diff options
| author | lassulus <git@lassul.us> | 2023-09-07 19:00:57 +0200 |
|---|---|---|
| committer | lassulus <git@lassul.us> | 2023-09-07 19:00:57 +0200 |
| commit | 083229d0211096daec08673f743ccc45b1d8a0ac (patch) | |
| tree | 9709826607eecad84a908e0a10d9da76dab7a2ee /krebs/3modules | |
| parent | 39c4ee8f921da4ad2c2445e46a86310ecf7d9a13 (diff) | |
krebs: <secret -> krebs.secret.directory
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/exim-smarthost.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/github/hosts-sync.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/repo-sync.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/retiolum-bootstrap.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/tinc.nix | 4 |
5 files changed, 8 insertions, 8 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 093ae203..4e42ce72 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -20,14 +20,14 @@ let }; dkim = mkOption { - type = types.listOf (types.submodule ({ config, ... }: { + type = types.listOf (types.submodule (dkim: { options = { domain = mkOption { type = types.str; }; private_key = mkOption { type = types.absolute-pathname; - default = toString <secrets> + "/${config.domain}.dkim.priv"; + default = "${config.krebs.secret.directory}/${dkim.config.domain}.dkim.priv"; defaultText = "‹secrets/‹domain›.dkim.priv›"; }; selector = mkOption { diff --git a/krebs/3modules/github/hosts-sync.nix b/krebs/3modules/github/hosts-sync.nix index 6f9aee0c..2f373f9b 100644 --- a/krebs/3modules/github/hosts-sync.nix +++ b/krebs/3modules/github/hosts-sync.nix @@ -22,7 +22,7 @@ let }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; - default = toString <secrets/github-hosts-sync.ssh.id_ed25519>; + default = "${config.krebs.secret.directory}/github-hosts-sync.ssh.id_ed25519"; defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›"; }; url = mkOption { diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index a6de3f3f..5208d91a 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -123,7 +123,7 @@ let privateKeyFile = mkOption { type = types.absolute-pathname; - default = toString <secrets> + "/repo-sync.ssh.key"; + default = "${config.krebs.secret.directory}/repo-sync.ssh.key"; defaultText = "‹secrets/repo-sync.ssh.key›"; }; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index c9ea8a61..bd7e7c5f 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -14,12 +14,12 @@ in sslCertificate = mkOption { type = types.str; description = "Certificate file to use for ssl"; - default = "${toString <secrets>}/tinc.krebsco.de.crt" ; + default = "${config.krebs.secret.directory}/tinc.krebsco.de.crt" ; }; sslCertificateKey = mkOption { type = types.str; description = "Certificate key to use for ssl"; - default = "${toString <secrets>}/tinc.krebsco.de.key"; + default = "${config.krebs.secret.directory}/tinc.krebsco.de.key"; }; # in use: # <secrets/tinc.krebsco.de.crt> diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 2f9efad4..9df368cf 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -149,7 +149,7 @@ with import ../../lib/pure.nix { inherit lib; }; { privkey = mkOption { type = types.absolute-pathname; - default = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv"; + default = "${config.krebs.secret.directory}/${tinc.config.netname}.rsa_key.priv"; defaultText = "‹secrets/‹netname›.rsa_key.priv›"; }; @@ -158,7 +158,7 @@ with import ../../lib/pure.nix { inherit lib; }; { default = if tinc.config.host.nets.${netname}.tinc.pubkey_ed25519 == null then null - else toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv"; + else "${config.krebs.secret.directory}/${tinc.config.netname}.ed25519_key.priv"; defaultText = "‹secrets/‹netname›.ed25519_key.priv›"; }; |