summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-03-06 15:55:04 +0100
committertv <tv@krebsco.de>2022-03-06 17:34:10 +0100
commit7f4aef1ffbf21ae3c199ad63a371a0498d521e19 (patch)
tree30509ed94e854086a879035802522535f77b3b5c
parent3f5851a4bb2b8677d0a969319267b72ade34e09b (diff)
tinc: use default key locations
This fixes a warning about missing keys wenn reloading tinc services.
-rw-r--r--krebs/3modules/tinc.nix17
1 files changed, 11 insertions, 6 deletions
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index fc7b0e8e3..36ee906d8 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -245,16 +245,25 @@ with import <stockholm/lib>;
Restart = "always";
LoadCredential = filter (x: x != "") [
(optionalString (cfg.privkey_ed25519 != null)
- "ed25519_key:${cfg.privkey_ed25519}"
+ "ed25519_key.priv:${cfg.privkey_ed25519}"
)
- "rsa_key:${cfg.privkey}"
+ "rsa_key.priv:${cfg.privkey}"
];
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -Lacv --delete \
--chown ${cfg.user.name} \
--chmod u=rwX,g=rX \
+ --exclude='/*.priv' \
${cfg.confDir}/ /etc/tinc/${netname}/
+ ${optionalString (cfg.privkey_ed25519 != null) /* sh */ ''
+ ${pkgs.coreutils}/bin/ln -fns \
+ "$CREDENTIALS_DIRECTORY"/ed25519_key.priv \
+ /etc/tinc/${netname}/
+ ''}
+ ${pkgs.coreutils}/bin/ln -fns \
+ "$CREDENTIALS_DIRECTORY"/rsa_key.priv \
+ /etc/tinc/${netname}/
'';
ExecStart = toString [
"${cfg.tincPackage}/sbin/tincd"
@@ -262,10 +271,6 @@ with import <stockholm/lib>;
"-U ${cfg.user.name}"
"-d 0"
"-n ${netname}"
- (optionalString (cfg.privkey_ed25519 != null)
- "-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key"
- )
- "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key"
];
SyslogIdentifier = netname;
};