Set up Zerotier Control UI

Install/configure ztncui[1], with HTTP access allowed from within the
private network.

[1]: https://key-networks.com/ztncui/

site-cookbooks/kosmos_zerotier/attributes/default.rb

@@ -1 +1,6 @@
-node.default["kosmos_zerotier"]["server_port"] = 9993
+node.default['kosmos_zerotier']['server_port'] = 9993
+
+node.default['ztncui']['version'] = '0.6.6'
+node.default['ztncui']['checksum'] = 'fa83679266a571c10e13b11293ebfb9d1c3515019f2af1e7dd066b5a37411018'
+node.default['ztncui']['http_all_interfaces'] = true
+node.default['ztncui']['http_allow_access_from'] = '10.1.1.0/24'

site-cookbooks/kosmos_zerotier/recipes/zncui.rb

@@ -0,0 +1,40 @@
+#
+# Cookbook:: kosmos_zerotier
+# Recipe:: zncui
+#
+
+package_path = "/opt/ztncui_#{node['ztncui']['version']}_amd64.deb"
+
+remote_file package_path do
+  source "https://s3-us-west-1.amazonaws.com/key-networks/deb/ztncui/1/x86_64/ztncui_#{node['ztncui']['version']}_amd64.deb"
+  checksum node['ztncui']['checksum']
+  action :create_if_missing
+  notifies :run, 'bash[install_ztncui_package]', :immediately
+end
+
+bash 'install_ztncui_package' do
+ code "apt-get install -y #{package_path}"
+ action :nothing
+end
+
+service "ztncui" do
+  action [:enable, :start]
+end
+
+template '/opt/key-networks/ztncui/.env' do
+  source 'ztncui.env.erb'
+  mode '0644'
+  variables http_all_interfaces: node['ztncui']['http_all_interfaces']
+  notifies :restart, 'service[ztncui]', :delayed
+end
+
+include_recipe 'kosmos-base::firewall'
+
+if node['ztncui']['http_allow_access_from']
+  firewall_rule 'zncui_http' do
+    port     3000
+    protocol :tcp
+    command  :allow
+    source   node['ztncui']['http_allow_access_from']
+  end
+end

site-cookbooks/kosmos_zerotier/templates/ztncui.env.erb

@@ -0,0 +1 @@
+<% if @http_all_interfaces %>HTTP_ALL_INTERFACES=yes<% end %>