Luis/nextjs-python-web-template
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clan.networking.zerotier: fix controller mode

Browse Source
This commit is contained in:
lassulus
2023-09-25 19:03:54 +02:00
parent 0b50e2d29c
commit 2cdc959a77
1 changed files with 82 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
nixosModules/clanCore/zerotier.nix
View File

@@ -1,11 +1,52 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.clan.networking.zerotier; cfg = config.clan.networking.zerotier;
networkConfig = {
authTokens = [
null
];
authorizationEndpoint = "";
capabilities = [ ];
clientId = "";
dns = [ ];
enableBroadcast = true;
id = cfg.networkId;
ipAssignmentPools = [ ];
mtu = 2800;
multicastLimit = 32;
name = "";
uwid = cfg.networkId;
objtype = "network";
private = !cfg.controller.public;
remoteTraceLevel = 0;
remoteTraceTarget = null;
revision = 1;
routes = [ ];
rules = [
{
not = false;
or = false;
type = "ACTION_ACCEPT";
}
];
rulesSource = "";
ssoEnabled = false;
tags = [ ];
v4AssignMode = {
zt = false;
};
v6AssignMode = {
"6plane" = false;
rfc4193 = true;
zt = false;
};
};
in in
{ {
options.clan.networking.zerotier = { options.clan.networking.zerotier = {
networkId = lib.mkOption { networkId = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr lib.types.str;
default = null;
description = '' description = ''
zerotier networking id zerotier networking id
''; '';
@@ -21,7 +62,8 @@ in
}; };
}; };
}; };
config = { config = lib.mkMerge [
(lib.mkIf (cfg.networkId != null) {
systemd.network.networks.zerotier = { systemd.network.networks.zerotier = {
matchConfig.Name = "zt*"; matchConfig.Name = "zt*";
networkConfig = { networkConfig = {
@@ -38,63 +80,29 @@ in
enable = true; enable = true;
joinNetworks = [ cfg.networkId ]; joinNetworks = [ cfg.networkId ];
}; };
} // lib.mkIf cfg.controller.enable { })
(lib.mkIf cfg.controller.enable {
# only the controller needs to have the key in the repo, the other clients can be dynamic # only the controller needs to have the key in the repo, the other clients can be dynamic
# we generate the zerotier code manually for the controller, since it's part of the bootstrap command # we generate the zerotier code manually for the controller, since it's part of the bootstrap command
clanCore.secrets.zerotier = { clanCore.secrets.zerotier = {
facts."network.id" = { }; facts."zerotier.network.id" = { };
secrets."identity.secret" = { }; secrets."zerotier.identity.secret" = { };
generator = '' generator = ''
TMPDIR=$(mktemp -d) TMPDIR=$(mktemp -d)
trap 'rm -rf "$TMPDIR"' EXIT trap 'rm -rf "$TMPDIR"' EXIT
${config.clanCore.clanPkgs.clan-cli}/bin/clan zerotier --outpath "$TMPDIR" ${config.clanCore.clanPkgs.clan-cli}/bin/clan zerotier --outpath "$TMPDIR"
cp "$TMPDIR"/network.id "$facts"/network.id cp "$TMPDIR"/network.id "$facts"/zerotier.network.id
cp "$TMPDIR"/identity.secret "$secrets"/identity.secret cp "$TMPDIR"/identity.secret "$secrets"/zerotier.identity.secret
''; '';
}; };
systemd.tmpfiles.rules = [ systemd.services.zerotierone.serviceConfig.ExecStartPre = [
"L+ /var/lib/zerotierone/controller.d/network/${cfg.networkId}.json - - - - ${pkgs.writeText "net.json" (builtins.toJSON { "+${pkgs.writeShellScript "init_zerotier" ''
authTokens = [ cp /etc/secrets/zerotier.identity.secret /var/lib/zerotier-one/identity.secret
null ln -sfT ${pkgs.writeText "net.json" (builtins.toJSON networkConfig)} /var/lib/zerotier-one/controller.d/network/${cfg.networkId}.json
''}"
]; ];
authorizationEndpoint = ""; })
capabilities = [];
clientId = "";
dns = [];
enableBroadcast = true;
id = cfg.networkId;
ipAssignmentPools = [];
mtu = 2800;
multicastLimit = 32;
name = "";
uwid = cfg.networkId;
objtype = "network";
private = true;
remoteTraceLevel = 0;
remoteTraceTarget = null;
revision = 1;
routes = [];
rules = [
{
not = false;
or = false;
type = "ACTION_ACCEPT";
}
]; ];
rulesSource = "";
ssoEnabled = false;
tags = [];
v4AssignMode = {
zt = false;
};
v6AssignMode = {
"6plane" = false;
rfc4193 = false;
zt = false;
};
})}"
];
};
} }