summary refs log tree commit diff
path: root/nixos/modules
diff options
context:
space:
mode:
authorThomas Gerbet <thomas@gerbet.me>2022-04-17 11:16:25 +0200
committerThomas Gerbet <thomas@gerbet.me>2022-04-17 12:13:24 +0200
commitf89894e2e3896c39141a7a12deceb01758b4447b (patch)
tree89e26ef97d15360e9ba50cdabadee5929305d743 /nixos/modules
parent6a289abddde4065a9e14ab0450bfab10a822e2ad (diff)
downloadnixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar
nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.gz
nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.bz2
nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.lz
nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.xz
nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.zst
nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.zip
nixos/tailscale: allow to set `TS_PERMIT_CERT_UID` env variable
This setting was introduced with Tailscale 1.22.0, see
https://github.com/tailscale/tailscale/releases/tag/v1.22.0

Co-authored-by: pennae <github@quasiparticle.net>
Diffstat (limited to 'nixos/modules')
-rw-r--r--nixos/modules/services/networking/tailscale.nix10
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix
index 3f41646bf01..1f64113950a 100644
--- a/nixos/modules/services/networking/tailscale.nix
+++ b/nixos/modules/services/networking/tailscale.nix
@@ -21,6 +21,12 @@ in {
       description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.'';
     };
 
+    permitCertUid = mkOption {
+      type = types.nullOr types.nonEmptyStr;
+      default = null;
+      description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.";
+    };
+
     package = mkOption {
       type = types.package;
       default = pkgs.tailscale;
@@ -38,7 +44,9 @@ in {
       serviceConfig.Environment = [
         "PORT=${toString cfg.port}"
         ''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"''
-      ];
+      ] ++ (lib.optionals (cfg.permitCertUid != null) [
+        "TS_PERMIT_CERT_UID=${cfg.permitCertUid}"
+      ]);
     };
   };
 }