@ -48,6 +48,14 @@ in
'' ;
} ;
rsaPrivateKeyFile = mkOption {
default = null ;
type = types . nullOr types . path ;
description = ''
Path of the private RSA keyfile .
'' ;
} ;
debugLevel = mkOption {
default = 0 ;
type = types . addCheck types . int ( l : l >= 0 && l <= 5 ) ;
@ -139,6 +147,7 @@ in
Name = $ { if data . name == null then " $ H O S T " else data . name }
DeviceType = $ { data . interfaceType }
$ { optionalString ( data . ed25519PrivateKeyFile != null ) " E d 2 5 5 1 9 P r i v a t e K e y F i l e = ${ data . ed25519PrivateKeyFile } " }
$ { optionalString ( data . rsaPrivateKeyFile != null ) " P r i v a t e K e y F i l e = ${ data . rsaPrivateKeyFile } " }
$ { optionalString ( data . listenAddress != null ) " L i s t e n A d d r e s s = ${ data . listenAddress } " }
$ { optionalString ( data . bindToAddress != null ) " B i n d T o A d d r e s s = ${ data . bindToAddress } " }
Interface = tinc . ${ network }
@ -170,12 +179,15 @@ in
# Determine how we should generate our keys
if type tinc > /dev/null 2 > & 1 ; then
# Tinc 1.1+ uses the tinc helper application for key generation
$ { if data . ed25519PrivateKeyFile != null then " # K e y f i l e m a n a g e d b y n i x " else ''
$ { if data . ed25519PrivateKeyFile != null then " # e d 2 5 5 1 9 Ke y f i l e m a n a g e d b y n i x " else ''
# Prefer ED25519 keys (only in 1.1+)
[ - f " / e t c / t i n c / ${ network } / e d 2 5 5 1 9 _ k e y . p r i v " ] || tinc - n $ { network } generate-ed25519-keys
'' }
# Otherwise use RSA keys
$ { if data . rsaPrivateKeyFile != null then " # R S A K e y f i l e m a n a g e d b y n i x " else ''
[ - f " / e t c / t i n c / ${ network } / r s a _ k e y . p r i v " ] || tinc - n $ { network } generate-rsa-keys 4096
'' }
# In case there isn't anything to do
true
else
# Tinc 1.0 uses the tincd application
[ - f " / e t c / t i n c / ${ network } / r s a _ k e y . p r i v " ] || tincd - n $ { network } - K 4096