From 3e280f20898e344c3a0258b54ffeaa3b91936074 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 5 Feb 2015 23:37:20 -0800 Subject: [PATCH] nixos/tinc: Fix key generation behavior and use tinc 1.1 by default --- nixos/modules/services/networking/tinc.nix | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index 16cf1f68fca..f9ca796ea65 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -71,7 +71,7 @@ in }; package = mkOption { - default = pkgs.tinc; + default = pkgs.tinc_pre; description = '' The package to use for the tinc daemon's binary. ''; @@ -131,14 +131,22 @@ in preStart = '' mkdir -p /etc/tinc/${network}/hosts - # Prefer ED25519 keys (only in 1.1+) - [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys + # Determine how we should generate our keys + if type tinc >/dev/null 2>&1; then + # Tinc 1.1+ uses the tinc helper application for key generation - # Otherwise use RSA keys - [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 + # Prefer ED25519 keys (only in 1.1+) + [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys + + # Otherwise use RSA keys + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 + else + # Tinc 1.0 uses the tincd application + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 + fi ''; script = '' - ${data.package}/sbin/tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} + tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} ''; }) );