OpenZiti packages and NixOS modules for ziti-cli and ziti-edge-tunnel.
{
inputs.openziti-nix.url = "github:rochecompaan/openziti-nix";
outputs = { self, nixpkgs, openziti-nix, ... }: {
nixosConfigurations.host = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
openziti-nix.nixosModules.withOverlays
openziti-nix.nixosModules.ziti
openziti-nix.nixosModules.ziti-edge-tunnel
openziti-nix.nixosModules.ziti-router
# or simply: openziti-nix.nixosModules.default
({ config, pkgs, ... }: {
programs.ziti.enable = true;
programs.ziti-edge-tunnel.enable = true;
programs.ziti-edge-tunnel.service.enable = true;
# Optional: change where identities are read from
# programs.ziti-edge-tunnel.service.identityDir = "/var/lib/ziti/identities";
# Optional: enroll and bootstrap an identity (sops-nix friendly)
# sops.secrets."ziti-myidentity-jwt".sopsFile = ./secrets.yaml;
# programs.ziti-edge-tunnel.enrollment = {
# enable = true;
# jwtFile = config.sops.secrets."ziti-myidentity-jwt".path;
# identityFile = "/opt/openziti/etc/identities/myidentity.json";
# # extraArgs = [ "--verbose" ];
# };
programs.ziti-router.enable = true;
programs.ziti-router.service.enable = true;
# programs.ziti-router.service.config = { /* ... */ };
})
];
};
};
}nixpkgs.overlays = [ inputs.openziti-nix.overlays.default ];
# Then use pkgs.ziti and pkgs.ziti-edge-tunnelnix build github:rochecompaan/openziti-nix#ziti
nix build github:rochecompaan/openziti-nix#ziti-edge-tunnel- pkgs/ziti-cli: Go CLI build
- pkgs/ziti-edge-tunnel: CMake build of ziti-edge-tunnel
- modules/ziti: NixOS module for CLI
- modules/ziti-edge-tunnel: NixOS module for service
- flake.nix: overlays, packages, modules