diff options
author | William A. Kennington III <william@wkennington.com> | 2015-02-05 23:37:20 -0800 |
---|---|---|
committer | William A. Kennington III <william@wkennington.com> | 2015-02-05 23:37:20 -0800 |
commit | 3e280f20898e344c3a0258b54ffeaa3b91936074 (patch) | |
tree | c6f7871e404604fb323411d87fc2ebc2dc6feb9d /nixos | |
parent | 934910acdda79970ced54c1c9c961d0e142807d3 (diff) | |
download | nixpkgs-3e280f20898e344c3a0258b54ffeaa3b91936074.tar nixpkgs-3e280f20898e344c3a0258b54ffeaa3b91936074.tar.gz nixpkgs-3e280f20898e344c3a0258b54ffeaa3b91936074.tar.bz2 nixpkgs-3e280f20898e344c3a0258b54ffeaa3b91936074.tar.lz nixpkgs-3e280f20898e344c3a0258b54ffeaa3b91936074.tar.xz nixpkgs-3e280f20898e344c3a0258b54ffeaa3b91936074.tar.zst nixpkgs-3e280f20898e344c3a0258b54ffeaa3b91936074.zip |
nixos/tinc: Fix key generation behavior and use tinc 1.1 by default
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/tinc.nix | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index 16cf1f68fca..f9ca796ea65 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -71,7 +71,7 @@ in }; package = mkOption { - default = pkgs.tinc; + default = pkgs.tinc_pre; description = '' The package to use for the tinc daemon's binary. ''; @@ -131,14 +131,22 @@ in preStart = '' mkdir -p /etc/tinc/${network}/hosts - # Prefer ED25519 keys (only in 1.1+) - [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys + # Determine how we should generate our keys + if type tinc >/dev/null 2>&1; then + # Tinc 1.1+ uses the tinc helper application for key generation - # Otherwise use RSA keys - [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 + # Prefer ED25519 keys (only in 1.1+) + [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys + + # Otherwise use RSA keys + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 + else + # Tinc 1.0 uses the tincd application + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 + fi ''; script = '' - ${data.package}/sbin/tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} + tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} ''; }) ); |