From b06aa0c91e73cc03ad028ddd84aec7eca6cfeaf1 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 20 Dec 2021 14:51:54 -0500
Subject: [PATCH] move the issuer module import to a shared location

now all nodes load the issuer module so we can always supply issuer
configuration, where it makes sense to do so, even on systems where the issuer
is not going to be enabled.

if that sounds silly read the comment in default.nix
---
 morph/lib/base.nix        |  6 +++++-
 morph/lib/issuer.nix      |  1 -
 nixos/modules/default.nix | 16 ++++++++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 nixos/modules/default.nix

diff --git a/morph/lib/base.nix b/morph/lib/base.nix
index f6a9a5f0..7390654a 100644
--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -20,8 +20,12 @@
     };
   };
 
+  # Any extra NixOS modules to load on all our servers.  Note that just
+  # because they're loaded doesn't *necessarily* mean they're turned on.
   imports = [
-    ../../nixos/modules/packages.nix
+    # This brings in various other modules that define options for different
+    # areas of the service.
+    ../../nixos/modules/default.nix
   ];
 
   config = {
diff --git a/morph/lib/issuer.nix b/morph/lib/issuer.nix
index 34b19e31..925d2bbf 100644
--- a/morph/lib/issuer.nix
+++ b/morph/lib/issuer.nix
@@ -45,7 +45,6 @@ in {
   };
 
   imports = [
-    ../../nixos/modules/issuer.nix
     ../../nixos/modules/monitoring/vpn/client.nix
     ../../nixos/modules/monitoring/exporters/node.nix
   ];
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
new file mode 100644
index 00000000..1772d399
--- /dev/null
+++ b/nixos/modules/default.nix
@@ -0,0 +1,16 @@
+{
+  # Load modules that are sometimes universally useful and other times useful
+  # only for a specific service.  Where functionality is not universally
+  # useful, it needs to be enabled by a node's configuration.  By loading more
+  # modules (and therefore defining more options) than is strictly necessary
+  # for any single node the logic for supplying conditional configuration
+  # elsewhere is much simplified.  For example, a Vagrant module can
+  # unconditionally set up a filesystem for PaymentServer.  If PaymentServer
+  # is running on that node then it will get a Vagrant-appropriate
+  # configuration.  If PaymentServer hasn't been enabled then the
+  # configuration will just be ignored.
+  imports = [
+    ./packages.nix
+    ./issuer.nix
+  ];
+}
-- 
GitLab