steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
infra/nix/os/snippets/holo-zerotier.nix
Stefan Junker e01290317a feat(zerotier): make os snippet and add custom options 
a way to disable autostart for zerotier is beneficial to not
accidentally connect on each boot while still being able to connect on
demand
2024-03-01 11:21:37 +01:00

51 lines
1.3 KiB
Nix
Raw Blame History

{
config,
lib,
...
}: let
cfg = config.steveej.holo-zerotier;
in {
options.steveej.holo-zerotier = {
enable = lib.mkEnableOption "Enable holo-zerotier";
autostart = lib.mkOption {default = false;};
};
config = {
services.zerotierone = {
enable = cfg.enable;
joinNetworks = [
# moved to the service below as it's now secret
];
};
systemd.services.zerotierone.wantedBy = lib.mkIf (!cfg.autostart) (lib.mkForce []);
systemd.services.zerotieroneSecretNetworks = {
enable = cfg.enable;
requiredBy = ["zerotierone.service"];
partOf = ["zerotierone.service"];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = let
secret = config.sops.secrets.zerotieroneNetworks;
in ''
# include the secret's hash to trigger a restart on change
# ${builtins.hashString "sha256" (builtins.toJSON secret)}
${config.systemd.services.zerotierone.preStart}
rm -rf /var/lib/zerotier-one/networks.d/*.conf
for network in `grep -v '#' ${secret.path}`; do
touch /var/lib/zerotier-one/networks.d/''${network}.conf
done
'';
};
sops.secrets.zerotieroneNetworks = {
sopsFile = ../../../secrets/work-holo/zerotierone.txt;
format = "binary";
};
};
}
Reference in a new issue View git blame Copy permalink