tinc: use default key locations

This fixes a warning about missing keys wenn reloading tinc services.
This commit is contained in:
tv 2022-03-06 15:55:04 +01:00
parent 3f5851a4bb
commit 7f4aef1ffb

View File

@ -245,16 +245,25 @@ with import <stockholm/lib>;
Restart = "always"; Restart = "always";
LoadCredential = filter (x: x != "") [ LoadCredential = filter (x: x != "") [
(optionalString (cfg.privkey_ed25519 != null) (optionalString (cfg.privkey_ed25519 != null)
"ed25519_key:${cfg.privkey_ed25519}" "ed25519_key.priv:${cfg.privkey_ed25519}"
) )
"rsa_key:${cfg.privkey}" "rsa_key.priv:${cfg.privkey}"
]; ];
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -Lacv --delete \ ${pkgs.rsync}/bin/rsync -Lacv --delete \
--chown ${cfg.user.name} \ --chown ${cfg.user.name} \
--chmod u=rwX,g=rX \ --chmod u=rwX,g=rX \
--exclude='/*.priv' \
${cfg.confDir}/ /etc/tinc/${netname}/ ${cfg.confDir}/ /etc/tinc/${netname}/
${optionalString (cfg.privkey_ed25519 != null) /* sh */ ''
${pkgs.coreutils}/bin/ln -fns \
"$CREDENTIALS_DIRECTORY"/ed25519_key.priv \
/etc/tinc/${netname}/
''}
${pkgs.coreutils}/bin/ln -fns \
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
/etc/tinc/${netname}/
''; '';
ExecStart = toString [ ExecStart = toString [
"${cfg.tincPackage}/sbin/tincd" "${cfg.tincPackage}/sbin/tincd"
@ -262,10 +271,6 @@ with import <stockholm/lib>;
"-U ${cfg.user.name}" "-U ${cfg.user.name}"
"-d 0" "-d 0"
"-n ${netname}" "-n ${netname}"
(optionalString (cfg.privkey_ed25519 != null)
"-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key"
)
"-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key"
]; ];
SyslogIdentifier = netname; SyslogIdentifier = netname;
}; };