4e53f84c79
Previously, systemd.network.links was only respected with networkd enabled, but it's really udev taking care of links, no matter if networkd is enabled or not. With our module fixed, there's no need to manually manage the text file anymore. This was originally applied in 3d1079a20dafd82fac7ac857e63c91e787f4eaaa, but was reverted due to 1115959a8d4d73ad73341563dc8bbf52230a281e causing evaluation errors on hydra.
83 lines
2.0 KiB
Nix
83 lines
2.0 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.zerotierone;
|
|
in
|
|
{
|
|
options.services.zerotierone.enable = mkEnableOption "ZeroTierOne";
|
|
|
|
options.services.zerotierone.joinNetworks = mkOption {
|
|
default = [];
|
|
example = [ "a8a2c3c10c1a68de" ];
|
|
type = types.listOf types.str;
|
|
description = ''
|
|
List of ZeroTier Network IDs to join on startup
|
|
'';
|
|
};
|
|
|
|
options.services.zerotierone.port = mkOption {
|
|
default = 9993;
|
|
example = 9993;
|
|
type = types.int;
|
|
description = ''
|
|
Network port used by ZeroTier.
|
|
'';
|
|
};
|
|
|
|
options.services.zerotierone.package = mkOption {
|
|
default = pkgs.zerotierone;
|
|
defaultText = "pkgs.zerotierone";
|
|
type = types.package;
|
|
description = ''
|
|
ZeroTier One package to use.
|
|
'';
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.zerotierone = {
|
|
description = "ZeroTierOne";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
path = [ cfg.package ];
|
|
|
|
preStart = ''
|
|
mkdir -p /var/lib/zerotier-one/networks.d
|
|
chmod 700 /var/lib/zerotier-one
|
|
chown -R root:root /var/lib/zerotier-one
|
|
'' + (concatMapStrings (netId: ''
|
|
touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
|
|
'') cfg.joinNetworks);
|
|
serviceConfig = {
|
|
ExecStart = "${cfg.package}/bin/zerotier-one -p${toString cfg.port}";
|
|
Restart = "always";
|
|
KillMode = "process";
|
|
TimeoutStopSec = 5;
|
|
};
|
|
};
|
|
|
|
# ZeroTier does not issue DHCP leases, but some strangers might...
|
|
networking.dhcpcd.denyInterfaces = [ "zt*" ];
|
|
|
|
# ZeroTier receives UDP transmissions
|
|
networking.firewall.allowedUDPPorts = [ cfg.port ];
|
|
|
|
environment.systemPackages = [ cfg.package ];
|
|
|
|
# Prevent systemd from potentially changing the MAC address
|
|
systemd.network.links."50-zerotier" = {
|
|
matchConfig = {
|
|
OriginalName = "zt*";
|
|
};
|
|
linkConfig = {
|
|
AutoNegotiation = false;
|
|
MACAddressPolicy = "none";
|
|
};
|
|
};
|
|
};
|
|
}
|