cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/tailscale: allow to set TS_PERMIT_CERT_UID env variable

Browse source 
This setting was introduced with Tailscale 1.22.0, see
https://github.com/tailscale/tailscale/releases/tag/v1.22.0

Co-authored-by: pennae <github@quasiparticle.net>
This commit is contained in:
Thomas Gerbet 2022-04-17 11:16:25 +02:00
parent 6a289abddd
commit f89894e2e3
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/networking/tailscale.nix
View file

@ -21,6 +21,12 @@ in {
description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.'';
}; };
permitCertUid = mkOption {
type = types.nullOr types.nonEmptyStr;
default = null;
description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.";
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.tailscale; default = pkgs.tailscale;
@ -38,7 +44,9 @@ in {
serviceConfig.Environment = [ serviceConfig.Environment = [
"PORT=${toString cfg.port}" "PORT=${toString cfg.port}"
''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"'' ''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"''
]; ] ++ (lib.optionals (cfg.permitCertUid != null) [
"TS_PERMIT_CERT_UID=${cfg.permitCertUid}"
]);
}; };
}; };
} }