zerotier: split configuration

Split configuration in global and per-network sections. This change breaks existing configurations. The following per-network settings are available: * allow_managed * allow_global * allow_default * allow_dns See https://docs.zerotier.com/config/#network-specific-configuration Signed-off-by: Óscar García Amor <[email protected]> Signed-off-by: Moritz Warning <[email protected]>
openwrt · Aug 20, 2024 · c3b2343 · c3b2343
1 parent b806d77
commit c3b2343
Show file tree

Hide file tree

Showing 4 changed files with 106 additions and 88 deletions.
diff --git a/net/zerotier/Makefile b/net/zerotier/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zerotier
 PKG_VERSION:=1.14.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
@@ -69,6 +69,7 @@ endef
 define Package/zerotier/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/zerotier-one $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(LN) zerotier-one $(1)/usr/bin/zerotier-cli
 	$(LN) zerotier-one $(1)/usr/bin/zerotier-idtool
 

diff --git a/net/zerotier/files/etc/config/zerotier b/net/zerotier/files/etc/config/zerotier
@@ -1,20 +1,39 @@
 
-config zerotier sample_config
+config zerotier 'global'
+	# Sets whether ZeroTier is enabled or not
 	option enabled 0
-
-	# persistent configuration folder (for ZT controller mode)
+	# Sets the ZeroTier listening port (default 9993; set to 0 for random)
+	#option port '9993'
+	# Client secret (leave blank to generate a secret on first run)
+	option secret ''
+	# Path of the optional file local.conf (see documentation at
+	# https://docs.zerotier.com/config#local-configuration-options)
+	#option local_conf_path '/etc/zerotier.conf'
+	# Persistent configuration directory (to perform other configurations such
+	# as controller mode or moons, etc.)
 	#option config_path '/etc/zerotier'
-	# copy <config_path> to RAM to prevent writing to flash (for ZT controller mode)
+	# Copy the contents of the persistent configuration directory to memory
+	# instead of linking it, this avoids writing to flash
 	#option copy_config_path '1'
 
-	#option port '9993'
-
-	# path to the local.conf
-	#option local_conf '/etc/zerotier.conf'
+# Network configuration, you can have as many configurations as networks you
+# want to join (the network name is optional)
+config network 'mynet'
+	# Identifier of the network you wish to join
+	option id '8056c2e21c000001'
+	# Network configuration parameters (all are optional, if not indicated the
+	# default values are set, see documentation at
+	# https://docs.zerotier.com/config/#network-specific-configuration)
+	option allow_managed '1'
+	option allow_global '0'
+	option allow_default '0'
+	option allow_dns '0'
 
-	# Generate secret on first start
-	option secret ''
+# Example of a second network (unnamed as it is optional)
+#config network
+#	option id '1234567890123456'
+#	option allow_managed '1'
+#	option allow_global '0'
+#	option allow_default '0'
+#	option allow_dns '0'
 
-	# Join a public network called Earth
-	list join '8056c2e21c000001'
-	#list join '<other_network>'
diff --git a/net/zerotier/files/etc/init.d/zerotier b/net/zerotier/files/etc/init.d/zerotier
@@ -7,113 +7,94 @@ USE_PROCD=1
 PROG=/usr/bin/zerotier-one
 CONFIG_PATH=/var/lib/zerotier-one
 
-section_enabled() {
-	config_get_bool enabled "$1" 'enabled' 0
-	[ $enabled -ne 0 ]
+join_network() {
+	local section="${1}"
+	local id allow_managed allow_global allow_default allow_dns
+
+	config_get id "${section}" 'id'
+	config_get_bool allow_managed "${section}" 'allow_managed' 1
+	config_get_bool allow_global "${section}" 'allow_global' 0
+	config_get_bool allow_default "${section}" 'allow_default' 0
+	config_get_bool allow_dns "${section}" 'allow_dns' 0
+
+	if [ -n "${id}" ]; then
+		# an (empty) config file will cause ZT to join a network
+		touch "${CONFIG_PATH}"/networks.d/"${id}".conf
+		echo "allowManaged=${allow_managed}" > "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+		echo "allowGlobal=${allow_global}" >> "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+		echo "allowDefault=${allow_default}" >> "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+		echo "allowDNS=${allow_dns}" >> "${CONFIG_PATH}"/networks.d/"${id}".local.conf
+	fi
 }
 
-start_instance() {
-	local cfg="$1"
-	local port secret config_path local_conf copy_config_path path
+start_service() {
+	config_load zerotier
+	local enabled port secret local_conf_path config_path copy_config_path
 	local args=""
 
-	if ! section_enabled "$cfg"; then
+	config_get_bool enabled 'global' 'enabled' 0
+	config_get port 'global' 'port'
+	config_get secret 'global' 'secret'
+	config_get local_conf_path 'global' 'local_conf_path'
+	config_get config_path 'global' 'config_path'
+	config_get_bool copy_config_path 'global' 'copy_config_path' 0
+
+	if [ ${enabled} -eq 0 ]; then
 		echo "disabled in /etc/config/zerotier"
-		return 1
 	fi
 
