diff options
Diffstat (limited to 'lib/Kiki.hs')
-rw-r--r-- | lib/Kiki.hs | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs index 292197a..f82d08a 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs | |||
@@ -378,10 +378,10 @@ ipsecPath :: String -> Char8.ByteString -> String | |||
378 | ipsecPath theDirName theBaseName = "ipsec.d/" ++ theDirName ++ "/" ++ Char8.unpack theBaseName | 378 | ipsecPath theDirName theBaseName = "ipsec.d/" ++ theDirName ++ "/" ++ Char8.unpack theBaseName |
379 | 379 | ||
380 | ipsecKeyPath :: MyIdentity -> FilePath | 380 | ipsecKeyPath :: MyIdentity -> FilePath |
381 | ipsecKeyPath (MyIdentity (Char8.pack . showA -> addr) _) = ipsecPath "private" (addr <> ".pem") | 381 | ipsecKeyPath (MyIdentity (Char8.pack . showA -> addr)) = ipsecPath "private" (addr <> ".pem") |
382 | 382 | ||
383 | ipsecCertPath :: MyIdentity -> FilePath | 383 | ipsecCertPath :: MyIdentity -> FilePath |
384 | ipsecCertPath (MyIdentity (Char8.pack . showA -> addr) _) = ipsecPath "certs" (addr <> ".pem") | 384 | ipsecCertPath (MyIdentity (Char8.pack . showA -> addr)) = ipsecPath "certs" (addr <> ".pem") |
385 | 385 | ||
386 | peerCertPath :: Peer -> FilePath | 386 | peerCertPath :: Peer -> FilePath |
387 | peerCertPath = ipsecPath "certs" . coerce . peerCertificateName | 387 | peerCertPath = ipsecPath "certs" . coerce . peerCertificateName |
@@ -475,12 +475,11 @@ getSshKnownHosts peer@Peer{kd} = Char8.unlines taggedblobs | |||
475 | map ((coerce n <> " ") <>) blobs | 475 | map ((coerce n <> " ") <>) blobs |
476 | 476 | ||
477 | data MyIdentity = MyIdentity { | 477 | data MyIdentity = MyIdentity { |
478 | myGpgAddress :: SockAddr, | 478 | myGpgAddress :: SockAddr |
479 | myCertificateBasename :: Char8.ByteString | ||
480 | } | 479 | } |
481 | 480 | ||
482 | installIpsecConf :: FileWriter -> MyIdentity -> [Peer] -> IO () | 481 | installIpsecConf :: FileWriter -> MyIdentity -> [Peer] -> IO () |
483 | installIpsecConf fw (MyIdentity wkaddr certBasename) cs = do | 482 | installIpsecConf fw (MyIdentity wkaddr) cs = do |
484 | snippets <- mapM (coerce . installIpsecPeerCertificate fw) cs | 483 | snippets <- mapM (coerce . installIpsecPeerCertificate fw) cs |
485 | writeL fw "ipsec.conf" . Char8.unlines | 484 | writeL fw "ipsec.conf" . Char8.unlines |
486 | $ [ "conn %default" | 485 | $ [ "conn %default" |
@@ -495,7 +494,7 @@ installIpsecConf fw (MyIdentity wkaddr certBasename) cs = do | |||
495 | , " leftsubnet=" <> Char8.pack (showA wkaddr) <> "/128" | 494 | , " leftsubnet=" <> Char8.pack (showA wkaddr) <> "/128" |
496 | , " leftauth=pubkey" | 495 | , " leftauth=pubkey" |
497 | , " leftid=" <> Char8.pack (showA wkaddr) | 496 | , " leftid=" <> Char8.pack (showA wkaddr) |
498 | , " leftsigkey=" <> certBasename | 497 | , " leftsigkey=" <> Char8.pack (showA wkaddr) <> ".pem" |
499 | , " leftikeport=4500" | 498 | , " leftikeport=4500" |
500 | , " rightikeport=4500" | 499 | , " rightikeport=4500" |
501 | , " right=%any" | 500 | , " right=%any" |
@@ -522,7 +521,7 @@ refreshCache rt rootdir = do | |||
522 | flip (maybe $ warn "missing working key?") (rtWorkingKey rt) $ \wk -> do | 521 | flip (maybe $ warn "missing working key?") (rtWorkingKey rt) $ \wk -> do |
523 | 522 | ||
524 | let grip = fingerprint wk | 523 | let grip = fingerprint wk |
525 | myId = MyIdentity wkaddr oname | 524 | myId = MyIdentity wkaddr |
526 | exportOp = passphrases <> pemSecrets | 525 | exportOp = passphrases <> pemSecrets |
527 | <> minimalOp False | 526 | <> minimalOp False |
528 | (CommonArgsParsed (Just $ takeDirectory $ rtPubring rt) | 527 | (CommonArgsParsed (Just $ takeDirectory $ rtPubring rt) |