tinc module: Ed25519PrivateKeyFile, listenAddress
This commit is contained in:
parent
c953334c75
commit
1a0d004cc2
@ -43,6 +43,14 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ed25519PrivateKeyFile = mkOption {
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
description = ''
|
||||||
|
Path of the private ed25519 keyfile.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
debugLevel = mkOption {
|
debugLevel = mkOption {
|
||||||
default = 0;
|
default = 0;
|
||||||
type = types.addCheck types.int (l: l >= 0 && l <= 5);
|
type = types.addCheck types.int (l: l >= 0 && l <= 5);
|
||||||
@ -70,6 +78,14 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
listenAddress = mkOption {
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
description = ''
|
||||||
|
The ip adress to bind to.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
default = pkgs.tinc_pre;
|
default = pkgs.tinc_pre;
|
||||||
description = ''
|
description = ''
|
||||||
@ -99,6 +115,8 @@ in
|
|||||||
text = ''
|
text = ''
|
||||||
Name = ${if data.name == null then "$HOST" else data.name}
|
Name = ${if data.name == null then "$HOST" else data.name}
|
||||||
DeviceType = ${data.interfaceType}
|
DeviceType = ${data.interfaceType}
|
||||||
|
${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"}
|
||||||
|
${optionalString (data.listenAddress != null) "BindToAddress = ${data.listenAddress}"}
|
||||||
Device = /dev/net/tun
|
Device = /dev/net/tun
|
||||||
Interface = tinc.${network}
|
Interface = tinc.${network}
|
||||||
${data.extraConfig}
|
${data.extraConfig}
|
||||||
@ -134,10 +152,10 @@ in
|
|||||||
# Determine how we should generate our keys
|
# Determine how we should generate our keys
|
||||||
if type tinc >/dev/null 2>&1; then
|
if type tinc >/dev/null 2>&1; then
|
||||||
# Tinc 1.1+ uses the tinc helper application for key generation
|
# Tinc 1.1+ uses the tinc helper application for key generation
|
||||||
|
${if data.ed25519PrivateKeyFile != null then " # Keyfile managed by nix" else ''
|
||||||
# Prefer ED25519 keys (only in 1.1+)
|
# Prefer ED25519 keys (only in 1.1+)
|
||||||
[ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
|
[ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
|
||||||
|
''}
|
||||||
# Otherwise use RSA keys
|
# Otherwise use RSA keys
|
||||||
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
|
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user