-	config_get config_path $cfg 'config_path'
-	config_get port $cfg 'port'
-	config_get secret $cfg 'secret'
-	config_get local_conf $cfg 'local_conf'
-	config_get_bool copy_config_path $cfg 'copy_config_path' 0
-
-	path=${CONFIG_PATH}_$cfg
-
 	# Remove existing link or folder
-	rm -rf $path
+	rm -rf "${CONFIG_PATH}"
 
-	# Create link or copy files from CONFIG_PATH to config_path
-	if [ -n "$config_path" -a "$config_path" != "$path" ]; then
-		if [ ! -d "$config_path" ]; then
-			echo "ZeroTier config_path does not exist: $config_path" 1>&2
+	# Create link or copy files from config_path to CONFIG_PATH
+	if [ -n "${config_path}" -a "${config_path}" != "${path}" ]; then
+		if [ ! -d "${config_path}" ]; then
+			echo "ZeroTier config_path does not exist: ${config_path}" 1>&2
 			return
 		fi
 
-		# ensure that the target exists
-		mkdir -p $(dirname $path)
-
-		if [ "$copy_config_path" = "1" ]; then
-			cp -r $config_path $path
+		if [ ${copy_config_path} -eq 1 ]; then
+			cp -r "${config_path}" "${CONFIG_PATH}"
 		else
-			ln -s $config_path $path
+			ln -s "${config_path}" "${CONFIG_PATH}"
 		fi
 	fi
 
-	mkdir -p $path/networks.d
-
-	# link latest default config path to latest config path
-	rm -f $CONFIG_PATH
-	ln -s $path $CONFIG_PATH
-
-	if [ -n "$port" ]; then
-		args="$args -p${port}"
+	if [ -f "${local_conf_path}" ]; then
+		ln -s "${local_conf_path}" "${CONFIG_PATH}"/local.conf
 	fi
 
-	if [ -z "$secret" ]; then
-		echo "Generate secret - please wait..."
-		local sf="/tmp/zt.$cfg.secret"
-
-		zerotier-idtool generate "$sf" > /dev/null
-		[ $? -ne 0 ] && return 1
-
-		secret="$(cat $sf)"
-		rm "$sf"
+	if [ -n "${port}" ]; then
+		args="${args} -p${port}"
+	fi
 
-		uci set zerotier.$cfg.secret="$secret"
+	if [ -z "${secret}" ]; then
+		echo -n "Generating secret - please wait... "
+		secret="$(zerotier-idtool generate)"
+		[ ${?} -ne 0 ] && return 1
+		uci set zerotier.global.secret="${secret}"
 		uci commit zerotier
+		echo "done."
 	fi
 
-	if [ -n "$secret" ]; then
-		echo "$secret" > $path/identity.secret
+	if [ -n "${secret}" ]; then
+		echo "${secret}" > "${CONFIG_PATH}"/identity.secret
 		# make sure there is not previous identity.public
-		rm -f $path/identity.public
-	fi
-
-	if [ -f "$local_conf" ]; then
-		ln -s "$local_conf" $path/local.conf
+		rm -f "${CONFIG_PATH}"/identity.public
 	fi
 
-	add_join() {
-		# an (empty) config file will cause ZT to join a network
-		touch $path/networks.d/$1.conf
-	}
-
-	config_list_foreach $cfg 'join' add_join
+	mkdir -p "${CONFIG_PATH}"/networks.d
+	config_foreach join_network network
 
 	procd_open_instance
-	procd_set_param command $PROG $args $path
+	procd_set_param command ${PROG} ${args}
 	procd_set_param stderr 1
 	procd_set_param respawn
 	procd_close_instance
 }
 
-start_service() {
-	config_load 'zerotier'
-	config_foreach start_instance 'zerotier'
-}
-
-stop_instance() {
-	local cfg="$1"
-
-	# Remove existing link or folder
-	rm -rf ${CONFIG_PATH}_${cfg}
-}
-
 stop_service() {
-	config_load 'zerotier'
-	config_foreach stop_instance 'zerotier'
-	rm -f ${CONFIG_PATH}
+	rm -rf "${CONFIG_PATH}"
 }
 
 reload_service() {

diff --git a/net/zerotier/files/etc/uci-defaults/80-zt-migration b/net/zerotier/files/etc/uci-defaults/80-zt-migration
@@ -0,0 +1,17 @@
+# Convert the join list into networks
+nets=$(uci get zerotier.@zerotier[0].join)
+for net in ${nets}; do
+  sid=$(uci add zerotier network)
+  uci set zerotier.${sid}.id=${net}
+done
+uci delete zerotier.@zerotier[0].join
+
+# Rename local conf (only if defined)
+uci rename zerotier.@zerotier[0].local_conf='local_conf_path' \
+ > /dev/null 2>&1 || true
+
+# Rename configuration to default
+uci rename zerotier.@zerotier[0]='default'
+
+# Commit all changes
+uci commit zerotier