clan/clan-infra
10
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

web01: add zerotier-ctrl service

Browse Source
This commit is contained in:
lassulus 2023-07-05 16:49:02 +02:00
parent 2135c50160
commit ec5c2fd33b
4 changed files with 58 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/web01/default.nix
View File

@ -3,6 +3,8 @@
./homepage.nix
./gitea
./postfix.nix
./zerotier.nix
./zerotier-ctrl.nix
];
services.cloud-init.xfs.enable = true;

37
modules/web01/zerotier-ctrl.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
(pkgs.writers.writeDashBin "zt-init" ''
set -efux
NODEID=$(cat /var/lib/zerotier-one/identity.public | cut -d: -f1)
NEW_NET=$(${pkgs.curl}/bin/curl -X POST "http://localhost:9993/controller/network/''${NODEID}______" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d {})
'')
(pkgs.writers.writeDashBin "zt-network-edit" ''
set -efux
TMP_NET_CONFIG=$(mktemp)
trap 'rm -f "$TMP_NET_CONFIG"' EXIT
NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
${pkgs.curl}/bin/curl "http://localhost:9993/controller/network/''${NETWORK_ID}" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d {} > "$TMP_NET_CONFIG"
$EDITOR "$TMP_NET_CONFIG"
${pkgs.curl}/bin/curl "http://localhost:9993/controller/network/''${NETWORK_ID}" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d @"$TMP_NET_CONFIG"
'')
(pkgs.writers.writeDashBin "zt-member-ls" ''
set -eu
NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
cat /var/lib/zerotier-one/controller.d/network/$NETWORK_ID/member/* | jq -s
'')
(pkgs.writers.writeDashBin "zt-member-auth" ''
set -efux
MEMBER_ID=$1
if ! printf '%s' $MEMBER_ID | grep -q '^[0-9a-f]\{10\}$'; then
echo '$MEMBER_ID is not a valid member id'
exit 1
fi
URL='http://localhost:9993/controller/'
TOKEN=''${TOKEN:-$(cat /var/lib/zerotier-one/authtoken.secret)}
NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
curl -fSs -H "X-ZT1-AUTH: $TOKEN" "$URL/network/$NETWORK_ID/member/$MEMBER_ID" -d '{"authorized": true}'
'')
];
}

14
modules/web01/zerotier.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 9993 ];
networking.firewall.allowedUDPPorts = [ 9993 ];
services.zerotierone = {
enable = true;
joinNetworks = [
"33d87fa6bd93423e"
];
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"zerotierone"
];
}

10
targets/web01/terraform.tfstate
View File

File diff suppressed because one or more lines are too long