Merge pull request 'drop unused zerotier controller code' (#105) from Mic92-main into main

modules/web01/default.nix

@@ -8,8 +8,6 @@
     ./homepage.nix
     ./postfix.nix
     ./jobs.nix
-    ../zerotier
-    ../zerotier/ctrl.nix
     ../dev.nix
   ];
 

modules/zerotier/README.md

@@ -1,8 +0,0 @@
-# zerotier controller & client config
-These modules implement a simple bash based controller (./ctrl.nix) and
-the config to join the VPN. External people who want to join just have to copy
-./default.nix into their configuration and rebuild switch.
-
-The configured network uses only ipv6 addresses, they are distributed by 6plane.
-Which gives every host a /80.
-Reference: https://gist.github.com/laduke/fa1e9a68a79d9038ab117ad0ab69927a

modules/zerotier/ctrl.nix

@@ -1,37 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  environment.systemPackages = [
-    (pkgs.writers.writeDashBin "zt-init" ''
-      set -efux
-      NODEID=$(cat /var/lib/zerotier-one/identity.public | cut -d: -f1)
-      NEW_NET=$(${pkgs.curl}/bin/curl -X POST "http://localhost:9993/controller/network/''${NODEID}______" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d {})
-    '')
-    (pkgs.writers.writeDashBin "zt-network-edit" ''
-      set -efux
-      TMP_NET_CONFIG=$(mktemp)
-      trap 'rm -f "$TMP_NET_CONFIG"' EXIT
-      NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
-      ${pkgs.curl}/bin/curl "http://localhost:9993/controller/network/''${NETWORK_ID}" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d {} > "$TMP_NET_CONFIG"
-      $EDITOR "$TMP_NET_CONFIG"
-      ${pkgs.curl}/bin/curl "http://localhost:9993/controller/network/''${NETWORK_ID}" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d @"$TMP_NET_CONFIG"
-    '')
-    (pkgs.writers.writeDashBin "zt-member-ls" ''
-      set -eu
-      NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
-      cat /var/lib/zerotier-one/controller.d/network/$NETWORK_ID/member/* | jq -s
-    '')
-    (pkgs.writers.writeDashBin "zt-member-auth" ''
-      set -efux
-      MEMBER_ID=$1
-      if ! printf '%s' $MEMBER_ID | grep -q '^[0-9a-f]\{10\}$'; then
-        echo '$MEMBER_ID is not a valid member id'
-        exit 1
-      fi
-      URL='http://localhost:9993/controller/'
-      TOKEN=''${TOKEN:-$(cat /var/lib/zerotier-one/authtoken.secret)}
-      NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
-
-      curl -fSs -H "X-ZT1-AUTH: $TOKEN" "$URL/network/$NETWORK_ID/member/$MEMBER_ID" -d '{"authorized": true}'
-    '')
-  ];
-}

modules/zerotier/default.nix

@@ -1,45 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  networking.firewall.allowedTCPPorts = [
-    9993
-    993 # zt-tcp-proxy
-  ];
-  networking.firewall.allowedUDPPorts = [ 9993 ];
-  networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
-  networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
-
-  # Note avahi was super slow. systemd-resolved worked much faster for mdns
-  systemd.network.networks.zerotier = {
-    matchConfig.Name = "zt*";
-    networkConfig = {
-      LLMNR = true;
-      LLDP = true;
-      MulticastDNS = true;
-      KeepConfiguration = "static";
-    };
-  };
-
-  systemd.services.zt-tcp-proxy = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "zerotier-one.service" ];
-    serviceConfig = {
-      Type = "simple";
-      # imap port
-      ExecStart = "${pkgs.callPackage ../../pkgs/zerotier-tcp-proxy.nix {
-        zerotierProxyPort = 993;
-      }}/bin/zerotier-tcp-proxy";
-      Restart = "always";
-      RestartSec = 5;
-      DynamicUser = true;
-      User = "zt-tcp-proxy";
-      Group = "zt-tcp-proxy";
-      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
-    };
-  };
-
-  services.zerotierone = {
-    enable = true;
-    joinNetworks = [ "33d87fa6bd93423e" ];
-  };
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ];
-}

pkgs/zerotier-tcp-proxy.nix

@@ -1,26 +0,0 @@
-{ stdenv, fetchFromGitHub, fetchpatch, zerotierProxyPort ? 443 }:
-stdenv.mkDerivation {
-  name = "zerotier-tcp-proxy";
-  src = fetchFromGitHub {
-    owner = "zerotier";
-    repo = "ZeroTierOne";
-    rev = "008a768f15763aa4b1c73434cdc517b6b4e3f997";
-    hash = "sha256-BX589KbO+6eoyUo7UUDEL7pyIgpUE25deax+dmvGGG4=";
-  };
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/zerotier/ZeroTierOne/commit/dd2006d494e85a41d8b818b37460e7cf458a2aee.patch";
-      hash = "sha256-nuao04pDha7h62RHviUZYx21p6bNOyiU78kBBq2o2Rs=";
-    })
-  ];
-  buildPhase = ''
-    pushd tcp-proxy
-    sed -i -e "s/ZT_TCP_PROXY_TCP_PORT.*443/ZT_TCP_PROXY_TCP_PORT ${toString zerotierProxyPort}/g" tcp-proxy.cpp
-    cat tcp-proxy.cpp
-    make -j $NIX_BUILD_CORES CXX=$CXX
-    popd
-  '';
-  installPhase = ''
-    install -D -m 755 tcp-proxy/tcp-proxy $out/bin/zerotier-tcp-proxy
-  '';
-}

pkgs/zt-tcp-relay.nix

@@ -1,32 +0,0 @@
-{ lib
-, rustPlatform
-, fetchFromGitHub
-, fetchpatch
-}:
-
-rustPlatform.buildRustPackage {
-  pname = "zt-tcp-relay";
-  version = "unstable-2022-08-02";
-
-  src = fetchFromGitHub {
-    owner = "alexander-akhmetov";
-    repo = "zt-tcp-relay";
-    rev = "2d4541d77807d57d5c303a1babfabf7f445e3946";
-    hash = "sha256-6CkVvBRMsyAPBdkDBM1REJjM+3vs+ws/qCmQOfFInMw=";
-  };
-
-  patches = [
-    # https://github.com/alexander-akhmetov/zt-tcp-relay/pull/19
-    (fetchpatch {
-      url = "https://github.com/alexander-akhmetov/zt-tcp-relay/commit/69f0a4f1f210dcd7a305036d4737d9a29215824d.patch";
-      hash = "sha256-kqZS9IjwEggLE6CQFaacL2TyTUn0PQCz1TPdoZdDrk0=";
-    })
-  ];
-
-  cargoHash = "sha256-MDygbJRi1aT4hfI7b2hwhYJ4UJyR1DehDAHDgbDZ35g=";
-
-  meta = {
-    description = "ZeroTier One TCP relay";
-    homepage = "https://github.com/alexander-akhmetov/zt-tcp-relay";
-  };
-}