tinc module: Ed25519PrivateKeyFile, listenAddress

This commit is contained in:
Tristan Helmich 2015-11-09 18:21:30 +01:00 committed by Robin Gloster
parent c953334c75
commit 1a0d004cc2

View File

@ -43,6 +43,14 @@ in
''; '';
}; };
ed25519PrivateKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
description = ''
Path of the private ed25519 keyfile.
'';
};
debugLevel = mkOption { debugLevel = mkOption {
default = 0; default = 0;
type = types.addCheck types.int (l: l >= 0 && l <= 5); type = types.addCheck types.int (l: l >= 0 && l <= 5);
@ -70,6 +78,14 @@ in
''; '';
}; };
listenAddress = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
The ip adress to bind to.
'';
};
package = mkOption { package = mkOption {
default = pkgs.tinc_pre; default = pkgs.tinc_pre;
description = '' description = ''
@ -99,6 +115,8 @@ in
text = '' text = ''
Name = ${if data.name == null then "$HOST" else data.name} Name = ${if data.name == null then "$HOST" else data.name}
DeviceType = ${data.interfaceType} DeviceType = ${data.interfaceType}
${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"}
${optionalString (data.listenAddress != null) "BindToAddress = ${data.listenAddress}"}
Device = /dev/net/tun Device = /dev/net/tun
Interface = tinc.${network} Interface = tinc.${network}
${data.extraConfig} ${data.extraConfig}
@ -134,10 +152,10 @@ in
# Determine how we should generate our keys # Determine how we should generate our keys
if type tinc >/dev/null 2>&1; then if type tinc >/dev/null 2>&1; then
# Tinc 1.1+ uses the tinc helper application for key generation # Tinc 1.1+ uses the tinc helper application for key generation
${if data.ed25519PrivateKeyFile != null then " # Keyfile managed by nix" else ''
# Prefer ED25519 keys (only in 1.1+) # Prefer ED25519 keys (only in 1.1+)
[ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
''}
# Otherwise use RSA keys # Otherwise use RSA keys
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
else else