- Use DNS domain for lighthouse discovery (works with HAProxy/Keepalived)
- All nodes are lighthouses by default for full redundancy
- Remove static_host_map complexity - DNS handles everything
- Ask for lighthouse domain during setup
- Allow disabling lighthouse mode for remote/edge nodes
- Simplified cluster secret: domain:port:ca_cert
This allows using existing HA infrastructure (DNS pointing to alive nodes)
instead of complex IP tracking and manual updates.
- Switch from WireGuard point-to-point to Nebula overlay network
- Certificate-based trust with single CA for cluster authentication
- True mesh networking - all nodes can communicate directly
- Simplified joining process with lighthouse-based discovery
- Network range: 192.168.100.0/24 (lighthouse at .1)
- Auto-downloads and installs Nebula binaries
- Maintains GlusterFS replication across mesh nodes
Note: Certificate distribution requires manual step for security
Change from /32 single-IP restrictions to full network range for all peers.
This enables proper all-to-all mesh communication while maintaining
security through preshared keys.
- New cluster-setup.sh script for creating/joining distributed storage clusters
- Interactive menu: create new cluster or join existing
- WireGuard mesh networking with automatic IP allocation
- GlusterFS with full replication across all nodes
- Single-node start capability, scales up as nodes join
- Storage mounted at /data/storage/ with automatic firewall config
- Simple wget installer for post-nullpoint-install usage