diff options
| author | pennae <82953136+pennae@users.noreply.github.com> | 2022-04-17 19:51:31 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-17 19:51:31 +0000 |
| commit | 04b5d464ba44d9744a4b83a22a367623fdd8e583 (patch) | |
| tree | d1445c4c69cbc5d964b55a27ac514104de026279 /nixos | |
| parent | 3886bcd30f397f09ba4fbab1370dac0d2730ddae (diff) | |
| parent | f89894e2e3896c39141a7a12deceb01758b4447b (diff) | |
| download | nixpkgs-04b5d464ba44d9744a4b83a22a367623fdd8e583.tar nixpkgs-04b5d464ba44d9744a4b83a22a367623fdd8e583.tar.gz nixpkgs-04b5d464ba44d9744a4b83a22a367623fdd8e583.tar.bz2 nixpkgs-04b5d464ba44d9744a4b83a22a367623fdd8e583.tar.lz nixpkgs-04b5d464ba44d9744a4b83a22a367623fdd8e583.tar.xz nixpkgs-04b5d464ba44d9744a4b83a22a367623fdd8e583.tar.zst nixpkgs-04b5d464ba44d9744a4b83a22a367623fdd8e583.zip | |
Merge pull request #169029 from LeSuisse/nixos-tailscale-cert-uid
nixos/tailscale: allow to set `TS_PERMIT_CERT_UID` env variable
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/tailscale.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix index 3f41646bf01..1f64113950a 100644 --- a/nixos/modules/services/networking/tailscale.nix +++ b/nixos/modules/services/networking/tailscale.nix @@ -21,6 +21,12 @@ in { description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; }; + permitCertUid = mkOption { + type = types.nullOr types.nonEmptyStr; + default = null; + description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node."; + }; + package = mkOption { type = types.package; default = pkgs.tailscale; @@ -38,7 +44,9 @@ in { serviceConfig.Environment = [ "PORT=${toString cfg.port}" ''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"'' - ]; + ] ++ (lib.optionals (cfg.permitCertUid != null) [ + "TS_PERMIT_CERT_UID=${cfg.permitCertUid}" + ]); }; }; } |