Merge branch 'module-hygiene' into 'develop'

Access morph module options via config.

See merge request privatestorage/PrivateStorageio!156

morph/lib/issuer.nix

@@ -4,7 +4,8 @@
 # statically known.  This value is suitable for use as a module to be imported
 # into a more complete system configuration.  It is expected that the holes
 # will be filled by a sibling module created by ``customize-issuer.nix``.
-rec {
+{ config, ...}:
+{
   deployment = {
     secrets = {
       "ristretto-signing-key" = {
@@ -51,8 +52,8 @@ rec {
   services.private-storage-issuer = {
     enable = true;
     tls = true;
-    ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
-    stripeSecretKeyPath = deployment.secrets.stripe-secret-key.destination;
+    ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
+    stripeSecretKeyPath = config.deployment.secrets.stripe-secret-key.destination;
     database = "SQLite3";
     databasePath = "/var/db/vouchers.sqlite3";
   };

morph/lib/monitoring.nix

 # Similar to ``issuer.nix`` but for a "monitoring"-type system.  Holes are
 # filled by ``customize-monitoring.nix``.
-rec {
+{
   deployment = {
     secrets = {
       "monitoringvpn-private-key" = {

morph/lib/storage.nix

 # Similar to ``issuer.nix`` but for a "storage"-type system.  Holes are filled
 # by ``customize-storage.nix``.
-rec {
+{ config, ...} :
+{
   deployment = {
     secrets = {
       "ristretto-signing-key" = {
@@ -48,6 +49,6 @@ rec {
     # Yep.  Turn it on.
     enable = true;
     # Give it the Ristretto signing key to support authorization.
-    ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
+    ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
   };
 }