package zerotier tcp proxies

2023-07-11 20:25:13 +02:00 · 2023-07-11 20:25:13 +02:00 · 14a39f207d
commit 14a39f207d
parent 64ef6eda56
3 changed files with 80 additions and 8 deletions
--- a/modules/zerotier/default.nix
+++ b/modules/zerotier/default.nix
@ -1,6 +1,9 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 {
-  networking.firewall.allowedTCPPorts = [ 9993 ];
+  networking.firewall.allowedTCPPorts = [
+    9993
+    993 # zt-tcp-proxy
+  ];
  networking.firewall.allowedUDPPorts = [ 9993 ];
  networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
  networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
@ -16,13 +19,25 @@
    };
  };

+  systemd.services.zt-tcp-proxy = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "zerotier-one.service" ];
+    serviceConfig = {
+      Type = "simple";
+      # imap port
+      ExecStart = "${pkgs.callPackage ../../pkgs/zt-tcp-relay.nix {}}/bin/zt-tcp-relay --listen [::]:993";
+      Restart = "always";
+      RestartSec = 5;
+      DynamicUser = true;
+      User = "zt-tcp-proxy";
+      Group = "zt-tcp-proxy";
+      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+    };
+  };
+
  services.zerotierone = {
    enable = true;
-    joinNetworks = [
-      "33d87fa6bd93423e"
-    ];
+    joinNetworks = [ "33d87fa6bd93423e" ];
  };
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
-    "zerotierone"
-  ];
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ];
 }
--- a/pkgs/zerotier-tcp-proxy.nix
+++ b/pkgs/zerotier-tcp-proxy.nix
@ -0,0 +1,25 @@
+{ stdenv, fetchFromGitHub, fetchpatch, zerotierone }:
+stdenv.mkDerivation {
+  name = "zerotier-tcp-proxy";
+  src = fetchFromGitHub {
+    owner = "zerotier";
+    repo = "ZeroTierOne";
+    rev = "008a768f15763aa4b1c73434cdc517b6b4e3f997";
+    hash = "sha256-BX589KbO+6eoyUo7UUDEL7pyIgpUE25deax+dmvGGG4=";
+  };
+  patches = [
+    (fetchpatch {
+       url = "https://github.com/zerotier/ZeroTierOne/commit/dd2006d494e85a41d8b818b37460e7cf458a2aee.patch";
+       hash = "sha256-nuao04pDha7h62RHviUZYx21p6bNOyiU78kBBq2o2Rs=";
+    })
+  ];
+  buildPhase = ''
+    pushd tcp-proxy
+    cat tcp-proxy.cpp
+    make -j $NIX_BUILD_CORES CXX=$CXX
+    popd
+  '';
+  installPhase = ''
+    install -D -m 755 tcp-proxy/tcp-proxy $out/bin/zerotier-tcp-proxy
+  '';
+}
--- a/pkgs/zt-tcp-relay.nix
+++ b/pkgs/zt-tcp-relay.nix
@ -0,0 +1,32 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, fetchpatch
+}:
+
+rustPlatform.buildRustPackage {
+  pname = "zt-tcp-relay";
+  version = "unstable-2022-08-02";
+
+  src = fetchFromGitHub {
+    owner = "alexander-akhmetov";
+    repo = "zt-tcp-relay";
+    rev = "2d4541d77807d57d5c303a1babfabf7f445e3946";
+    hash = "sha256-6CkVvBRMsyAPBdkDBM1REJjM+3vs+ws/qCmQOfFInMw=";
+  };
+
+  patches = [
+    # https://github.com/alexander-akhmetov/zt-tcp-relay/pull/19
+    (fetchpatch {
+     url = "https://github.com/alexander-akhmetov/zt-tcp-relay/commit/69f0a4f1f210dcd7a305036d4737d9a29215824d.patch";
+     hash = "sha256-kqZS9IjwEggLE6CQFaacL2TyTUn0PQCz1TPdoZdDrk0=";
+    })
+  ];
+
+  cargoHash = "sha256-MDygbJRi1aT4hfI7b2hwhYJ4UJyR1DehDAHDgbDZ35g=";
+
+  meta = {
+    description = "ZeroTier One TCP relay";
+    homepage = "https://github.com/alexander-akhmetov/zt-tcp-relay";
+  };
+}