From 73728c8a0a0e0adfe4d8cadbfbf76da779c35626 Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Tue, 24 Aug 2021 13:20:57 -0600
Subject: [PATCH] Access morph module options via config.

This lets other modules override these settings.
---
 morph/lib/issuer.nix     | 7 ++++---
 morph/lib/monitoring.nix | 2 +-
 morph/lib/storage.nix    | 5 +++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/morph/lib/issuer.nix b/morph/lib/issuer.nix
index 51046b43..f617eef1 100644
--- a/morph/lib/issuer.nix
+++ b/morph/lib/issuer.nix
@@ -4,7 +4,8 @@
 # statically known.  This value is suitable for use as a module to be imported
 # into a more complete system configuration.  It is expected that the holes
 # will be filled by a sibling module created by ``customize-issuer.nix``.
-rec {
+{ config, ...}:
+{
   deployment = {
     secrets = {
       "ristretto-signing-key" = {
@@ -51,8 +52,8 @@ rec {
   services.private-storage-issuer = {
     enable = true;
     tls = true;
-    ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
-    stripeSecretKeyPath = deployment.secrets.stripe-secret-key.destination;
+    ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
+    stripeSecretKeyPath = config.deployment.secrets.stripe-secret-key.destination;
     database = "SQLite3";
     databasePath = "/var/db/vouchers.sqlite3";
   };
diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix
index f8810be2..7d59c296 100644
--- a/morph/lib/monitoring.nix
+++ b/morph/lib/monitoring.nix
@@ -1,6 +1,6 @@
 # Similar to ``issuer.nix`` but for a "monitoring"-type system.  Holes are
 # filled by ``customize-monitoring.nix``.
-rec {
+{
   deployment = {
     secrets = {
       "monitoringvpn-private-key" = {
diff --git a/morph/lib/storage.nix b/morph/lib/storage.nix
index ebad3d17..52be8136 100644
--- a/morph/lib/storage.nix
+++ b/morph/lib/storage.nix
@@ -1,6 +1,7 @@
 # Similar to ``issuer.nix`` but for a "storage"-type system.  Holes are filled
 # by ``customize-storage.nix``.
-rec {
+{ config, ...} :
+{
   deployment = {
     secrets = {
       "ristretto-signing-key" = {
@@ -48,6 +49,6 @@ rec {
     # Yep.  Turn it on.
     enable = true;
     # Give it the Ristretto signing key to support authorization.
-    ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
+    ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
   };
 }
-- 
GitLab