diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index f9b93e2b2dde..864367a22444 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -5447,6 +5447,13 @@ githubId = 1931963; name = "David Sferruzza"; }; + dstengele = { + name = "Dennis Stengele"; + email = "dennis@stengele.me"; + matrix = "@dstengele:pango.place"; + github = "dstengele"; + githubId = 1706418; + }; dsuetin = { name = "Danil Suetin"; email = "suetin085+nixpkgs@protonmail.com"; diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index ac585131ea85..ae7de8274b51 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -42,6 +42,8 @@ - [Music Assistant](https://music-assistant.io/), a music library manager for your offline and online music sources which can easily stream your favourite music to a wide range of supported players. Available as [services.music-assistant](#opt-services.music-assistant.enable). +- [zeronsd](https://github.com/zerotier/zeronsd), a DNS server for ZeroTier users. Available with [services.zeronsd.servedNetworks](#opt-services.zeronsd.servedNetworks). + - [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a web ui for connecting devices. Available at [services.wg-access-server](#opt-services.wg-access-server.enable). - [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 090236780abf..f97a6b47512c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1258,6 +1258,7 @@ ./services/networking/zerobin.nix ./services/networking/zeronet.nix ./services/networking/zerotierone.nix + ./services/networking/zeronsd.nix ./services/networking/znc/default.nix ./services/printing/cupsd.nix ./services/printing/ipp-usb.nix diff --git a/nixos/modules/services/networking/zeronsd.nix b/nixos/modules/services/networking/zeronsd.nix new file mode 100644 index 000000000000..23f1a5fa7e4f --- /dev/null +++ b/nixos/modules/services/networking/zeronsd.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.zeronsd; + settingsFormat = pkgs.formats.json { }; +in +{ + options.services.zeronsd.servedNetworks = lib.mkOption { + default = { }; + example = { + "a8a2c3c10c1a68de".settings.token = "/var/lib/zeronsd/apitoken"; + }; + description = "ZeroTier Networks to start zeronsd instances for."; + type = lib.types.attrsOf ( + lib.types.submodule { + options = { + package = lib.mkPackageOption pkgs "zeronsd" { }; + + settings = lib.mkOption { + description = "Settings for zeronsd"; + default = { }; + type = lib.types.submodule { + freeformType = settingsFormat.type; + + options = { + domain = lib.mkOption { + default = "home.arpa"; + type = lib.types.singleLineStr; + description = "Domain under which ZeroTier records will be available."; + }; + + token = lib.mkOption { + type = lib.types.path; + description = "Path to a file containing the API Token for ZeroTier Central."; + }; + + log_level = lib.mkOption { + default = "warn"; + type = lib.types.enum [ + "off" + "error" + "warn" + "info" + "debug" + "trace" + ]; + description = "Log Level."; + }; + + wildcard = lib.mkOption { + default = false; + type = lib.types.bool; + description = "Whether to serve a wildcard record for ZeroTier Nodes."; + }; + }; + }; + }; + }; + } + ); + }; + + config = lib.mkIf (cfg.servedNetworks != { }) { + assertions = [ + { + assertion = config.services.zerotierone.enable; + message = "zeronsd needs a configured zerotier-one"; + } + ]; + + systemd.services = lib.mapAttrs' (netname: netcfg: { + name = "zeronsd-${netname}"; + value = { + description = "ZeroTier DNS server for Network ${netname}"; + + wantedBy = [ "multi-user.target" ]; + after = [ + "network.target" + "zerotierone.service" + ]; + wants = [ "network-online.target" ]; + + serviceConfig = + let + configFile = pkgs.writeText "zeronsd.json" (builtins.toJSON netcfg.settings); + in + { + ExecStart = "${netcfg.package}/bin/zeronsd start --config ${configFile} --config-type json ${netname}"; + Restart = "on-failure"; + RestartSec = 2; + TimeoutStopSec = 5; + User = "zeronsd"; + Group = "zeronsd"; + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + }; + }; + }) cfg.servedNetworks; + + systemd.tmpfiles.rules = [ + "a+ /var/lib/zerotier-one - - - - u:zeronsd:x" + "a+ /var/lib/zerotier-one/authtoken.secret - - - - mask::r,u:zeronsd:r" + ]; + + users.users.zeronsd = { + group = "zeronsd"; + description = "Service user for running zeronsd"; + isSystemUser = true; + }; + + users.groups.zeronsd = { }; + }; +} diff --git a/pkgs/by-name/ze/zeronsd/package.nix b/pkgs/by-name/ze/zeronsd/package.nix new file mode 100644 index 000000000000..71eeb50e6163 --- /dev/null +++ b/pkgs/by-name/ze/zeronsd/package.nix @@ -0,0 +1,39 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + pkg-config, + openssl, + rustfmt, +}: + +rustPlatform.buildRustPackage rec { + pname = "zeronsd"; + version = "0.5.2"; + + src = fetchFromGitHub { + owner = "zerotier"; + repo = "zeronsd"; + rev = "v${version}"; + hash = "sha256-TL0bgzQgge6j1SpZCdxv/s4pBMSg4/3U5QisjkVE6BE="; + }; + + cargoHash = "sha256-WGap0j90obpJHiMNokCWg0Q3xIAqwvmiESg9NVnFMKE="; + + strictDeps = true; + buildInputs = [ openssl ]; + nativeBuildInputs = [ pkg-config ]; + + RUSTFMT = "${rustfmt}/bin/rustfmt"; + + # Integration tests try to access the ZeroTier API which requires an API token. + # https://github.com/zerotier/zeronsd/blob/v0.5.2/tests/service/network.rs#L10 + doCheck = false; + + meta = with lib; { + description = "A DNS server for ZeroTier users"; + homepage = "https://github.com/zerotier/zeronsd"; + license = licenses.bsd3; + maintainers = [ maintainers.dstengele ]; + }; +}