From 7f4aef1ffbf21ae3c199ad63a371a0498d521e19 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 15:55:04 +0100 Subject: tinc: use default key locations This fixes a warning about missing keys wenn reloading tinc services. --- krebs/3modules/tinc.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index fc7b0e8e3..36ee906d8 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -245,16 +245,25 @@ with import ; Restart = "always"; LoadCredential = filter (x: x != "") [ (optionalString (cfg.privkey_ed25519 != null) - "ed25519_key:${cfg.privkey_ed25519}" + "ed25519_key.priv:${cfg.privkey_ed25519}" ) - "rsa_key:${cfg.privkey}" + "rsa_key.priv:${cfg.privkey}" ]; ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ --chown ${cfg.user.name} \ --chmod u=rwX,g=rX \ + --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ + ${optionalString (cfg.privkey_ed25519 != null) /* sh */ '' + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/ed25519_key.priv \ + /etc/tinc/${netname}/ + ''} + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ + /etc/tinc/${netname}/ ''; ExecStart = toString [ "${cfg.tincPackage}/sbin/tincd" @@ -262,10 +271,6 @@ with import ; "-U ${cfg.user.name}" "-d 0" "-n ${netname}" - (optionalString (cfg.privkey_ed25519 != null) - "-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key" - ) - "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" ]; SyslogIdentifier = netname; }; -- cgit v1.2.3