zerotier: document mdns ports; drop duplicate udp firewall rules

the nixos module already opens the zerotier port
2023-09-28 17:58:27 +02:00 · 2023-09-28 17:58:27 +02:00 · 739d3b3578
commit 739d3b3578
parent be6592c82c
2 changed files with 10 additions and 4 deletions
--- a/nixosModules/clanCore/zerotier/default.nix
+++ b/nixosModules/clanCore/zerotier/default.nix
@ -79,9 +79,10 @@ in
          KeepConfiguration = "static";
        };
      };
-      networking.firewall.allowedUDPPorts = [ 9993 ];
-      networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
-      networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
+      networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ]; # mdns
+      networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ]; # mdns
+      networking.networkmanager.unmanaged = [ "interface-name:zt*" ];
+
      services.zerotierone = {
        enable = true;
        joinNetworks = [ cfg.networkId ];
--- a/pkgs/clan-cli/tests/test_secrets_generate.py
+++ b/pkgs/clan-cli/tests/test_secrets_generate.py
@ -41,5 +41,10 @@ def test_upload_secret(
    assert age_key.lstat().st_mtime_ns == age_key_mtime
    assert identity_secret.lstat().st_mtime_ns == secret1_mtime

-    machine_path = sops_secrets_folder().joinpath("vm1-zerotier-identity-secret").joinpath("machines").joinpath("vm1")
+    machine_path = (
+        sops_secrets_folder()
+        .joinpath("vm1-zerotier-identity-secret")
+        .joinpath("machines")
+        .joinpath("vm1")
+    )
    assert machine_path.exists()