diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix index fc0d2355f204c3192133e3d63c210aefce7a467b..b22cb07f749d85daed41bd4dcd59652bf266a37c 100644 --- a/nixos/modules/issuer.nix +++ b/nixos/modules/issuer.nix @@ -49,6 +49,13 @@ in { ``Ristretto``. ''; }; + services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption { + type = lib.types.path; + description = '' + The path to a file containing a Stripe secret key to use for charge + and payment management. + ''; + }; services.private-storage-issuer.database = lib.mkOption { default = "Memory"; type = lib.types.enum [ "Memory" "SQLite3" ]; @@ -124,8 +131,9 @@ in { else # Only for automated testing. "--http-port 80"; + stripeArgs = "--stripe-key ${builtins.readFile cfg.stripeSecretKeyPath}"; in - "${cfg.package}/bin/PaymentServer-exe ${issuerArgs} ${databaseArgs} ${httpsArgs}"; + "${cfg.package}/bin/PaymentServer-exe ${issuerArgs} ${databaseArgs} ${httpsArgs} ${stripeArgs}"; }; # Certificate renewal. We must declare that we *require* it in our