From 0570f02be010a48e6e86720d692425b1debc16ab Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Fri, 27 Sep 2019 12:19:13 -0400
Subject: [PATCH] Accept some configuration for the issuer

Let us pick Ristretto and supply a key if we like.
---
 nixos/modules/issuer.nix | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 8f98a6e7..87082fdc 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -14,6 +14,23 @@ in {
         The package to use for the ZKAP issuer.
       '';
     };
+    services.private-storage-issuer.issuer = lib.mkOption {
+      default = "Ristretto";
+      type = lib.types.str;
+      example = lib.literalExample "Trivial";
+      description = ''
+        The issuer algorithm to use.  Either Trivial for a fake no-crypto
+        algorithm or Ristretto for Ristretto-flavored PrivacyPass.
+      '';
+    };
+    services.private-storage-issuer.ristrettoSigningKey = lib.mkOption {
+      default = null;
+      type = lib.types.str;
+      description = ''
+        The Ristretto signing key to use.  Required if the issuer is
+        ``Ristretto``.
+      '';
+    };
   };
 
   config = let
@@ -27,7 +44,14 @@ in {
         after = [ "network.target" ];
 
         serviceConfig = {
-          ExecStart = "${cfg.package}/bin/PaymentServer-exe";
+          ExecStart =
+            let
+              args =
+                if cfg.issuer == "Trivial"
+                  then "--issuer Trivial"
+                  else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}";
+            in
+              "${cfg.package}/bin/PaymentServer-exe ${args}";
           Type = "simple";
           Restart = "always";
         };
-- 
GitLab