Skip to content

mycelium 🔹

End-2-end encrypted IPv6 overlay network

Categories

System
Network

Mycelium is an IPv6 overlay network written in Rust. Each node that joins the overlay network will receive an overlay network IP in the 400::/7 range.

Features: - Mycelium, is locality aware, it will look for the shortest path between nodes - All traffic between the nodes is end-2-end encrypted - Traffic can be routed over nodes of friends, location aware - If a physical link goes down Mycelium will automatically reroute your traffic - The IP address is IPV6 and linked to private key - A simple reliable messagebus is implemented on top of Mycelium - Mycelium has multiple ways how to communicate quic, tcp, ... and we are working on holepunching for Quick which means P2P traffic without middlemen for NATted networks e.g. most homes - Scalability is very important for us, we tried many overlay networks before and got stuck on all of them, we are trying to design a network which scales to a planetary level - You can run mycelium without TUN and only use it as reliable message bus.

An example configuration might look like this in the inventory: 

mycelium.default = {
  roles.peer.machines = [
    "berlin"
    "munich"
  ];
  config = {
    topLevelDomain = "m";
    openFirewall = true;
    addHostedPublicNodes = true;
  };
};

This will add the machines named berlin and munich to the mycelium vpn. And will also set the toplevel domain of the mycelium vpn to m, meaning the machines are now reachable via berlin.m and munich.m.

Usage via Inventory

Roles

This module can be used via predefined roles

- `peer`

Every role has its own configuration options. Which are each listed below.

For more information, see the inventory guide.

Example

For example the admin module adds the following options globally to all machines where it is used.

clan.admin.allowedkeys

This means there are two equivalent ways to set the allowedkeys option. Either via a nixos module or via the inventory interface. But it is recommended to keep together imports and config to preserve locality of the module configuration.

clan-core.lib.buildClan {
    inventory.services = {
        admin.me = {
            roles.default.machines = [ "jon" ];
            config.allowedkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD..." ];
        };
    };
};

clan-core.lib.buildClan {
    machines = {
        jon = {
            clan.admin.allowedkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD..." ];
            imports = [ clanModules.admin ];
        };
    };
};

Options of peer role

The following options are available when using the peer role.

addHostedPublicNodes

Whether to enable Add hosted Public nodes.

Type: boolean

Default:

false
Example 
true

peer.nix

addHosts

Add mycelium ip's to the host file

Type: unspecified value

Default:

true

peer.nix

openFirewall

Whether to enable Open the firewall for mycelium.

Type: boolean

Default:

false
Example 
true

peer.nix

topLevelDomain

Top level domain to reach hosts

Type: string

Default:

""

peer.nix

Usage via Nix

This module cannot be imported directly in your nixos configuration.