yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

zerotier: add support for moons

Browse Source
This commit is contained in:
Jörg Thalheim
2024-01-12 17:33:27 +01:00
parent c65f1237fd
commit 5e0e4a9a32
2 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
nixosModules/clanCore/zerotier/default.nix
View File

@@ -2,6 +2,10 @@
let
cfg = config.clan.networking.zerotier;
facts = config.clanCore.secrets.zerotier.facts or { };
genMoonScript = pkgs.runCommand "genmoon" { nativeBuildInputs = [ pkgs.python3 ]; } ''
install -Dm755 ${./genmoon.py} $out/bin/genmoon
patchShebangs $out/bin/genmoon
'';
networkConfig = {
authTokens = [
null
@@ -59,6 +63,17 @@ in
zerotier network name
'';
};
moon = {
stableEndpoints = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = ''
Make this machine a moon.
Other machines can join this moon by adding this moon in their config.
It will be reachable under the given stable endpoints.
'';
};
};
subnet = lib.mkOption {
type = lib.types.nullOr lib.types.str;
readOnly = true;
@@ -120,11 +135,18 @@ in
systemd.services.zerotierone.serviceConfig.ExecStartPre = [
"+${pkgs.writeShellScript "init-zerotier" ''
cp ${config.clanCore.secrets.zerotier.secrets.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret
zerotier-idtool getpublic /var/lib/zerotier-one/identity.secret > /var/lib/zerotier-one/identity.public
${lib.optionalString (cfg.controller.enable) ''
mkdir -p /var/lib/zerotier-one/controller.d/network
ln -sfT ${pkgs.writeText "net.json" (builtins.toJSON networkConfig)} /var/lib/zerotier-one/controller.d/network/${cfg.networkId}.json
''}
${lib.optionalString (cfg.moon.stableEndpoints != []) ''
if [[ ! -f /var/lib/zerotier-one/moon.json ]]; then
zerotier-idtool initmoon /var/lib/zerotier-one/identity.public > /var/lib/zerotier-one/moon.json
fi
${genMoonScript}/bin/genmoon /var/lib/zerotier-one/moon.json ${builtins.toFile "moon.json" (builtins.toJSON cfg.moon.stableEndpoints)} /var/lib/zerotier-one/moons.d
''}
# cleanup old networks
if [[ -d /var/lib/zerotier-one/networks.d ]]; then