clan/clan-core
12
4
Fork 19
Code Issues 108 Pull Requests 3 Actions Packages Projects 1 Releases Wiki Activity
a81da72ec4
clan-core/docs/site/getting-started/networking.md
a-kenji a81da72ec4
All checks were successful
checks / checks (pull_request) Successful in 2m23s
Details
checks / checks-impure (pull_request) Successful in 1m48s
Details
documentation: small admonition nit
2024-04-14 15:18:16 +02:00

2.4 KiB
Raw Blame History

Overlay Networks

This guide provides detailed instructions for configuring ZeroTier VPN within Clan. Follow the outlined steps to set up a machine as a VPN controller (<CONTROLLER>) and to include a new machine into the VPN.

1. Setting Up the VPN Controller

The VPN controller is initially essential for providing configuration to new peers. Once addresses are allocated, the controller's continuous operation is not essential.

Instructions:

  1. Designate a Machine: Label a machine as the VPN controller in the clan, referred to as <CONTROLLER> henceforth in this guide.
  2. Add Configuration: Input the following configuration to the NixOS configuration of the controller machine: 
    clan.networking.zerotier.controller = {
  enable = true;
  public = true;
};
  3. Update the Controller Machine: Execute the following: 
    $ clan machines update <CONTROLLER>
    Your machine is now operational as the VPN controller.

2. Integrating a New Machine to the VPN

To introduce a new machine to the VPN, adhere to the following steps:

Instructions:

  1. Update Configuration: On the new machine, incorporate the following to its configuration, substituting <CONTROLLER> with the controller machine name: 
    { config, ... }: {
  clan.networking.zerotier.networkId = builtins.readFile (config.clanCore.clanDir + "/machines/<CONTROLLER>/facts/zerotier-network-id");
}
  2. Update the New Machine: Execute: 
    $ clan machines update <NEW_MACHINE>
    Replace <NEW_MACHINE> with the designated new machine name.
  3. Retrieve the ZeroTier ID: On the new_machine, execute: 
    $ sudo zerotier-cli info
    Example Output: 
    200 info d2c71971db 1.12.1 OFFLINE
    , where d2c71971db is the ZeroTier ID.
  4. Authorize the New Machine on the Controller: On the controller machine, execute: 
    $ sudo zerotier-members allow <ID>
    Substitute <ID> with the ZeroTier ID obtained previously.
  5. Verify Connection: On the new_machine, re-execute: 
    $ sudo zerotier-cli info
    The status should now be "ONLINE": 
    200 info d2c71971db 1.12.1 ONLINE

!!! success "Congratulations!" The new machine is now part of the VPN, and the ZeroTier configuration on NixOS within the Clan project is complete.