MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 07:13:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

nixos/tailscale: allow to set TS_PERMIT_CERT_UID env variable

Browse source 
This setting was introduced with Tailscale 1.22.0, see
https://github.com/tailscale/tailscale/releases/tag/v1.22.0

Co-authored-by: pennae <github@quasiparticle.net>
This commit is contained in:
Thomas Gerbet 2022-04-17 11:16:25 +02:00
parent 6a289abddd
commit f89894e2e3
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/networking/tailscale.nix
View file

@ -21,6 +21,12 @@ in {
description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.'';
};
permitCertUid = mkOption {
type = types.nullOr types.nonEmptyStr;
default = null;
description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.";
};
package = mkOption {
type = types.package;
default = pkgs.tailscale;
@ -38,7 +44,9 @@ in {
serviceConfig.Environment = [
"PORT=${toString cfg.port}"
''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"''
];
] ++ (lib.optionals (cfg.permitCertUid != null) [
"TS_PERMIT_CERT_UID=${cfg.permitCertUid}"
]);
};
};
}