pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #12009 from mayflower/tinc-module

tinc module: Ed25519PrivateKeyFile, BindToAddress

Peter Simons a68450e5 472a5192

+20 -2
+20 -2
nixos/modules/services/networking/tinc.nix
··· 43 43 ''; 44 44 }; 45 45 46 + ed25519PrivateKeyFile = mkOption { 47 + default = null; 48 + type = types.nullOr types.path; 49 + description = '' 50 + Path of the private ed25519 keyfile. 51 + ''; 52 + }; 53 + 46 54 debugLevel = mkOption { 47 55 default = 0; 48 56 type = types.addCheck types.int (l: l >= 0 && l <= 5); ··· 70 78 ''; 71 79 }; 72 80 81 + listenAddress = mkOption { 82 + default = null; 83 + type = types.nullOr types.str; 84 + description = '' 85 + The ip adress to bind to. 86 + ''; 87 + }; 88 + 73 89 package = mkOption { 74 90 default = pkgs.tinc_pre; 75 91 description = '' ··· 99 115 text = '' 100 116 Name = ${if data.name == null then "$HOST" else data.name} 101 117 DeviceType = ${data.interfaceType} 118 + ${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"} 119 + ${optionalString (data.listenAddress != null) "BindToAddress = ${data.listenAddress}"} 102 120 Device = /dev/net/tun 103 121 Interface = tinc.${network} 104 122 ${data.extraConfig} ··· 134 152 # Determine how we should generate our keys 135 153 if type tinc >/dev/null 2>&1; then 136 154 # Tinc 1.1+ uses the tinc helper application for key generation 137 - 155 + ${if data.ed25519PrivateKeyFile != null then " # Keyfile managed by nix" else '' 138 156 # Prefer ED25519 keys (only in 1.1+) 139 157 [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys 140 - 158 + ''} 141 159 # Otherwise use RSA keys 142 160 [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 143 161 else