Browse Source

Very explicitly DO NOT let the tinc service auto-generate keys

master
Sven Slootweg 7 months ago
parent
commit
16c4f3c4bf
1 changed files with 9 additions and 0 deletions
  1. +9
    -0
      configuration/lib/tinc-configuration.nix

+ 9
- 0
configuration/lib/tinc-configuration.nix View File

@@ -23,6 +23,7 @@
services.tinc.networks.cryto = {
debugLevel = 3;
chroot = false;
ed25519PrivateKeyFile = "/etc/tinc/cryto/ed25519_key.priv";

extraConfig = generateConfiguration {
AutoConnect = "yes";
@@ -80,4 +81,12 @@
options = [ "NOPASSWD" ];
}];
}];

# Override this to get rid of the automatic key generation
systemd.services."tinc.cryto".preStart = lib.mkForce ''
mkdir -p /etc/tinc/cryto/hosts
chown tinc.cryto /etc/tinc/cryto/hosts
mkdir -p /etc/tinc/cryto/invitations
chown tinc.cryto /etc/tinc/cryto/invitations
'';
}

Loading…
Cancel
Save