xin/configs/peerix.nix

76 lines
1.6 KiB
Nix
Raw Normal View History

2024-02-18 12:23:08 -07:00
{
config,
lib,
pkgs,
...
2023-07-11 09:12:50 -06:00
}:
2024-02-18 12:23:08 -07:00
with lib;
{
2022-08-30 15:55:21 -06:00
options = {
2022-08-30 15:56:37 -06:00
tsPeerix = {
2022-08-30 15:55:21 -06:00
enable = mkOption {
description = "Enable peerix";
default = false;
example = true;
type = lib.types.bool;
};
privateKeyFile = mkOption {
description = "Private key file for signing";
default = "";
example = "./private_key";
type = lib.types.path;
};
interfaces = mkOption {
description = "Interfaces to allow peerix to listen on.";
type = types.listOf types.str;
2023-09-12 08:44:05 -06:00
default = [ "tailscale0" ];
};
2022-08-30 15:55:21 -06:00
};
};
2022-08-30 15:56:37 -06:00
config = mkIf config.tsPeerix.enable {
2024-02-18 12:23:08 -07:00
users.groups.peerix = {
name = "peerix";
};
2022-08-30 15:56:37 -06:00
users.users.peerix = {
name = "peerix";
group = "peerix";
isSystemUser = true;
};
2023-09-12 08:44:05 -06:00
nix.settings.allowed-users = [ "peerix" ];
2022-08-30 15:55:21 -06:00
services = {
zerotierone = {
enable = true;
2023-09-12 08:44:05 -06:00
joinNetworks = [ "db64858fedd3b256" ];
};
2022-08-30 15:55:21 -06:00
peerix = {
enable = true;
2022-08-30 15:56:37 -06:00
openFirewall = false;
user = "peerix";
2022-08-31 12:00:02 -06:00
group = "peerix";
2022-08-30 15:56:37 -06:00
privateKeyFile = "${config.tsPeerix.privateKeyFile}";
publicKeyFile = ./peerix.pubs;
2022-08-30 15:55:21 -06:00
};
};
2023-09-12 08:44:05 -06:00
environment.systemPackages = [ pkgs.zerotierone ];
2024-02-18 12:23:08 -07:00
networking.firewall.interfaces = listToAttrs (
flatten (
map
(i: {
name = i;
value = {
allowedUDPPorts = [ 12304 ];
allowedTCPPorts = [ 12304 ];
};
})
config.tsPeerix.interfaces
)
);
2022-08-30 15:55:21 -06:00
};
}