nixos/modules/services/networking/zerotierone.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / zerotierone.nix
at 23.11-pre 2.1 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.zerotierone;
 7in
 8{
 9  options.services.zerotierone.enable = mkEnableOption (lib.mdDoc "ZeroTierOne");
10
11  options.services.zerotierone.joinNetworks = mkOption {
12    default = [];
13    example = [ "a8a2c3c10c1a68de" ];
14    type = types.listOf types.str;
15    description = lib.mdDoc ''
16      List of ZeroTier Network IDs to join on startup
17    '';
18  };
19
20  options.services.zerotierone.port = mkOption {
21    default = 9993;
22    type = types.port;
23    description = lib.mdDoc ''
24      Network port used by ZeroTier.
25    '';
26  };
27
28  options.services.zerotierone.package = mkOption {
29    default = pkgs.zerotierone;
30    defaultText = literalExpression "pkgs.zerotierone";
31    type = types.package;
32    description = lib.mdDoc ''
33      ZeroTier One package to use.
34    '';
35  };
36
37  config = mkIf cfg.enable {
38    systemd.services.zerotierone = {
39      description = "ZeroTierOne";
40
41      wantedBy = [ "multi-user.target" ];
42      after = [ "network.target" ];
43      wants = [ "network-online.target" ];
44
45      path = [ cfg.package ];
46
47      preStart = ''
48        mkdir -p /var/lib/zerotier-one/networks.d
49        chmod 700 /var/lib/zerotier-one
50        chown -R root:root /var/lib/zerotier-one
51      '' + (concatMapStrings (netId: ''
52        touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
53      '') cfg.joinNetworks);
54      serviceConfig = {
55        ExecStart = "${cfg.package}/bin/zerotier-one -p${toString cfg.port}";
56        Restart = "always";
57        KillMode = "process";
58        TimeoutStopSec = 5;
59      };
60    };
61
62    # ZeroTier does not issue DHCP leases, but some strangers might...
63    networking.dhcpcd.denyInterfaces = [ "zt*" ];
64
65    # ZeroTier receives UDP transmissions
66    networking.firewall.allowedUDPPorts = [ cfg.port ];
67
68    environment.systemPackages = [ cfg.package ];
69
70    # Prevent systemd from potentially changing the MAC address
71    systemd.network.links."50-zerotier" = {
72      matchConfig = {
73        OriginalName = "zt*";
74      };
75      linkConfig = {
76        AutoNegotiation = false;
77        MACAddressPolicy = "none";
78      };
79    };
80  };
81}