tinc: use default key locations
This fixes a warning about missing keys wenn reloading tinc services.
This commit is contained in:
parent
3f5851a4bb
commit
7f4aef1ffb
@ -245,16 +245,25 @@ with import <stockholm/lib>;
|
|||||||
Restart = "always";
|
Restart = "always";
|
||||||
LoadCredential = filter (x: x != "") [
|
LoadCredential = filter (x: x != "") [
|
||||||
(optionalString (cfg.privkey_ed25519 != null)
|
(optionalString (cfg.privkey_ed25519 != null)
|
||||||
"ed25519_key:${cfg.privkey_ed25519}"
|
"ed25519_key.priv:${cfg.privkey_ed25519}"
|
||||||
)
|
)
|
||||||
"rsa_key:${cfg.privkey}"
|
"rsa_key.priv:${cfg.privkey}"
|
||||||
];
|
];
|
||||||
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
|
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
|
||||||
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
||||||
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
||||||
--chown ${cfg.user.name} \
|
--chown ${cfg.user.name} \
|
||||||
--chmod u=rwX,g=rX \
|
--chmod u=rwX,g=rX \
|
||||||
|
--exclude='/*.priv' \
|
||||||
${cfg.confDir}/ /etc/tinc/${netname}/
|
${cfg.confDir}/ /etc/tinc/${netname}/
|
||||||
|
${optionalString (cfg.privkey_ed25519 != null) /* sh */ ''
|
||||||
|
${pkgs.coreutils}/bin/ln -fns \
|
||||||
|
"$CREDENTIALS_DIRECTORY"/ed25519_key.priv \
|
||||||
|
/etc/tinc/${netname}/
|
||||||
|
''}
|
||||||
|
${pkgs.coreutils}/bin/ln -fns \
|
||||||
|
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
|
||||||
|
/etc/tinc/${netname}/
|
||||||
'';
|
'';
|
||||||
ExecStart = toString [
|
ExecStart = toString [
|
||||||
"${cfg.tincPackage}/sbin/tincd"
|
"${cfg.tincPackage}/sbin/tincd"
|
||||||
@ -262,10 +271,6 @@ with import <stockholm/lib>;
|
|||||||
"-U ${cfg.user.name}"
|
"-U ${cfg.user.name}"
|
||||||
"-d 0"
|
"-d 0"
|
||||||
"-n ${netname}"
|
"-n ${netname}"
|
||||||
(optionalString (cfg.privkey_ed25519 != null)
|
|
||||||
"-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key"
|
|
||||||
)
|
|
||||||
"-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key"
|
|
||||||
];
|
];
|
||||||
SyslogIdentifier = netname;
|
SyslogIdentifier = netname;
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user