xin/configs/peerix.nix

68 lines
1.5 KiB
Nix
Raw Permalink Normal View History

2023-09-12 08:44:05 -06:00
{ config
, lib
, pkgs
, ...
2023-07-11 09:12:50 -06:00
}:
2022-08-30 15:55:21 -06:00
with lib; {
options = {
2022-08-30 15:56:37 -06:00
tsPeerix = {
2022-08-30 15:55:21 -06:00
enable = mkOption {
description = "Enable peerix";
default = false;
example = true;
type = lib.types.bool;
};
privateKeyFile = mkOption {
description = "Private key file for signing";
default = "";
example = "./private_key";
type = lib.types.path;
};
interfaces = mkOption {
description = "Interfaces to allow peerix to listen on.";
type = types.listOf types.str;
2023-09-12 08:44:05 -06:00
default = [ "tailscale0" ];
};
2022-08-30 15:55:21 -06:00
};
};
2022-08-30 15:56:37 -06:00
config = mkIf config.tsPeerix.enable {
2023-09-12 08:44:05 -06:00
users.groups.peerix = { name = "peerix"; };
2022-08-30 15:56:37 -06:00
users.users.peerix = {
name = "peerix";
group = "peerix";
isSystemUser = true;
};
2023-09-12 08:44:05 -06:00
nix.settings.allowed-users = [ "peerix" ];
2022-08-30 15:55:21 -06:00
services = {
zerotierone = {
enable = true;
2023-09-12 08:44:05 -06:00
joinNetworks = [ "db64858fedd3b256" ];
};
2022-08-30 15:55:21 -06:00
peerix = {
enable = true;
2022-08-30 15:56:37 -06:00
openFirewall = false;
user = "peerix";
2022-08-31 12:00:02 -06:00
group = "peerix";
2022-08-30 15:56:37 -06:00
privateKeyFile = "${config.tsPeerix.privateKeyFile}";
publicKeyFile = ./peerix.pubs;
2022-08-30 15:55:21 -06:00
};
};
2023-09-12 08:44:05 -06:00
environment.systemPackages = [ pkgs.zerotierone ];
2023-09-12 08:44:05 -06:00
networking.firewall.interfaces = listToAttrs (flatten (map
(i: {
2023-07-11 09:12:50 -06:00
name = i;
value = {
2023-09-12 08:44:05 -06:00
allowedUDPPorts = [ 12304 ];
allowedTCPPorts = [ 12304 ];
2023-07-11 09:12:50 -06:00
};
})
config.tsPeerix.interfaces));
2022-08-30 15:55:21 -06:00
};
}