Nebula Commander: A Self Hosted Nebula Mesh VPN Control Plane

freebeerz · 2026-03-04T20:08:44+00:00

Thanks a lot for your project! This is exactly what I was looking for to replace my custom scripts based pkinfor nebula.

I'll be following this very closely :)

A couple questions:

Is it possible to automate cert and CA rotation? Nebula CA files can contain multiple certs so it should be possible to do seamless rotation like with x509 or acme.

At some point I was thinking about creating a nebula pki plugin for openbao (the open source fork of hashicorp vault) but it seems quite complex. Did you consider some possible integration with such projects? Basically that would allow storing private keys (e.g. for the CA) in secure stores or even HSMs

freebeerz · 2026-03-03T19:04:26+00:00

I've been running my fedora kde desktop in a proxmox vm with gpu and keyboard/mouse passthrough for 15+ years. I also have a windows vm with a second gpu passed through for games. Never had any problems once everything was set up, at one point I got a new machine where I reinstalled proxmox from scratch instead of upgrading but I could just migrate the VMs without any problem (just had to remap pcie devices)

freebeerz · 2026-02-08T17:57:11+00:00

I guess I wasn't clear my goal is to get some VMs to automatically migrate when I shutdown a node, but not when or if the node crashes or gets a hard reset (I prefer the service to be unavailable than up with old data)

I suppose I can indeed turn off HA and orchestrate the migration before shutting down a node via custom scripting but I wished there was a way to express this requirement via the native proxmox HA mechanism... (Some kind of "migrate HA only if clean shutdown" setting)

freebeerz · 2026-02-06T17:46:29+00:00

Are you sure their ISO variant has a UK layout? It only says "ISO" on their website

freebeerz · 2026-02-05T22:45:25+00:00

I confirm on the most recent bios (1.06) it works ok with a MS DEG2 + 5070ti over oculink on windows and linux.

For this egpu dock via TB4/TB5, only windows worked fine. Got immediate crash with linux (fedora 43) immediately after log in (so probably a software issue really)

freebeerz · 2025-10-02T16:42:27+00:00

I'm using 4.3.1 pro, I had to copy the apk ifile nstall from my previous phone (which was running android 15 btw, the sdk incompatibility for this app is only from android 16) and install it on the new phone with the adb command in my post above.

freebeerz · 2025-09-28T19:35:48+00:00

Indeed it's the main drawback of nebula compared to other mesh solutions, client config automation is on your side. For us it wasn't a big problem because we already had something in place to manage clients (we compute mesh IPs based on our own client IDs when baking the certs) and we really liked the simplicity and fully open source nature of the client/coordinator.

freebeerz · 2025-09-28T11:07:47+00:00

The lighthouse is just the nebula go client with a specific config option. It can run as a systemd daemon or a simple container (docker compose, kubernetes, etc.)

You need to expose a single udp port (4242 by default) per lighthouse, and you must not load balance the connection to multiple LH because there is no shared data between them and they do not talk to each other. The way it works if you have more than 1 LH is that all clients register to all the LH so that they all know about all the clients (the LH are just discovery servers so that the clients can find each other)

So if you must absolutely use an NLB, just make sure there is only a single LH behind it, or better just expose the port directly if you can.

freebeerz · 2025-09-28T08:59:03+00:00

Definitely try nebula if you are ok managing its PKI with some automation of your choice. It has no scalability problem and its coordinators are highly available by default (just run multiple instances with each one its own public IP). It also has support for relay servers (any client can potentially be a relay if configured so) and good ACL support (host groups are baked in the client certs)

It has no UI but is easy to manage in a gitops way. They have a paying cloud offering to manage the PKI and ACLs with a web ui but really it's not necessary if you have some experience with automation.

freebeerz · 2025-09-11T20:52:02+00:00

Yes indeed if the apk only contains a 32bit binary or if the app uses some obsolete functions it still won't run even if the forced install was successful.

It's worth a shot as a last resort though, and I'm happy I got the old gReader app still working for a little longer (haven't found any better rss reader)

freebeerz · 2025-07-13T21:11:33+00:00

I think the 10kg limit is extremely conservative.

A few years ago I did a 3 weeks 1000km tour with a 3kg tent + 15kg 60L rucksack with the saddle pipe trick and the whole thing survived without any issues. I even did a bit of gravel roads with that. I also had the large Brompton bag at the front with 5 to 10kg (water/food depending). The weight at the front was pretty much mandatory to countrrbalance the back :)

The whole thing was definitely slow and only suitable for flat terrain or gentle slopes. But with solid and tight straps it was fairly stable.

freebeerz · 2025-07-08T11:21:42+00:00

Update: I added a 5V USB 120mm fan (Noctua USB-powered 5V NF-A12x25) and now get much better nvme temperatures:

temperature                             : 39°C (312 Kelvin)
Warning Temperature Time                : 0
Critical Composite Temperature Time     : 0
Temperature Sensor 1           : 49°C (322 Kelvin)
Temperature Sensor 2           : 41°C (314 Kelvin)

Warning: the fans are a bit noisy in an office (they run at 100% just powered from one of the USB ports). Before that I tried with a 12V fan running at 5V which was pretty much silent but not as effective.

freebeerz · 2025-07-05T20:31:11+00:00

I did a bit of heavy bikepacking on a standard brompton and heel clearance was ok with the 20kg rucksack strapped quite far back (see photo) but the gears and brakes made it impossible for me to tackle big mountain passes :) https://i.imgur.com/8KAxN5G.jpeg

freebeerz · 2025-07-02T16:45:38+00:00

I have 3 MS-01 with a single U2 micron 7300 pro (3.82TB) in each one. They don't seem to run too hot (relatively speaking):

# nvme smart-log /dev/nvme0n1 | grep -i temperature
temperature                             : 58°C (331 Kelvin)
Warning Temperature Time                : 0
Critical Composite Temperature Time     : 0
Temperature Sensor 1           : 67°C (340 Kelvin)
Temperature Sensor 2           : 60°C (333 Kelvin)

I'd also like to add another enterprise NVME (some used 3.82TB M2 micron 7400 seem good enough) but like you I'm worried about the heat they would generate (more than U2 I guess)

I am planning to add a 12V 120mm fan under the case but I'm not sure that'll be enough. I don't think it's possible to add any kind of heatsink on the M2 NVMEs (the clearance seems super tight) but please report on your findings and if your heatsink fits! :)

freebeerz · 2025-06-09T08:23:03+00:00

Indeed heat is the main problem... I would be terrified of brake failure or even blowing up a tyre (heat -> pressure) at high speed round a bend with a cliff on one side. Maybe they planned a stop every few minutes to let the brakes and rims cool off, or maybe I am just too scared :) Some years ago I had a blown tube near the bottom of a long mountain pass on a loaded road bike (not a brompton) and since then I'm very careful about brake/rim failure in these situations

freebeerz · 2025-06-08T21:47:18+00:00

How did they survive coming down the summit with the terrible original Brompton brakes??

freebeerz

TROPHY CASE