summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Kiki.hs13
1 files changed, 6 insertions, 7 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index 292197a..f82d08a 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -378,10 +378,10 @@ ipsecPath :: String -> Char8.ByteString -> String
378ipsecPath theDirName theBaseName = "ipsec.d/" ++ theDirName ++ "/" ++ Char8.unpack theBaseName 378ipsecPath theDirName theBaseName = "ipsec.d/" ++ theDirName ++ "/" ++ Char8.unpack theBaseName
379 379
380ipsecKeyPath :: MyIdentity -> FilePath 380ipsecKeyPath :: MyIdentity -> FilePath
381ipsecKeyPath (MyIdentity (Char8.pack . showA -> addr) _) = ipsecPath "private" (addr <> ".pem") 381ipsecKeyPath (MyIdentity (Char8.pack . showA -> addr)) = ipsecPath "private" (addr <> ".pem")
382 382
383ipsecCertPath :: MyIdentity -> FilePath 383ipsecCertPath :: MyIdentity -> FilePath
384ipsecCertPath (MyIdentity (Char8.pack . showA -> addr) _) = ipsecPath "certs" (addr <> ".pem") 384ipsecCertPath (MyIdentity (Char8.pack . showA -> addr)) = ipsecPath "certs" (addr <> ".pem")
385 385
386peerCertPath :: Peer -> FilePath 386peerCertPath :: Peer -> FilePath
387peerCertPath = ipsecPath "certs" . coerce . peerCertificateName 387peerCertPath = ipsecPath "certs" . coerce . peerCertificateName
@@ -475,12 +475,11 @@ getSshKnownHosts peer@Peer{kd} = Char8.unlines taggedblobs
475 map ((coerce n <> " ") <>) blobs 475 map ((coerce n <> " ") <>) blobs
476 476
477data MyIdentity = MyIdentity { 477data MyIdentity = MyIdentity {
478 myGpgAddress :: SockAddr, 478 myGpgAddress :: SockAddr
479 myCertificateBasename :: Char8.ByteString
480} 479}
481 480
482installIpsecConf :: FileWriter -> MyIdentity -> [Peer] -> IO () 481installIpsecConf :: FileWriter -> MyIdentity -> [Peer] -> IO ()
483installIpsecConf fw (MyIdentity wkaddr certBasename) cs = do 482installIpsecConf fw (MyIdentity wkaddr) cs = do
484 snippets <- mapM (coerce . installIpsecPeerCertificate fw) cs 483 snippets <- mapM (coerce . installIpsecPeerCertificate fw) cs
485 writeL fw "ipsec.conf" . Char8.unlines 484 writeL fw "ipsec.conf" . Char8.unlines
486 $ [ "conn %default" 485 $ [ "conn %default"
@@ -495,7 +494,7 @@ installIpsecConf fw (MyIdentity wkaddr certBasename) cs = do
495 , " leftsubnet=" <> Char8.pack (showA wkaddr) <> "/128" 494 , " leftsubnet=" <> Char8.pack (showA wkaddr) <> "/128"
496 , " leftauth=pubkey" 495 , " leftauth=pubkey"
497 , " leftid=" <> Char8.pack (showA wkaddr) 496 , " leftid=" <> Char8.pack (showA wkaddr)
498 , " leftsigkey=" <> certBasename 497 , " leftsigkey=" <> Char8.pack (showA wkaddr) <> ".pem"
499 , " leftikeport=4500" 498 , " leftikeport=4500"
500 , " rightikeport=4500" 499 , " rightikeport=4500"
501 , " right=%any" 500 , " right=%any"
@@ -522,7 +521,7 @@ refreshCache rt rootdir = do
522 flip (maybe $ warn "missing working key?") (rtWorkingKey rt) $ \wk -> do 521 flip (maybe $ warn "missing working key?") (rtWorkingKey rt) $ \wk -> do
523 522
524 let grip = fingerprint wk 523 let grip = fingerprint wk
525 myId = MyIdentity wkaddr oname 524 myId = MyIdentity wkaddr
526 exportOp = passphrases <> pemSecrets 525 exportOp = passphrases <> pemSecrets
527 <> minimalOp False 526 <> minimalOp False
528 (CommonArgsParsed (Just $ takeDirectory $ rtPubring rt) 527 (CommonArgsParsed (Just $ takeDirectory $ rtPubring rt)