type: string or submodule
Default
{"append":"","prepend":""}
turbo.networking.routing.bird2.bgpSessions.<name>.extraChannelConfigs
Extra configurations for channel
Type: attribute set of string
Default
{}
turbo.networking.routing.bird2.bgpSessions.<name>.extraConfigs
Extra configurations
Type: string
Default
""
turbo.networking.routing.bird2.bgpSessions.<name>.extraParams
Extra params to be used (Ignored by IBGP)
Type: list of list of string
Default
[]
Example
"[ [\"MISC\" \"MISC_DONT_REWRITE_NEXTHOP\"] ]"
turbo.networking.routing.bird2.bgpSessions.<name>.iBgp
This session is an iBGP session.
If true, most other options will be ignored.
Type: boolean
Default
false
turbo.networking.routing.bird2.bgpSessions.<name>.ibgpExportExternal
Export external routes to iBGP peer
If disabled, we only export our own and downstreams' routes.
Ignored for eBGP.
Type: boolean
Default
true
turbo.networking.routing.bird2.bgpSessions.<name>.importFilter
Replace or add to the default import filter
Take care when using it for iBGP.
Type: string or submodule
Default
{"append":"","prepend":""}
turbo.networking.routing.bird2.bgpSessions.<name>.localAS
Local ASN
Ignored for iBGP (will always use IBGP_ASN).
Type: unsigned integer, meaning >=0
turbo.networking.routing.bird2.bgpSessions.<name>.localPref
Default local-pref value to apply
Ignored for iBGP. null means use default.
Type: null or unsigned integer, meaning >=0
Default
null
turbo.networking.routing.bird2.bgpSessions.<name>.multihop
Whether to use multihop or not
Ignored for iBGP.
Type: boolean or unsigned integer, meaning >=0
Default
false
Example
2
turbo.networking.routing.bird2.bgpSessions.<name>.neighbor
Peer endpoint
Type: string
turbo.networking.routing.bird2.bgpSessions.<name>.network
Network
Ignored for iBGP.
Type: one of "dfz", "dn42"
Default
"dfz"
turbo.networking.routing.bird2.bgpSessions.<name>.nextHopKeep
Channels to activate next hop keep for
Ignored for iBGP.
Type: list of one of "ipv4", "ipv6"
Default
[]
turbo.networking.routing.bird2.bgpSessions.<name>.password
MD5 password to use
Type: null or string
Default
null
turbo.networking.routing.bird2.bgpSessions.<name>.peerAS
Peer ASN
Ignored for iBGP (will always use IBGP_ASN).
Type: unsigned integer, meaning >=0
turbo.networking.routing.bird2.bgpSessions.<name>.prefixes
List of prefixes to accept. If empty, don't enable prefix list ACL.
Type: list of string
Default
[]
Example
["1.2.3.0/24"]
turbo.networking.routing.bird2.bgpSessions.<name>.protocols
Protocols to enable
Ignored for iBGP. Both IPv4 and IPv6 are always enabled.
Type: list of one of "ipv4", "ipv6"
Default
["ipv4","ipv6"]
turbo.networking.routing.bird2.bgpSessions.<name>.realPeerAS
Real peer ASN for purpose of filtering
Ignored for iBGP.
Type: null or unsigned integer, meaning >=0
Default
null
turbo.networking.routing.bird2.bgpSessions.<name>.relationship
Relationship
Ignored for iBGP.
Type: one of "upstream", "downstream", "peer", "ixp", "collector", "bilateral"
Default
"peer"
turbo.networking.routing.bird2.bgpSessions.<name>.rr
We are a route reflector
Also consider turning on addPaths. RR should at least do tx, and clients should rx.
Ignored for eBGP.
Type: boolean
Default
false
turbo.networking.routing.bird2.bgpSessions.<name>.sourceAddress
Source address to connect with
Ignored for iBGP.
Type: null or string
Default
null
turbo.networking.routing.bird2.birdPackage
The BIRD 2 package to use
Type: package
Default
{"_type":"derivation","name":"bird-2.0.10"}
turbo.networking.routing.bird2.communityAsn
The ASN used for public control communities
Type: unsigned integer, meaning >=0
Example
12345
turbo.networking.routing.bird2.enable
Run bird2 on this machine
Type: boolean
Default
false
turbo.networking.routing.bird2.extraConfigs
Extra configurations
Type: strings concatenated with "\n"
Default
""
turbo.networking.routing.bird2.iBgpAsn
The ASN used for iBGP sessions
Type: unsigned integer, meaning >=0
Example
12345
turbo.networking.routing.bird2.ibgp
Set up iBGP sessions
Type: boolean
Default
true
turbo.networking.routing.bird2.numericId
The numeric ID for community tagging
Type: unsigned integer, meaning >=0
Default
0
Example
"1.2.3.4"
turbo.networking.routing.bird2.ospfProtocols
OSPF protocol instances
Type: attribute set of submodule
Default
{}
turbo.networking.routing.bird2.ospfProtocols.<name>.areas
Areas
Type: attribute set of submodule
Default
{"backbone":{"id":0}}
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.extraConfigs
Extra area configurations
Type: string
Default
""
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.id
Area ID
Can be an integer or an IPv4 address, like routerId.
Type: string or unsigned integer, meaning >=0
Example
"0.0.0.0"
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces
Interfaces
Type: attribute set of submodule
Default
{}
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces.<name>.authentication
OSPF authentication type
For null, the field will be entirely omitted
if password is also null. Otherwise,
"authentication cryptographic;" will be
emitted. Leave both this field and password
null if you wish to configure authentication
in extraConfigs.
