2023-07-11 18:25:13 +00:00
|
|
|
{ lib, pkgs, ... }:
|
2023-07-05 14:49:02 +00:00
|
|
|
{
|
2023-07-11 18:25:13 +00:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
9993
|
|
|
|
|
993 # zt-tcp-proxy
|
|
|
|
|
];
|
2023-07-11 14:30:35 +00:00
|
|
|
networking.firewall.allowedUDPPorts = [ 9993 ];
|
|
|
|
|
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
|
|
|
|
|
networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
|
|
|
|
|
|
|
|
|
|
# Note avahi was super slow. systemd-resolved worked much faster for mdns
|
2023-07-11 15:21:20 +00:00
|
|
|
systemd.network.networks.zerotier = {
|
|
|
|
|
matchConfig.Name = "zt*";
|
|
|
|
|
networkConfig = {
|
|
|
|
|
LLMNR = true;
|
|
|
|
|
LLDP = true;
|
|
|
|
|
MulticastDNS = true;
|
|
|
|
|
KeepConfiguration = "static";
|
|
|
|
|
};
|
2023-07-11 14:30:35 +00:00
|
|
|
};
|
|
|
|
|
|
2023-07-11 18:25:13 +00:00
|
|
|
systemd.services.zt-tcp-proxy = {
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
after = [ "zerotier-one.service" ];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "simple";
|
|
|
|
|
# imap port
|
2023-07-12 08:56:39 +00:00
|
|
|
ExecStart = "${pkgs.callPackage ../../pkgs/zerotier-tcp-proxy.nix {
|
|
|
|
|
zerotierProxyPort = 993;
|
|
|
|
|
}}/bin/zerotier-tcp-proxy";
|
2023-07-11 18:25:13 +00:00
|
|
|
Restart = "always";
|
|
|
|
|
RestartSec = 5;
|
|
|
|
|
DynamicUser = true;
|
|
|
|
|
User = "zt-tcp-proxy";
|
|
|
|
|
Group = "zt-tcp-proxy";
|
|
|
|
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-07-05 14:49:02 +00:00
|
|
|
services.zerotierone = {
|
|
|
|
|
enable = true;
|
2023-07-11 18:25:13 +00:00
|
|
|
joinNetworks = [ "33d87fa6bd93423e" ];
|
2023-07-05 14:49:02 +00:00
|
|
|
};
|
2023-07-11 18:25:13 +00:00
|
|
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ];
|
2023-07-05 14:49:02 +00:00
|
|
|
}
|
