feat(zerotier): make os snippet and add custom options

a way to disable autostart for zerotier is beneficial to not
accidentally connect on each boot while still being able to connect on
demand

nix/os/devices/steveej-t14/system.nix

@@ -116,43 +116,6 @@ in {
 
   hardware.ledger.enable = true;
 
-  # services.zerotierone = {
-  #   enable = false;
-  #   joinNetworks = [
-  #     # moved to the service below as it's now secret
-  #   ];
-  # };
-
-  # systemd.services.zerotieroneSecretNetworks = {
-  #   enable = false;
-  #   requiredBy = [ "zerotierone.service" ];
-  #   partOf = [ "zerotierone.service" ];
-
-  #   serviceConfig.Type = "oneshot";
-  #   serviceConfig.RemainAfterExit = true;
-
-  #   script =
-  #     let
-  #       secret = config.sops.secrets.zerotieroneNetworks;
-  #     in
-  #     ''
-  #       # include the secret's hash to trigger a restart on change
-  #       # ${builtins.hashString "sha256" (builtins.toJSON secret)}
-
-  #       ${config.systemd.services.zerotierone.preStart}
-
-  #       rm -rf /var/lib/zerotier-one/networks.d/*.conf
-  #       for network in `grep -v '#' ${secret.path}`; do
-  #         touch /var/lib/zerotier-one/networks.d/''${network}.conf
-  #       done
-  #     '';
-  # };
-
-  sops.secrets.zerotieroneNetworks = {
-    sopsFile = ../../../../secrets/zerotierone.txt;
-    format = "binary";
-  };
-
   boot.binfmt.emulatedSystems = [
     "aarch64-linux"
   ];

nix/os/devices/steveej-x13s/configuration.nix

@@ -86,6 +86,8 @@
     ../../snippets/bluetooth.nix
     ../../snippets/timezone.nix
     ../../snippets/radicale.nix
+
+    ../../snippets/holo-zerotier.nix
   ];
 
   networking.hostName = nodeName;
@@ -148,4 +150,9 @@
   virtualisation.podman.dockerCompat = true;
 
   hardware.ledger.enable = true;
+
+  steveej.holo-zerotier = {
+    enable = true;
+    autostart = false;
+  };
 }

nix/os/snippets/holo-zerotier.nix

@@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.steveej.holo-zerotier;
+in {
+  options.steveej.holo-zerotier = {
+    enable = lib.mkEnableOption "Enable holo-zerotier";
+    autostart = lib.mkOption {default = false;};
+  };
+
+  config = {
+    services.zerotierone = {
+      enable = cfg.enable;
+      joinNetworks = [
+        # moved to the service below as it's now secret
+      ];
+    };
+
+    systemd.services.zerotierone.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce []);
+
+    systemd.services.zerotieroneSecretNetworks = {
+      enable = cfg.enable;
+      requiredBy = ["zerotierone.service"];
+      partOf = ["zerotierone.service"];
+
+      serviceConfig.Type = "oneshot";
+      serviceConfig.RemainAfterExit = true;
+
+      script = let
+        secret = config.sops.secrets.zerotieroneNetworks;
+      in ''
+        # include the secret's hash to trigger a restart on change
+        # ${builtins.hashString "sha256" (builtins.toJSON secret)}
+
+        ${config.systemd.services.zerotierone.preStart}
+
+        rm -rf /var/lib/zerotier-one/networks.d/*.conf
+        for network in `grep -v '#' ${secret.path}`; do
+          touch /var/lib/zerotier-one/networks.d/''${network}.conf
+        done
+      '';
+    };
+
+    sops.secrets.zerotieroneNetworks = {
+      sopsFile = ../../../secrets/work-holo/zerotierone.txt;
+      format = "binary";
+    };
+  };
+}