make secrets dir location configurable

Users of the nix-bitcoin modules shouldn't be forced to add an extra dir under root. The secrets location is unchanged for the default node config.
2020-01-12 20:52:39 +01:00
parent b1e13e9415
commit 826245484e
12 changed files with 38 additions and 32 deletions
--- a/modules/secrets/generate-secrets.nix
+++ b/modules/secrets/generate-secrets.nix
@@ -5,9 +5,6 @@
 # generated secrets.

 with lib;
-let
-  secretsDir = "/secrets/"; # TODO: make this an option
-in
 {
  nix-bitcoin.setup-secrets = true;

@@ -19,8 +16,8 @@ in
       RemainAfterExit = true;
    } // config.nix-bitcoin-services.defaultHardening;
    script = ''
-      mkdir -p "${secretsDir}"
-      cd "${secretsDir}"
+      mkdir -p "${config.nix-bitcoin.secretsDir}"
+      cd "${config.nix-bitcoin.secretsDir}"
      chown root: .
      chmod 0700 .
      ${pkgs.nix-bitcoin.generate-secrets}
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -3,14 +3,18 @@
 with lib;
 let
  cfg = config.nix-bitcoin;
-  secretsDir = "/secrets/"; # TODO: make this an option
-
  setupSecrets = concatStrings (mapAttrsToList (n: v: ''
    setupSecret ${n} ${v.user} ${v.group} ${v.permissions} }
  '') cfg.secrets);
 in
 {
  options.nix-bitcoin = {
+    secretsDir = mkOption {
+      type = types.path;
+      default = "/etc/nix-bitcoin-secrets";
+      description = "Directory to store secrets";
+    };
+
    secrets = mkOption {
      default = {};
      type = with types; attrsOf (submodule (
@@ -68,7 +72,7 @@ in
            processedFiles+=("$file")
        }

-        dir="${secretsDir}"
+        dir="${cfg.secretsDir}"
        if [[ ! -e $dir ]]; then
          echo "Error: Secrets dir '$dir' is missing"
          exit 1