Type: null or one of "auto", "none", "cryptographic"
Default
null
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces.<name>.cost
Cost
Type: null or unsigned integer, meaning >=0
Default
null
Example
10
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces.<name>.extraConfigs
Extra area configurations
Type: string
Default
""
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces.<name>.instance
Instance ID
Type: null or unsigned integer, meaning >=0
Default
null
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces.<name>.interfaces
Interface pattern(s)
Leave empty to use the name of this section as the interface name.
Type: null or list of string
Default
null
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces.<name>.password
OSPF password
If you want to specify other options like
the algorithm, leave this field and authentication
null and use extraConfigs :)
Type: null or string
Default
null
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.interfaces.<name>.stub
Stub interface
Type: boolean
Default
false
turbo.networking.routing.bird2.ospfProtocols.<name>.areas.<name>.stub
Stub area
Type: one of "no", "stub", "nssa"
Default
"no"
turbo.networking.routing.bird2.ospfProtocols.<name>.description
Description
Type: null or string
Default
null
turbo.networking.routing.bird2.ospfProtocols.<name>.extraChannelConfigs
Extra channel configurations
Type: string
Default
""
turbo.networking.routing.bird2.ospfProtocols.<name>.extraConfigs
Extra configurations
Type: strings concatenated with "\n"
Default
""
turbo.networking.routing.bird2.ospfProtocols.<name>.protocol
Protocol
Type: one of "ipv4", "ipv6"
turbo.networking.routing.bird2.ospfProtocols.<name>.version
Version
Type:
one of
Default
null
turbo.networking.routing.bird2.ownPrefixes4
IPv4 prefixes that we own
We expect not to receive those prefixes over eBGP.
Type: list of string
Default
["0.0.0.0/32"]
Example
["1.2.3.0/24"]
turbo.networking.routing.bird2.ownPrefixes6
IPv6 prefixes that we own
We expect not to receive those prefixes over eBGP.
Type: list of string
Default
["::/128"]
Example
["fd42:1234:5678::/48"]
turbo.networking.routing.bird2.routerId
The router ID
Type: string
Example
"1.2.3.4"
turbo.networking.routing.bird2.staticProtocols
Static protocol instances
Type: attribute set of submodule
Default
{}
turbo.networking.routing.bird2.staticProtocols.<name>.description
Description
Type: null or string
Default
null
turbo.networking.routing.bird2.staticProtocols.<name>.extraChannelConfigs
Extra channel configurations
Type: strings concatenated with "\n"
Default
""
turbo.networking.routing.bird2.staticProtocols.<name>.importFilter
Replace or add to the default import filter
Type: string or submodule
Default
{"append":"","prepend":""}
turbo.networking.routing.bird2.staticProtocols.<name>.protocol
Protocol
Type: one of "ipv4", "ipv6"
turbo.networking.routing.bird2.staticProtocols.<name>.routes
Routes
Type: list of string
turbo.networking.routing.bird2.staticProtocols.<name>.table
Table
Type: null or string
Default
null
turbo.networking.routing.core
Whether this router is a core router.
Type: boolean
Default
false
turbo.networking.routing.enable
Whether to use this machine as a router.
Type: boolean
Default
false
turbo.networking.routing.jool.enable
Run Jool, a NAT64 gateway, on this machine
Type: boolean
Default
false
turbo.networking.routing.jool.instances
A set of NAT64 instances to run
Configure SIIT instances in siitInstances.
Type: attribute set of submodule
Default
{}
turbo.networking.routing.jool.instances.<name>.config
The JSON configuration file
See https://jool.mx/en/config-atomic.html for examples.
Type: string
turbo.networking.routing.name
Name of the router.
Type: null or string
Default
null
turbo.networking.routing.ngtun
Enable ngtun configurations.
Type: boolean
Default
true
turbo.networking.routing.region
Physical region of the router.
Type: null or one of "eu", "na_e", "na_c", "na_w", "ap_e", "ap_o"
Default
null
turbo.networking.routing.rtr.enable
Run RPKI RTR daemon
Type: boolean
Default
false
turbo.networking.routing.rtr.port
Port to listen on
Type: unsigned integer, meaning >=0
Default
8282
turbo.networking.routing.rtr.publicKey
Path to RPKI cache signing key
Type: path
Default
"/nix/store/d5s2mvxp9jb1sclqjsrm78f2d9lk0in4-cf.pub"
turbo.networking.routing.stub
Whether this router is a stub router.
Type: boolean
Default
false
turbo.networking.wireguard.backend
Backend to use
Defaults to userspace (boringtun) for containers, and kernel (systemd-networkd) otherwise.
Type: one of "kernel", "userspace"
Default
{"_type":"literalExpression","text":"if config.boot.isContainer then \"userspace\" else \"kernel\""}
turbo.networking.wireguard.tunnels
Tunnels
Type: attribute set of submodule
Default
{}
turbo.networking.wireguard.tunnels.<name>.fwMark
Firewall mark
Type: unsigned integer, meaning >=0
turbo.networking.wireguard.tunnels.<name>.listenPort
Port to listen on
Type: unsigned integer, meaning >=0
turbo.networking.wireguard.tunnels.<name>.peers
Peers
Type: list of submodule
turbo.networking.wireguard.tunnels.<name>.peers.*.allowedIPs
Allowed IPs
Type: list of string
Default
[]
turbo.networking.wireguard.tunnels.<name>.peers.*.endpoint
Endpoint
Type: null or string
Default
null
turbo.networking.wireguard.tunnels.<name>.peers.*.persistentKeepalive
Value of PersistentKeepalive
0 means persistent keep-alive is disabled.
Type: unsigned integer, meaning >=0
Default
0
turbo.networking.wireguard.tunnels.<name>.peers.*.publicKey
Peer public key
Type: string
turbo.networking.wireguard.tunnels.<name>.privateKey
Our private key
Type: string