mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-10-23 12:00:35 -04:00
3d1079a20d
Previously, systemd.network.links was only respected with networkd enabled, but it's really udev taking care of links, no matter if networkd is enabled or not. With our module fixed, there's no need to manually manage the text file anymore.
83 lines
2 KiB
Nix
83 lines
2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.zerotierone;
|
|
in
|
|
{
|
|
options.services.zerotierone.enable = mkEnableOption "ZeroTierOne";
|
|
|
|
options.services.zerotierone.joinNetworks = mkOption {
|
|
default = [];
|
|
example = [ "a8a2c3c10c1a68de" ];
|
|
type = types.listOf types.str;
|
|
description = ''
|
|
List of ZeroTier Network IDs to join on startup
|
|
'';
|
|
};
|
|
|
|
options.services.zerotierone.port = mkOption {
|
|
default = 9993;
|
|
example = 9993;
|
|
type = types.int;
|
|
description = ''
|
|
Network port used by ZeroTier.
|
|
'';
|
|
};
|
|
|
|
options.services.zerotierone.package = mkOption {
|
|
default = pkgs.zerotierone;
|
|
defaultText = "pkgs.zerotierone";
|
|
type = types.package;
|
|
description = ''
|
|
ZeroTier One package to use.
|
|
'';
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.zerotierone = {
|
|
description = "ZeroTierOne";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
path = [ cfg.package ];
|
|
|
|
preStart = ''
|
|
mkdir -p /var/lib/zerotier-one/networks.d
|
|
chmod 700 /var/lib/zerotier-one
|
|
chown -R root:root /var/lib/zerotier-one
|
|
'' + (concatMapStrings (netId: ''
|
|
touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
|
|
'') cfg.joinNetworks);
|
|
serviceConfig = {
|
|
ExecStart = "${cfg.package}/bin/zerotier-one -p${toString cfg.port}";
|
|
Restart = "always";
|
|
KillMode = "process";
|
|
TimeoutStopSec = 5;
|
|
};
|
|
};
|
|
|
|
# ZeroTier does not issue DHCP leases, but some strangers might...
|
|
networking.dhcpcd.denyInterfaces = [ "zt*" ];
|
|
|
|
# ZeroTier receives UDP transmissions
|
|
networking.firewall.allowedUDPPorts = [ cfg.port ];
|
|
|
|
environment.systemPackages = [ cfg.package ];
|
|
|
|
# Prevent systemd from potentially changing the MAC address
|
|
systemd.network.links."50-zerotier" = {
|
|
matchConfig = {
|
|
OriginalName = "zt*";
|
|
};
|
|
linkConfig = {
|
|
AutoNegotiation = false;
|
|
MACAddressPolicy = "none";
|
|
};
|
|
};
|
|
};
|
|
}
|