4e53f84c79
Previously, systemd.network.links was only respected with networkd enabled, but it's really udev taking care of links, no matter if networkd is enabled or not. With our module fixed, there's no need to manually manage the text file anymore. This was originally applied in3d1079a20d
, but was reverted due to1115959a8d
causing evaluation errors on hydra.
82 lines
2 KiB
Nix
82 lines
2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.zerotierone;
|
|
in
|
|
{
|
|
options.services.zerotierone.enable = mkEnableOption "ZeroTierOne";
|
|
|
|
options.services.zerotierone.joinNetworks = mkOption {
|
|
default = [];
|
|
example = [ "a8a2c3c10c1a68de" ];
|
|
type = types.listOf types.str;
|
|
description = ''
|
|
List of ZeroTier Network IDs to join on startup
|
|
'';
|
|
};
|
|
|
|
options.services.zerotierone.port = mkOption {
|
|
default = 9993;
|
|
example = 9993;
|
|
type = types.int;
|
|
description = ''
|
|
Network port used by ZeroTier.
|
|
'';
|
|
};
|
|
|
|
options.services.zerotierone.package = mkOption {
|
|
default = pkgs.zerotierone;
|
|
defaultText = "pkgs.zerotierone";
|
|
type = types.package;
|
|
description = ''
|
|
ZeroTier One package to use.
|
|
'';
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.zerotierone = {
|
|
description = "ZeroTierOne";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
path = [ cfg.package ];
|
|
|
|
preStart = ''
|
|
mkdir -p /var/lib/zerotier-one/networks.d
|
|
chmod 700 /var/lib/zerotier-one
|
|
chown -R root:root /var/lib/zerotier-one
|
|
'' + (concatMapStrings (netId: ''
|
|
touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
|
|
'') cfg.joinNetworks);
|
|
serviceConfig = {
|
|
ExecStart = "${cfg.package}/bin/zerotier-one -p${toString cfg.port}";
|
|
Restart = "always";
|
|
KillMode = "process";
|
|
TimeoutStopSec = 5;
|
|
};
|
|
};
|
|
|
|
# ZeroTier does not issue DHCP leases, but some strangers might...
|
|
networking.dhcpcd.denyInterfaces = [ "zt*" ];
|
|
|
|
# ZeroTier receives UDP transmissions
|
|
networking.firewall.allowedUDPPorts = [ cfg.port ];
|
|
|
|
environment.systemPackages = [ cfg.package ];
|
|
|
|
# Prevent systemd from potentially changing the MAC address
|
|
systemd.network.links."50-zerotier" = {
|
|
matchConfig = {
|
|
OriginalName = "zt*";
|
|
};
|
|
linkConfig = {
|
|
AutoNegotiation = false;
|
|
MACAddressPolicy = "none";
|
|
};
|
|
};
|
|
};
|
|
}
|