From 9da95cbf48ee08d9d819167cb0eb879647dd6f16 Mon Sep 17 00:00:00 2001 From: Tom Prince <tom.prince@private.storage> Date: Tue, 24 Aug 2021 13:20:57 -0600 Subject: [PATCH] Access morph module options via config. This lets other modules override these settings. --- morph/lib/issuer.nix | 5 +++-- morph/lib/monitoring.nix | 2 +- morph/lib/storage.nix | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/morph/lib/issuer.nix b/morph/lib/issuer.nix index 51046b43..c0f2bc38 100644 --- a/morph/lib/issuer.nix +++ b/morph/lib/issuer.nix @@ -4,7 +4,8 @@ # statically known. This value is suitable for use as a module to be imported # into a more complete system configuration. It is expected that the holes # will be filled by a sibling module created by ``customize-issuer.nix``. -rec { +{ config, ...}: +{ deployment = { secrets = { "ristretto-signing-key" = { @@ -51,7 +52,7 @@ rec { services.private-storage-issuer = { enable = true; tls = true; - ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination; + ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination; stripeSecretKeyPath = deployment.secrets.stripe-secret-key.destination; database = "SQLite3"; databasePath = "/var/db/vouchers.sqlite3"; diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix index f8810be2..7d59c296 100644 --- a/morph/lib/monitoring.nix +++ b/morph/lib/monitoring.nix @@ -1,6 +1,6 @@ # Similar to ``issuer.nix`` but for a "monitoring"-type system. Holes are # filled by ``customize-monitoring.nix``. -rec { +{ deployment = { secrets = { "monitoringvpn-private-key" = { diff --git a/morph/lib/storage.nix b/morph/lib/storage.nix index ebad3d17..52be8136 100644 --- a/morph/lib/storage.nix +++ b/morph/lib/storage.nix @@ -1,6 +1,7 @@ # Similar to ``issuer.nix`` but for a "storage"-type system. Holes are filled # by ``customize-storage.nix``. -rec { +{ config, ...} : +{ deployment = { secrets = { "ristretto-signing-key" = { @@ -48,6 +49,6 @@ rec { # Yep. Turn it on. enable = true; # Give it the Ristretto signing key to support authorization. - ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination; + ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination; }; } -- GitLab