diff options
author | tv <tv@krebsco.de> | 2022-03-06 15:55:04 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-03-06 17:34:10 +0100 |
commit | 7f4aef1ffbf21ae3c199ad63a371a0498d521e19 (patch) | |
tree | 30509ed94e854086a879035802522535f77b3b5c | |
parent | 3f5851a4bb2b8677d0a969319267b72ade34e09b (diff) |
tinc: use default key locations
This fixes a warning about missing keys wenn reloading tinc services.
-rw-r--r-- | krebs/3modules/tinc.nix | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index fc7b0e8e3..36ee906d8 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -245,16 +245,25 @@ with import <stockholm/lib>; Restart = "always"; LoadCredential = filter (x: x != "") [ (optionalString (cfg.privkey_ed25519 != null) - "ed25519_key:${cfg.privkey_ed25519}" + "ed25519_key.priv:${cfg.privkey_ed25519}" ) - "rsa_key:${cfg.privkey}" + "rsa_key.priv:${cfg.privkey}" ]; ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ --chown ${cfg.user.name} \ --chmod u=rwX,g=rX \ + --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ + ${optionalString (cfg.privkey_ed25519 != null) /* sh */ '' + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/ed25519_key.priv \ + /etc/tinc/${netname}/ + ''} + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ + /etc/tinc/${netname}/ ''; ExecStart = toString [ "${cfg.tincPackage}/sbin/tincd" @@ -262,10 +271,6 @@ with import <stockholm/lib>; "-U ${cfg.user.name}" "-d 0" "-n ${netname}" - (optionalString (cfg.privkey_ed25519 != null) - "-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key" - ) - "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" ]; SyslogIdentifier = netname; }; |