nixos/tinc: allow configuration of RSA private key file #93538
Merged
+14
−2
Conversation
Verified
This commit was signed with a verified signature.
This is necessary for VPNs where some of the nodes run pre-1.1 versions. Most of Linux distros [0] and even the nixpkgs.tinc attribute run on that version, so it might be useful to have that option. [0] https://repology.org/project/tinc/versions
| [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 | ||
| ''} | ||
| # In case there isn't anything to do | ||
| true |
mweinelt
Jul 26, 2020
Member
I don't quite understand the need for these two lines.
I don't quite understand the need for these two lines.
erictapen
Jul 26, 2020
Author
Member
If data.rsaed25519PrivateKeyFile != null && data.rsaPrivateKeyFile != null, then the then block would be empty, which is not permitted in bash. Therefore the noop.
If data.rsaed25519PrivateKeyFile != null && data.rsaPrivateKeyFile != null, then the then block would be empty, which is not permitted in bash. Therefore the noop.
xeji
merged commit 89e0d97
into
NixOS:master
14 checks passed
14 checks passed
grahamcofborg-eval-darwin
nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="1192255"; rev="1192255677b4cd5f328a601c562c456ae06eb33d"; } ./pkgs/t
Details
grahamcofborg-eval-nixos
nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="1192255"; rev="1192255677b4cd5f328a601c562c456ae06eb33d"; } ./nixos/
Details
grahamcofborg-eval-nixos-manual
nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="1192255"; rev="1192255677b4cd5f328a601c562c456ae06eb33d"; } ./nixos/
Details
grahamcofborg-eval-nixos-options
nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="1192255"; rev="1192255677b4cd5f328a601c562c456ae06eb33d"; } ./nixos/
Details
grahamcofborg-eval-nixpkgs-manual
nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="1192255"; rev="1192255677b4cd5f328a601c562c456ae06eb33d"; } ./pkgs/t
Details
grahamcofborg-eval-nixpkgs-tarball
nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="1192255"; rev="1192255677b4cd5f328a601c562c456ae06eb33d"; } ./pkgs/t
Details
grahamcofborg-eval-nixpkgs-unstable-jobset
nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="1192255"; rev="1192255677b4cd5f328a601c562c456ae06eb33d"; } ./pkgs/t
Details
grahamcofborg-eval-package-list-no-aliases
nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Motivation for this change
This is necessary for VPNs where some of the nodes run pre-1.1 versions, as those nodes can't use Ed25519 keys.
Most of Linux distros and even the
nixpkgs.tincattribute run on that version, so it might be useful to have that option.Things done
Created a new option to use RAS key files. I ran this for three months now without an issue.
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)