yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
d25cace5224c11e188c20c7eafbc99bfda71341c
clan-core/clanModules/zerotier-static-peers/default.nix
hsjobeki 341f444fa0 revert bd3861c580 
revert Merge pull request 'Remove clanModules/*' (#4202) from remove-modules into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4202

See: https://git.clan.lol/clan/clan-core/issues/4365

Not all modules are migrated.
If they are not migrated, we need to write migration docs and please display the link to the migration docs
2025-07-15 17:51:36 +00:00

82 lines
3.2 KiB
Nix
Raw Blame History

{
lib,
config,
pkgs,
...
}:
let
dir = config.clan.core.settings.directory;
machineDir = "${dir}/vars/per-machine";
# TODO: This should use the inventory
# However we are probably going to replace this with the network module.
machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
networkIdsUnchecked = builtins.map (
machine:
let
fullPath = "${machineDir}/vars/per-machine/${machine}/zerotier/zerotier-network-id/value";
in
if builtins.pathExists fullPath then builtins.readFile fullPath else null
) machines;
networkIds = lib.filter (machine: machine != null) networkIdsUnchecked;
networkId = if builtins.length networkIds == 0 then null else builtins.elemAt networkIds 0;
in
#TODO:trace on multiple found network-ids
#TODO:trace on no single found networkId
{
options.clan.zerotier-static-peers = {
excludeHosts = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ config.clan.core.settings.machine.name ];
defaultText = lib.literalExpression "[ config.clan.core.settings.machine.name ]";
description = "Hosts that should be excluded";
};
networkIps = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Extra zerotier network Ips that should be accepted";
};
networkIds = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Extra zerotier network Ids that should be accepted";
};
};
config.systemd.services.zerotier-static-peers-autoaccept =
let
zerotierIpFor = machine: "${machineDir}/vars/per-machine/${machine}/zerotier/zerotier-ip/value";
networkIpsUnchecked = builtins.map (
machine: if builtins.pathExists (zerotierIpFor machine) then machine else null
) machines;
networkIps = lib.filter (machine: machine != null) networkIpsUnchecked;
machinesWithIp = lib.filterAttrs (name: _: (lib.elem name networkIps)) machinesFileSet;
filteredMachines = lib.filterAttrs (
name: _: !(lib.elem name config.clan.zerotier-static-peers.excludeHosts)
) machinesWithIp;
hosts = lib.mapAttrsToList (host: _: host) (
lib.mapAttrs' (
machine: _: lib.nameValuePair (builtins.readFile (zerotierIpFor machine)) [ machine ]
) filteredMachines
);
allHostIPs = config.clan.zerotier-static-peers.networkIps ++ hosts;
in
lib.mkIf (config.clan.core.networking.zerotier.controller.enable) {
wantedBy = [ "multi-user.target" ];
after = [ "zerotierone.service" ];
path = [ config.clan.core.clanPkgs.zerotierone ];
serviceConfig.ExecStart = pkgs.writeScript "static-zerotier-peers-autoaccept" ''
#!/bin/sh
${lib.concatMapStringsSep "\n" (host: ''
${config.clan.core.clanPkgs.zerotier-members}/bin/zerotier-members allow --member-ip ${host}
'') allHostIPs}
${lib.concatMapStringsSep "\n" (host: ''
${config.clan.core.clanPkgs.zerotier-members}/bin/zerotier-members allow ${host}
'') config.clan.zerotier-static-peers.networkIds}
'';
};
config.clan.core.networking.zerotier.networkId = lib.mkDefault networkId;
}
Reference in New Issue View Git Blame Copy Permalink