{"id":30010296,"url":"https://github.com/jordanhillis/nebula-manager","last_synced_at":"2026-05-18T09:37:00.771Z","repository":{"id":308165186,"uuid":"1031852170","full_name":"jordanhillis/nebula-manager","owner":"jordanhillis","description":"Unified CLI tool to manage and maintain multiple Nebula VPN servers with ease.","archived":false,"fork":false,"pushed_at":"2025-12-30T14:24:38.000Z","size":272,"stargazers_count":16,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-03T07:46:56.095Z","etag":null,"topics":["cli-tool","linux","mesh-networks","nebula","slack","slack-nebula","vpn"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jordanhillis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-08-04T12:32:45.000Z","updated_at":"2025-12-30T14:19:17.000Z","dependencies_parsed_at":"2025-08-04T17:08:41.871Z","dependency_job_id":null,"html_url":"https://github.com/jordanhillis/nebula-manager","commit_stats":null,"previous_names":["jordanhillis/nebula-manager"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/jordanhillis/nebula-manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jordanhillis%2Fnebula-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jordanhillis%2Fnebula-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jordanhillis%2Fnebula-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jordanhillis%2Fnebula-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jordanhillis","download_url":"https://codeload.github.com/jordanhillis/nebula-manager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jordanhillis%2Fnebula-manager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33172800,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T09:27:30.708Z","status":"ssl_error","status_checked_at":"2026-05-18T09:27:28.300Z","response_time":71,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli-tool","linux","mesh-networks","nebula","slack","slack-nebula","vpn"],"created_at":"2025-08-05T11:46:25.021Z","updated_at":"2026-05-18T09:37:00.766Z","avatar_url":"https://github.com/jordanhillis.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003ca href=\"https://github.com/jordanhillis/nebula-manager/\"\u003e\u003cimg src=\"resources/img/banner-web.png\" alt=\"Nebula Manager\"\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"/LICENSE\"\u003e\u003cimg alt=\"License: MIT\" src=\"https://img.shields.io/badge/license-MIT-green.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.gnu.org/software/bash/\"\u003e\u003cimg alt=\"Shell: Bash\" src=\"https://img.shields.io/badge/language-bash-blue.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://kernel.org/\"\u003e\u003cimg alt=\"Platform: Linux\" src=\"https://img.shields.io/badge/platform-Linux-informational?style=flat-square\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/slackhq/nebula\"\u003e\u003cimg alt=\"Nebula\" src=\"https://img.shields.io/badge/nebula-supported-brightgreen\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/jordanhillis/nebula-manager/commits\"\u003e\u003cimg alt=\"Last Commit\" src=\"https://img.shields.io/github/last-commit/jordanhillis/nebula-manager\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/jordanhillis/nebula-manager/releases\"\u003e\u003cimg alt=\"Latest Release\" src=\"https://img.shields.io/github/v/release/jordanhillis/nebula-manager?sort=semver\u0026display_name=tag\u0026style=flat-square\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003eA fast, interactive CLI tool to **install, configure, and operate** [Slack Nebula](https://github.com/slackhq/nebula) β€” wrapping certs, firewall policy, service control, connectivity checks, and scheduled updates into one easy-to-use tool.\n\n---\n\n## βš™οΈ Features\n\n- πŸš€ **Install \u0026 Update Nebula** from official releases (arch/OS aware).\n- πŸ›‘ **Certificate management** – list, generate, view, remove, check expiry, and **revoke with reasons**.\n- πŸ“ **Configuration management** – interactively edit `config.yml` with validation to prevent bad deploys.\n- πŸ”₯ **Firewall management** – control inbound/outbound rules, defaults, and conntrack settings.\n- πŸ“‘ **Connectivity tools** – multi-node reachability \u0026 latency table; optional `iperf3` bandwidth checks.