package zerotier tcp proxies
This commit is contained in:
parent
64ef6eda56
commit
14a39f207d
|
@ -1,6 +1,9 @@
|
||||||
{ lib, ... }:
|
{ lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 9993 ];
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
9993
|
||||||
|
993 # zt-tcp-proxy
|
||||||
|
];
|
||||||
networking.firewall.allowedUDPPorts = [ 9993 ];
|
networking.firewall.allowedUDPPorts = [ 9993 ];
|
||||||
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
|
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
|
||||||
networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
|
networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
|
||||||
|
@ -16,13 +19,25 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.zt-tcp-proxy = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "zerotier-one.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
# imap port
|
||||||
|
ExecStart = "${pkgs.callPackage ../../pkgs/zt-tcp-relay.nix {}}/bin/zt-tcp-relay --listen [::]:993";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 5;
|
||||||
|
DynamicUser = true;
|
||||||
|
User = "zt-tcp-proxy";
|
||||||
|
Group = "zt-tcp-proxy";
|
||||||
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.zerotierone = {
|
services.zerotierone = {
|
||||||
enable = true;
|
enable = true;
|
||||||
joinNetworks = [
|
joinNetworks = [ "33d87fa6bd93423e" ];
|
||||||
"33d87fa6bd93423e"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ];
|
||||||
"zerotierone"
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
25
pkgs/zerotier-tcp-proxy.nix
Normal file
25
pkgs/zerotier-tcp-proxy.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ stdenv, fetchFromGitHub, fetchpatch, zerotierone }:
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
name = "zerotier-tcp-proxy";
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "zerotier";
|
||||||
|
repo = "ZeroTierOne";
|
||||||
|
rev = "008a768f15763aa4b1c73434cdc517b6b4e3f997";
|
||||||
|
hash = "sha256-BX589KbO+6eoyUo7UUDEL7pyIgpUE25deax+dmvGGG4=";
|
||||||
|
};
|
||||||
|
patches = [
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/zerotier/ZeroTierOne/commit/dd2006d494e85a41d8b818b37460e7cf458a2aee.patch";
|
||||||
|
hash = "sha256-nuao04pDha7h62RHviUZYx21p6bNOyiU78kBBq2o2Rs=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
buildPhase = ''
|
||||||
|
pushd tcp-proxy
|
||||||
|
cat tcp-proxy.cpp
|
||||||
|
make -j $NIX_BUILD_CORES CXX=$CXX
|
||||||
|
popd
|
||||||
|
'';
|
||||||
|
installPhase = ''
|
||||||
|
install -D -m 755 tcp-proxy/tcp-proxy $out/bin/zerotier-tcp-proxy
|
||||||
|
'';
|
||||||
|
}
|
32
pkgs/zt-tcp-relay.nix
Normal file
32
pkgs/zt-tcp-relay.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ lib
|
||||||
|
, rustPlatform
|
||||||
|
, fetchFromGitHub
|
||||||
|
, fetchpatch
|
||||||
|
}:
|
||||||
|
|
||||||
|
rustPlatform.buildRustPackage {
|
||||||
|
pname = "zt-tcp-relay";
|
||||||
|
version = "unstable-2022-08-02";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "alexander-akhmetov";
|
||||||
|
repo = "zt-tcp-relay";
|
||||||
|
rev = "2d4541d77807d57d5c303a1babfabf7f445e3946";
|
||||||
|
hash = "sha256-6CkVvBRMsyAPBdkDBM1REJjM+3vs+ws/qCmQOfFInMw=";
|
||||||
|
};
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
# https://github.com/alexander-akhmetov/zt-tcp-relay/pull/19
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/alexander-akhmetov/zt-tcp-relay/commit/69f0a4f1f210dcd7a305036d4737d9a29215824d.patch";
|
||||||
|
hash = "sha256-kqZS9IjwEggLE6CQFaacL2TyTUn0PQCz1TPdoZdDrk0=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
|
cargoHash = "sha256-MDygbJRi1aT4hfI7b2hwhYJ4UJyR1DehDAHDgbDZ35g=";
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "ZeroTier One TCP relay";
|
||||||
|
homepage = "https://github.com/alexander-akhmetov/zt-tcp-relay";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user