Merge remote-tracking branch 'lass/master'

3 files changed, 13 insertions, 6 deletions

diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index bd7e7c5f..1e94df14 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -22,8 +22,8 @@ in
         default = "${config.krebs.secret.directory}/tinc.krebsco.de.key";
     };
     # in use:
-    #  <secrets/tinc.krebsco.de.crt>
-    #  <secrets/tinc.krebsco.de.key>
+    #  ${config.krebs.secret.directory}/tinc.krebsco.de.crt
+    #  ${config.krebs.secret.directory}/tinc.krebsco.de.key
   };
 
   config = mkIf cfg.enable {
diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix
index 90c2f6a6..c35dceba 100644
--- a/krebs/3modules/secret.nix
+++ b/krebs/3modules/secret.nix
@@ -7,13 +7,17 @@ in {
       default = toString <secrets>;
       type = types.absolute-pathname;
     };
-    file = mkOption {
-      default = relpath: "${cfg.directory}/${relpath}";
-      readOnly = true;
-    };
     files = mkOption {
       type = with pkgs.stockholm.lib.types; attrsOf secret-file;
       default = {};
+      apply = mapAttrs (name: secret-file:
+        if types.absolute-pathname.check secret-file.source-path then
+          secret-file
+        else
+          secret-file // {
+            source-path = "${config.krebs.secret.directory}/secret-file.source-path";
+          }
+      );
     };
   };
   config = lib.mkIf (cfg.files != {}) {
diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix
index e68482d7..29c0b0f2 100644
--- a/krebs/3modules/zones.nix
+++ b/krebs/3modules/zones.nix
@@ -16,6 +16,9 @@ with lib; {
         @ 3600 IN NS ns2.he.net.
         @ 3600 IN NS ns3.he.net.
         @ 3600 IN NS ns2.hosting.de.
+
+        panda NS panda
+        panda A 130.61.237.100
       '';
     };
   };