diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2022-04-17 11:16:25 +0200 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2022-04-17 12:13:24 +0200 |
commit | f89894e2e3896c39141a7a12deceb01758b4447b (patch) | |
tree | 89e26ef97d15360e9ba50cdabadee5929305d743 /nixos/modules | |
parent | 6a289abddde4065a9e14ab0450bfab10a822e2ad (diff) | |
download | nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.gz nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.bz2 nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.lz nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.xz nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.tar.zst nixpkgs-f89894e2e3896c39141a7a12deceb01758b4447b.zip |
nixos/tailscale: allow to set `TS_PERMIT_CERT_UID` env variable
This setting was introduced with Tailscale 1.22.0, see https://github.com/tailscale/tailscale/releases/tag/v1.22.0 Co-authored-by: pennae <github@quasiparticle.net>
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/tailscale.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix index 3f41646bf01..1f64113950a 100644 --- a/nixos/modules/services/networking/tailscale.nix +++ b/nixos/modules/services/networking/tailscale.nix @@ -21,6 +21,12 @@ in { description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; }; + permitCertUid = mkOption { + type = types.nullOr types.nonEmptyStr; + default = null; + description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node."; + }; + package = mkOption { type = types.package; default = pkgs.tailscale; @@ -38,7 +44,9 @@ in { serviceConfig.Environment = [ "PORT=${toString cfg.port}" ''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"'' - ]; + ] ++ (lib.optionals (cfg.permitCertUid != null) [ + "TS_PERMIT_CERT_UID=${cfg.permitCertUid}" + ]); }; }; } |