infra/nix/os/snippets/holo-zerotier.nix

{ config, lib, ... }:
let
  cfg = config.steveej.holo-zerotier;
in
{
  options.steveej.holo-zerotier = {
    enable = lib.mkEnableOption "Enable holo-zerotier";
    autostart = lib.mkOption { default = false; };
  };

  config = {
    nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ];

    services.zerotierone = {
      inherit (cfg) enable;
      joinNetworks = [
        # moved to the service below as it's now secret
      ];
    };

    systemd.services.zerotierone.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce [ ]);

    systemd.services.zerotieroneSecretNetworks = {
      inherit (cfg) enable;
      requiredBy = [ "zerotierone.service" ];
      partOf = [ "zerotierone.service" ];

      serviceConfig.Type = "oneshot";
      serviceConfig.RemainAfterExit = true;

      script =
        let
          secret = config.sops.secrets.zerotieroneNetworks;
        in
        ''
          # include the secret's hash to trigger a restart on change
          # ${builtins.hashString "sha256" (builtins.toJSON secret)}

          ${config.systemd.services.zerotierone.preStart}

          rm -rf /var/lib/zerotier-one/networks.d/*.conf
          for network in `grep -v '#' ${secret.path}`; do
            touch /var/lib/zerotier-one/networks.d/''${network}.conf
          done
        '';
    };

    sops.secrets.zerotieroneNetworks = {
      sopsFile = ../../../secrets/work-holo/zerotierone.txt;
      format = "binary";
    };
  };
}
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`{ config, lib, ... }:`
			`let`
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00			`cfg = config.steveej.holo-zerotier;`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`in`
			`{`
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00			`options.steveej.holo-zerotier = {`
			`enable = lib.mkEnableOption "Enable holo-zerotier";`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`autostart = lib.mkOption { default = false; };`
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00			`};`

			`config = {`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ];`
feat(sj-bm-hostkey0): add zerotier 2024-04-18 17:28:17 +02:00
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00			`services.zerotierone = {`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`inherit (cfg) enable;`
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00			`joinNetworks = [`
			`# moved to the service below as it's now secret`
			`];`
			`};`

feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`systemd.services.zerotierone.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce [ ]);`
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00
			`systemd.services.zerotieroneSecretNetworks = {`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`inherit (cfg) enable;`
			`requiredBy = [ "zerotierone.service" ];`
			`partOf = [ "zerotierone.service" ];`
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.RemainAfterExit = true;`

feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`script =`
			`let`
			`secret = config.sops.secrets.zerotieroneNetworks;`
			`in`
			`''`
			`# include the secret's hash to trigger a restart on change`
			`# ${builtins.hashString "sha256" (builtins.toJSON secret)}`

			`${config.systemd.services.zerotierone.preStart}`

			`rm -rf /var/lib/zerotier-one/networks.d/*.conf`
			for network in `grep -v '#' ${secret.path}`; do
			`touch /var/lib/zerotier-one/networks.d/''${network}.conf`
			`done`
			`'';`
feat(zerotier): make os snippet and add custom options a way to disable autostart for zerotier is beneficial to not accidentally connect on each boot while still being able to connect on demand 2024-03-01 11:21:37 +01:00			`};`

			`sops.secrets.zerotieroneNetworks = {`
			`sopsFile = ../../../secrets/work-holo/zerotierone.txt;`
			`format = "binary";`
			`};`
			`};`
			`}`