summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorPeter Simons <simons@cryp.to>2016-01-07 12:48:35 +0100
committerPeter Simons <simons@cryp.to>2016-01-07 12:48:35 +0100
commita68450e5096991bccbe580af7983c54e7dc67470 (patch)
treef363da8ac6c734d9d3f50d0aaf0ccc85100a219e /nixos
parent472a5192fd67c40bded56a594eeaaa86ee9bde4b (diff)
parent1a0d004cc202ca15b15c90374c4551e790fdf374 (diff)
downloadnixpkgs-a68450e5096991bccbe580af7983c54e7dc67470.tar
nixpkgs-a68450e5096991bccbe580af7983c54e7dc67470.tar.gz
nixpkgs-a68450e5096991bccbe580af7983c54e7dc67470.tar.bz2
nixpkgs-a68450e5096991bccbe580af7983c54e7dc67470.tar.lz
nixpkgs-a68450e5096991bccbe580af7983c54e7dc67470.tar.xz
nixpkgs-a68450e5096991bccbe580af7983c54e7dc67470.tar.zst
nixpkgs-a68450e5096991bccbe580af7983c54e7dc67470.zip
Merge pull request #12009 from mayflower/tinc-module
tinc module: Ed25519PrivateKeyFile, BindToAddress
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/networking/tinc.nix22
1 files changed, 20 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix
index 2d43c3d962d..828bbe130e6 100644
--- a/nixos/modules/services/networking/tinc.nix
+++ b/nixos/modules/services/networking/tinc.nix
@@ -43,6 +43,14 @@ in
             '';
           };
 
+          ed25519PrivateKeyFile = mkOption {
+            default = null;
+            type = types.nullOr types.path;
+            description = ''
+              Path of the private ed25519 keyfile.
+            '';
+          };
+
           debugLevel = mkOption {
             default = 0;
             type = types.addCheck types.int (l: l >= 0 && l <= 5);
@@ -70,6 +78,14 @@ in
             '';
           };
 
+          listenAddress = mkOption {
+            default = null;
+            type = types.nullOr types.str;
+            description = ''
+              The ip adress to bind to.
+            '';
+          };
+
           package = mkOption {
             default = pkgs.tinc_pre;
             description = ''
@@ -99,6 +115,8 @@ in
             text = ''
               Name = ${if data.name == null then "$HOST" else data.name}
               DeviceType = ${data.interfaceType}
+              ${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"}
+              ${optionalString (data.listenAddress != null) "BindToAddress = ${data.listenAddress}"}
               Device = /dev/net/tun
               Interface = tinc.${network}
               ${data.extraConfig}
@@ -134,10 +152,10 @@ in
           # Determine how we should generate our keys
           if type tinc >/dev/null 2>&1; then
             # Tinc 1.1+ uses the tinc helper application for key generation
-
+          ${if data.ed25519PrivateKeyFile != null then "  # Keyfile managed by nix" else ''
             # Prefer ED25519 keys (only in 1.1+)
             [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
-
+          ''}
             # Otherwise use RSA keys
             [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
           else
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-02 07:41:57 +0000