pyrox.dev
zerotier module: add option to join networks and open port
+18
-4
nixos/modules/services/networking/zerotierone.nix
+18
-4
nixos/modules/services/networking/zerotierone.nix
···
7
7
in
8
8
{
9
9
options.services.zerotierone.enable = mkEnableOption "ZeroTierOne";
10
+
11
+
options.services.zerotierone.joinNetworks = mkOption {
12
+
default = [];
13
+
example = [ "a8a2c3c10c1a68de" ];
14
+
type = types.listOf types.str;
15
+
description = ''
16
+
List of ZeroTier Network IDs to join on startup
17
+
'';
18
+
};
19
+
10
20
options.services.zerotierone.package = mkOption {
11
21
default = pkgs.zerotierone;
12
22
defaultText = "pkgs.zerotierone";
···
22
32
path = [ cfg.package ];
23
33
after = [ "network.target" ];
24
34
wantedBy = [ "multi-user.target" ];
25
-
preStart =
26
-
''
27
-
mkdir -p /var/lib/zerotier-one
35
+
preStart = ''
36
+
mkdir -p /var/lib/zerotier-one/networks.d
28
37
chmod 700 /var/lib/zerotier-one
29
38
chown -R root:root /var/lib/zerotier-one
30
-
'';
39
+
'' + (concatMapStrings (netId: ''
40
+
touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
41
+
'') cfg.joinNetworks);
31
42
serviceConfig = {
32
43
ExecStart = "${cfg.package}/bin/zerotier-one";
33
44
Restart = "always";
···
37
48
38
49
# ZeroTier does not issue DHCP leases, but some strangers might...
39
50
networking.dhcpcd.denyInterfaces = [ "zt0" ];
51
+
52
+
# ZeroTier receives UDP transmissions on port 9993 by default
53
+
networking.firewall.allowedUDPPorts = [ 9993 ];
40
54
41
55
environment.systemPackages = [ cfg.package ];
42
56
};