From e2f8266390704b07bd383e3a6fdcbd8cbfaf17a4 Mon Sep 17 00:00:00 2001
From: a-kenji <aks.kenji@protonmail.com>
Date: Thu, 5 Jun 2025 17:50:59 +0200
Subject: [PATCH] zerotier: Allow the controller to accept external Ips

Allow the controller to accept external zerotier Ips into the network
through declarative settings.

Closes:	#3787
---
 clanServices/zerotier/default.nix | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/clanServices/zerotier/default.nix b/clanServices/zerotier/default.nix
index aa1c42dfe..76806fdef 100644
--- a/clanServices/zerotier/default.nix
+++ b/clanServices/zerotier/default.nix
@@ -84,10 +84,26 @@
   };
 
   roles.controller = {
+    interface =
+      { lib, ... }:
+      {
+        options.allowedIps = lib.mkOption {
+          type = lib.types.listOf lib.types.str;
+          description = ''
+            Extra machines by their zerotier ip that the zerotier controller
+            should accept. These could be external machines.
+          '';
+          example = ''
+            [ "fd5d:bbe3:cbc5:fe6b:f699:935d:bbe3:cbc5" ]
+          '';
+        };
+      };
+
     perInstance =
       {
         instanceName,
         roles,
+        settings,
         ...
       }:
       {
@@ -133,7 +149,7 @@
                     else
                       ips
                   ) [ ] machines;
-                  allHostIPs = networkIps;
+                  allHostIPs = settings.allowedIps ++ networkIps;
                 in
                 {
                   wantedBy = [ "multi-user.target" ];