\n- πŸ“‹ **Service orchestration** – manage all enabled servers, with per-server status. \n- βͺ **Update Nebula with rollback** if download or config validation fails. \n- ⏰ **Auto-update scheduler** – via cron (`nebula-manager --auto-update-nebula`). \n- πŸ†• **First-run setup** – auto-downloads and installs a config template if none exists. \n- βš™οΈ **Config-driven multi-server management** via `nebula-manager.conf`. \n\n---\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cb\u003eπŸ‘€ Preview (click to expand)\u003c/b\u003e\u003c/summary\u003e\n\n \u003cp align=\"center\"\u003e\n \u003ca href=\"resources/img/server-selection.png\"\u003e\u003cimg src=\"resources/img/server-selection.png\" alt=\"Server selection\" width=\"300\" loading=\"lazy\"\u003e\u003c/a\u003e\n \u003ca href=\"resources/img/main-menu.png\"\u003e\u003cimg src=\"resources/img/main-menu.png\" alt=\"Main menu\" width=\"300\" loading=\"lazy\"\u003e\u003c/a\u003e\n \u003ca href=\"resources/img/connectivity-menu.png\"\u003e\u003cimg src=\"resources/img/connectivity-menu.png\" alt=\"Connectivity menu\" width=\"300\" loading=\"lazy\"\u003e\u003c/a\u003e\n \u003cbr/\u003e\n \u003ca href=\"resources/img/cert-menu.png\"\u003e\u003cimg src=\"resources/img/cert-menu.png\" alt=\"Certificates menu\" width=\"300\" loading=\"lazy\"\u003e\u003c/a\u003e\n \u003ca href=\"resources/img/config-menu.png\"\u003e\u003cimg src=\"resources/img/config-menu.png\" alt=\"Config menu\" width=\"300\" loading=\"lazy\"\u003e\u003c/a\u003e\n \u003ca href=\"resources/img/maintenance-menu.png\"\u003e\u003cimg src=\"resources/img/maintenance-menu.png\" alt=\"Maintenance menu\" width=\"300\" loading=\"lazy\"\u003e\u003c/a\u003e\n \u003c/p\u003e\n\u003c/details\u003e\n\n---\n\n## πŸ“₯ Installation\n\nYou can run `nebula-manager` either directly from the downloaded script or install it system-wide.\n\n### πŸ”Ή Option 1: Run directly (no install)\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/jordanhillis/nebula-manager/refs/heads/main/nebula-manager.sh -o nebula-manager.sh\nchmod +x nebula-manager.sh\n```\n\nThen run it with:\n\n```bash\nsudo ./nebula-manager\n```\n\n---\n\n### πŸ”Ή Option 2: Install system-wide (/usr/local/bin)\n\n```bash\nsudo curl -fsSL https://raw.githubusercontent.com/jordanhillis/nebula-manager/refs/heads/main/nebula-manager.sh -o /usr/local/bin/nebula-manager\nsudo chmod +x /usr/local/bin/nebula-manager\n```\n\nThen use it from anywhere with:\n\n```bash\nsudo nebula-manager\n```\n\n---\n\n## πŸ“¦ Dependencies\n\nNebula Manager will check for and optionally install all required tools on the first run. \nYou can skip this check by setting `ignore_dependency_check` in `nebula-manager.conf`, but it is **recommended** to ensure these are installed: \n\n**Required**: `curl`, `wget`, `tar`, `jq`, `yq`, `systemd` (`systemctl`), `iputils-ping` \n**Optional**: `iperf3` (for bandwidth tests)\n\n---\n\n### Install All Dependencies\n\n**\u003cimg src=\"https://img.shields.io/badge/Debian-A81D33?logo=debian\u0026logoColor=white\" alt=\"Debian\" height=\"20\"/\u003e / \u003cimg src=\"https://img.shields.io/badge/Ubuntu-E95420?logo=ubuntu\u0026logoColor=white\" alt=\"Ubuntu\" height=\"20\"/\u003e** \n```bash\nsudo apt update\nsudo apt install -y awk curl findutils grep jq sed sudo systemd tar wget yq coreutils iperf3 iputils-ping\n```\n\u003cimg src=\"https://img.shields.io/badge/RHEL-EE0000?logo=redhat\u0026logoColor=white\" alt=\"RHEL\" height=\"20\"/\u003e / \u003cimg src=\"https://img.shields.io/badge/CentOS-262577?logo=centos\u0026logoColor=white\" alt=\"CentOS\" height=\"20\"/\u003e / \u003cimg src=\"https://img.shields.io/badge/Rocky%20Linux-10B981?logo=rockylinux\u0026logoColor=white\" alt=\"Rocky Linux\" height=\"20\"/\u003e / \u003cimg src=\"https://img.shields.io/badge/AlmaLinux-3D348B?logo=almalinux\u0026logoColor=white\" alt=\"AlmaLinux\" height=\"20\"/\u003e\n```bash\nsudo dnf install -y curl findutils grep jq sed sudo systemd tar wget yq coreutils iperf3 iputils\n```\n(On RHEL-like systems, iputils provides ping.)\n\n---\n\n## 🧩 Configuration: `nebula-manager.conf`\n\nNebula Manager reads an **INI‑style** config (with sections) located by default at:\n\n```\n/etc/nebula/nebula-manager.conf\n```\n\nNebula Manager can run without a pre-existing config file β€” if none is found, it automatically downloads the template from this repository and saves it to the path specified by the `--config` option or the `SERVER_CONF` variable in the script.\n\nYou can change the default **in the script** by editing `SERVER_CONF`, or **without editing the script** by passing a flag:\n\n```\n./nebula-manager.sh --config=/path/to/nebula-manager.conf\n\nor \n\nnebula-manager --config=/path/to/nebula-manager.conf\n```\n\n### File Format\n\n- Comments use `#` (inline comments supported).\n- Sections use `[global]` and `[server.\u003cname\u003e]`.\n- Keys are `key=value`.