pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.zerotierone;
7in
8{
9 options.services.zerotierone.enable = mkEnableOption "ZeroTierOne";
10
11 options.services.zerotierone.joinNetworks = mkOption {
12 default = [];
13 example = [ "a8a2c3c10c1a68de" ];
14 type = types.listOf types.str;
15 description = ''
16 List of ZeroTier Network IDs to join on startup
17 '';
18 };
19
20 options.services.zerotierone.port = mkOption {
21 default = 9993;
22 example = 9993;
23 type = types.int;
24 description = ''
25 Network port used by ZeroTier.
26 '';
27 };
28
29 options.services.zerotierone.package = mkOption {
30 default = pkgs.zerotierone;
31 defaultText = "pkgs.zerotierone";
32 type = types.package;
33 description = ''
34 ZeroTier One package to use.
35 '';
36 };
37
38 config = mkIf cfg.enable {
39 systemd.services.zerotierone = {
40 description = "ZeroTierOne";
41 path = [ cfg.package ];
42 after = [ "network.target" ];
43 wantedBy = [ "multi-user.target" ];
44 preStart = ''
45 mkdir -p /var/lib/zerotier-one/networks.d
46 chmod 700 /var/lib/zerotier-one
47 chown -R root:root /var/lib/zerotier-one
48 '' + (concatMapStrings (netId: ''
49 touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
50 '') cfg.joinNetworks);
51 serviceConfig = {
52 ExecStart = "${cfg.package}/bin/zerotier-one -p${toString cfg.port}";
53 Restart = "always";
54 KillMode = "process";
55 };
56 };
57
58 # ZeroTier does not issue DHCP leases, but some strangers might...
59 networking.dhcpcd.denyInterfaces = [ "zt*" ];
60
61 # ZeroTier receives UDP transmissions
62 networking.firewall.allowedUDPPorts = [ cfg.port ];
63
64 environment.systemPackages = [ cfg.package ];
65 };
66}