Pass around the Ristretto signing key *path*

The new version of PaymentServer has incompatible changes that require this.

Pass around the Ristretto signing key path
ed75f617 · Jean-Paul Calderone · 0da49839 · ed75f617 · ed75f617
Commit ed75f617 authored Nov 20, 2019 by Jean-Paul Calderone
--- a/morph/issuer.nix
+++ b/morph/issuer.nix
@@ -26,8 +26,7 @@
  services.private-storage-issuer = {
    enable = true;
-    # XXX This should be passed as a path.
+    ristrettoSigningKeyPath = ./.. + ristrettoSigningKeyPath;
-    ristrettoSigningKey = builtins.readFile (./.. + ristrettoSigningKeyPath);
    stripeSecretKeyPath = ./.. + stripeSecretKeyPath;
    database = "SQLite3";
    databasePath = "/var/db/vouchers.sqlite3";

--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -41,12 +41,12 @@ in {
        algorithm or Ristretto for Ristretto-flavored PrivacyPass.
      '';
    };
-    services.private-storage-issuer.ristrettoSigningKey = lib.mkOption {
+    services.private-storage-issuer.ristrettoSigningKeyPath = lib.mkOption {
      default = null;
-      type = lib.types.str;
+      type = lib.types.path;
      description = ''
-        The Ristretto signing key to use.  Required if the issuer is
+        The path to a file containing the Ristretto signing key to use.
-        ``Ristretto``.
+        Required if the issuer is ``Ristretto``.
      '';
    };
    services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption {
@@ -116,7 +116,7 @@ in {
          issuerArgs =
            if cfg.issuer == "Trivial"
              then "--issuer Trivial"
-              else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}";
+              else "--issuer Ristretto --signing-key-path ${cfg.ristrettoSigningKeyPath}";
          databaseArgs =
            if cfg.database == "Memory"
              then "--database Memory"