dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #169029 from LeSuisse/nixos-tailscale-cert-uid

Browse Source 
nixos/tailscale: allow to set `TS_PERMIT_CERT_UID` env variable
This commit is contained in:
pennae 2022-04-17 19:51:31 +00:00 committed by GitHub
commit 04b5d464ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/modules/services/networking/tailscale.nix
View File

@ -21,6 +21,12 @@ in {
description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.'';
}; };
permitCertUid = mkOption {
type = types.nullOr types.nonEmptyStr;
default = null;
description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.";
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.tailscale; default = pkgs.tailscale;
@ -38,7 +44,9 @@ in {
serviceConfig.Environment = [ serviceConfig.Environment = [
"PORT=${toString cfg.port}" "PORT=${toString cfg.port}"
''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"'' ''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"''
]; ] ++ (lib.optionals (cfg.permitCertUid != null) [
"TS_PERMIT_CERT_UID=${cfg.permitCertUid}"
]);
}; };
}; };
} }