\n\n#### `[global]` keys\n\n| Key | Description | Default |\n|---|---|---|\n| `bin_path` | Directory containing `nebula` and where Nebula Manager may install itself. | `/usr/local/bin` |\n| `cert_folder` | Relative folder under each server’s Nebula dir to store certs. | `certs` |\n| `use_color` | Enable colored output. | `true` |\n| `use_icons` | Enable UI icons/symbols. | `true` |\n| `disable_version_check` | Skip script version checks. | `false` |\n| `ignore_dependency_check` | Skip dependency verification. | `false` |\n| `ignore_nebula_update` | Don’t prompt about Nebula updates. | `false` |\n\n#### `[server.\u003cname\u003e]` keys\n\nEach **enabled** server becomes targetable for operations\n\n| Key | Description |\n|---|---|\n| `dir` | Nebula working dir for this server (e.g., `/etc/nebula/my-edge`). |\n| `service` | systemd unit file path for this server (e.g., `/etc/systemd/system/nebula@service`). |\n| `enabled` | `true` to include this server in batch operations (restart, checks). |\n\n### Example `nebula-manager.conf`\n\n```ini\n[global]\nbin_path=/usr/local/bin\ncert_folder=certs\nuse_color=true\nuse_icons=true\ndisable_version_check=false\nignore_dependency_check=false\nignore_nebula_update=false\n\n[server.edge-1]\ndir=/etc/nebula/edge-1\nservice=/etc/systemd/system/nebula-edge1.service\nenabled=true\n\n[server.lighthouse]\ndir=/etc/nebula/lighthouse\nservice=/etc/systemd/system/nebula-lighthouse.service\nenabled=true\n\n[server.lab]\ndir=/etc/nebula/lab\nservice=/etc/systemd/system/nebula-lab.service\nenabled=false\n```\n\n---\n\n## βž• Adding \u0026 βž– Removing Servers\n\n**Add a server** by appending a new section to `nebula-manager.conf`:\n\n```ini\n[server.edge-2]\ndir=/etc/nebula/edge-2\nservice=/etc/systemd/system/nebula-edge2.service\nenabled=true\n```\n\n- Ensure the referenced **Nebula dir** contains a valid `config.yml` (the script will download a template one if it doesn't exist).\n- Ensure the **systemd unit** exists and points to that config (the script will download a template one if it doesn't exist).\n\n**Disable or remove** a server:\n\n- Set `enabled=false` to temporarily exclude it from batch operations, **or**\n- Delete the `[server.\u003cname\u003e]` section to remove it entirely.\n\n---\n\n## πŸ› οΈ Usage\n\n### Menu-driven operations\n\nRun the tool and use the TUI to:\n\n- Manage services (start/stop).\n- Edit and **validate** `config.yml` safely.\n- Add/remove firewall rules; adjust defaults/conntrack.\n- Manage certificates (list/issue/revoke with reasons).\n- Check node connectivity \u0026 latency; optionally run `iperf3` tests.\n- Update Nebula with rollback if something fails.\n\n---\n\n## πŸ“‘ CLI Flags (selection)\n\n- `--config=/path/to/nebula-manager.conf` – override config location (no script edits).\n- `--auto-update-nebula` – check GitHub for latest Nebula and update if newer.\n- `--version` – print script version.\n\n\u003e Many capabilities are menu‑driven. For consistency, prefer the menu unless you have a dedicated automation need.\n\n---\n\n## πŸ“š Official Nebula resources\n\nIf you’re new to Nebula or want the canonical details, start here:\n\n- **Nebula Docs (home):** https://nebula.defined.net/docs/\n- **Quick Start:** https://nebula.defined.net/docs/guides/quick-start/\n- **Configuration Reference (all keys):** https://nebula.defined.net/docs/config/\n- **`static_host_map` explainer:** https://nebula.defined.net/docs/config/static-host-map/\n- **Example `config.yml`:** https://raw.githubusercontent.com/slackhq/nebula/master/examples/config.yml\n- **Guides (how-tos):** https://nebula.defined.net/docs/guides/\n- **Releases (downloads):** https://github.com/slackhq/nebula/releases\n- **GitHub repo / Issues / Discussions:** https://github.com/slackhq/nebula\n\n---\n\n## ❓ FAQ\n\nLooking for more answers?\n\nπŸ‘‰ Check out the [Full FAQ on GitHub Wiki Β»](https://github.com/jordanhillis/nebula-manager/wiki/FAQ)\n\n---\n\n## πŸ”’ Security Notes\n- Always review the script before running it, especially when installing as root.\n- Keep backups of your `config.yml` and certificates before making changes.\n- Only run Nebula Manager on trusted systems β€” it manages cryptographic keys.\n\n---\n\n## πŸ“„ License\n\n[MIT](/LICENSE) β€” free to use, modify, and distribute.\n\n---\n\n## 🀝 Contributing\nPull requests are welcome. For major changes, open an issue first to discuss what you’d like to change.\n\n---\n\n## 🧠 Author\n\nCreated by [Jordan Hillis](https://github.com/jordanhillis). Contributions welcome!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjordanhillis%2Fnebula-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjordanhillis%2Fnebula-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjordanhillis%2Fnebula-manager/lists"}