nixos/modules/services/networking/zeronsd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / zeronsd.nix
at 25.11-pre 3.3 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7
  8let
  9  cfg = config.services.zeronsd;
 10  settingsFormat = pkgs.formats.json { };
 11in
 12{
 13  options.services.zeronsd.servedNetworks = lib.mkOption {
 14    default = { };
 15    example = {
 16      "a8a2c3c10c1a68de".settings.token = "/var/lib/zeronsd/apitoken";
 17    };
 18    description = "ZeroTier Networks to start zeronsd instances for.";
 19    type = lib.types.attrsOf (
 20      lib.types.submodule {
 21        options = {
 22          package = lib.mkPackageOption pkgs "zeronsd" { };
 23
 24          settings = lib.mkOption {
 25            description = "Settings for zeronsd";
 26            default = { };
 27            type = lib.types.submodule {
 28              freeformType = settingsFormat.type;
 29
 30              options = {
 31                domain = lib.mkOption {
 32                  default = "home.arpa";
 33                  type = lib.types.singleLineStr;
 34                  description = "Domain under which ZeroTier records will be available.";
 35                };
 36
 37                token = lib.mkOption {
 38                  type = lib.types.path;
 39                  description = "Path to a file containing the API Token for ZeroTier Central.";
 40                };
 41
 42                log_level = lib.mkOption {
 43                  default = "warn";
 44                  type = lib.types.enum [
 45                    "off"
 46                    "error"
 47                    "warn"
 48                    "info"
 49                    "debug"
 50                    "trace"
 51                  ];
 52                  description = "Log Level.";
 53                };
 54
 55                wildcard = lib.mkOption {
 56                  default = false;
 57                  type = lib.types.bool;
 58                  description = "Whether to serve a wildcard record for ZeroTier Nodes.";
 59                };
 60              };
 61            };
 62          };
 63        };
 64      }
 65    );
 66  };
 67
 68  config = lib.mkIf (cfg.servedNetworks != { }) {
 69    assertions = [
 70      {
 71        assertion = config.services.zerotierone.enable;
 72        message = "zeronsd needs a configured zerotier-one";
 73      }
 74    ];
 75
 76    systemd.services = lib.mapAttrs' (netname: netcfg: {
 77      name = "zeronsd-${netname}";
 78      value = {
 79        description = "ZeroTier DNS server for Network ${netname}";
 80
 81        wantedBy = [ "multi-user.target" ];
 82        after = [
 83          "network.target"
 84          "zerotierone.service"
 85        ];
 86        wants = [ "network-online.target" ];
 87
 88        serviceConfig =
 89          let
 90            configFile = pkgs.writeText "zeronsd.json" (builtins.toJSON netcfg.settings);
 91          in
 92          {
 93            ExecStart = "${netcfg.package}/bin/zeronsd start --config ${configFile} --config-type json ${netname}";
 94            Restart = "on-failure";
 95            RestartSec = 2;
 96            TimeoutStopSec = 5;
 97            User = "zeronsd";
 98            Group = "zeronsd";
 99            AmbientCapabilities = "CAP_NET_BIND_SERVICE";
100          };
101      };
102    }) cfg.servedNetworks;
103
104    systemd.tmpfiles.rules = [
105      "a+ /var/lib/zerotier-one - - - - u:zeronsd:x"
106      "a+ /var/lib/zerotier-one/authtoken.secret - - - - mask::r,u:zeronsd:r"
107    ];
108
109    users.users.zeronsd = {
110      group = "zeronsd";
111      description = "Service user for running zeronsd";
112      isSystemUser = true;
113    };
114
115    users.groups.zeronsd = { };
116  };
117}