Prefer File in option names over Path

external-hosts/fairphone/default.nix

@@ -15,8 +15,8 @@
 
     services = {
       nebula = {
-        publicKeyPath = toString ./keys/nebula.pub;
-        certificatePath = toString ./keys/nebula.crt;
+        publicKeyFile = ./keys/nebula.pub;
+        certificateFile = ./keys/nebula.crt;
       };
 
       syncthing = {

modules/home/programs/ssh.nix

@@ -8,7 +8,7 @@
 {
   options.custom.programs.ssh = {
     enable = lib.mkEnableOption "";
-    publicKeyPath = lib.mkOption {
+    publicKeyFile = lib.mkOption {
       type = lib.types.path;
       default = "${self}/users/${config.home.username}/@${osConfig.networking.hostName}/keys/ssh.pub";
     };

modules/system/services/nebula/default.nix

@@ -27,19 +27,19 @@ in
         ++ lib.optional config.custom.services.syncthing.enable "syncthing";
     };
 
-    caCertificatePath = lib.mkOption {
+    caCertificateFile = lib.mkOption {
       type = lib.types.path;
       default = ./ca.crt;
     };
-    publicKeyPath = lib.mkOption {
+    publicKeyFile = lib.mkOption {
       type = lib.types.path;
       default = "${self}/hosts/${netCfg.hostName}/keys/nebula.pub";
     };
-    certificatePath = lib.mkOption {
+    certificateFile = lib.mkOption {
       type = lib.types.path;
       default = "${self}/hosts/${netCfg.hostName}/keys/nebula.crt";
     };
-    privateKeyPath = lib.mkOption {
+    privateKeyFile = lib.mkOption {
       type = lib.types.nullOr lib.types.path;
       default = null;
     };
@@ -51,19 +51,19 @@ in
       message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` is not set. Lighthouses must be publicly reachable.";
     };
 
-    sops.secrets."nebula/host-key" = lib.mkIf (cfg.privateKeyPath == null) {
+    sops.secrets."nebula/host-key" = lib.mkIf (cfg.privateKeyFile == null) {
       owner = config.users.users.nebula-mesh.name;
       restartUnits = [ "nebula@mesh.service" ];
     };
 
     environment.etc = {
       "nebula/ca.crt" = {
-        source = cfg.caCertificatePath;
+        source = cfg.caCertificateFile;
         mode = "0440";
         user = config.systemd.services."nebula@mesh".serviceConfig.User;
       };
       "nebula/host.crt" = {
-        source = cfg.certificatePath;
+        source = cfg.certificateFile;
         mode = "0440";
         user = config.systemd.services."nebula@mesh".serviceConfig.User;
       };
@@ -75,8 +75,8 @@ in
       ca = "/etc/nebula/ca.crt";
       cert = "/etc/nebula/host.crt";
       key =
-        if (cfg.privateKeyPath != null) then
-          cfg.privateKeyPath
+        if (cfg.privateKeyFile != null) then
+          cfg.privateKeyFile
         else
           config.sops.secrets."nebula/host-key".path;
 

modules/system/services/sshd.nix

@@ -47,6 +47,6 @@ in
       |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
       |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh)
       |> lib.filter (ssh: ssh.enable)
-      |> lib.map (ssh: ssh.publicKeyPath);
+      |> lib.map (ssh: ssh.publicKeyFile);
   };
 }

scripts/nebula/recert-host.nix

@@ -15,8 +15,8 @@
     address="$(nix eval --raw ".#allHosts.$host.config.custom.networking.overlay.cidr")"
     groups="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')"
     ca_cert='modules/system/services/nebula/ca.crt'
-    host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyPath")"
-    host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificatePath")"
+    host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyFile")"
+    host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificateFile")"
     host_cert="''${host_cert#*-source/}"
 
     if [[ $# -eq 2 ]]; then

tests/infrastructure/default.nix

@@ -33,9 +33,9 @@
       };
 
       custom.services.nebula = {
-        caCertificatePath = ./keys/ca.crt;
-        certificatePath = ./keys/${config.networking.hostName}.crt;
-        privateKeyPath = ./keys/${config.networking.hostName}.key;
+        caCertificateFile = ./keys/ca.crt;
+        certificateFile = ./keys/${config.networking.hostName}.crt;
+        privateKeyFile = ./keys/${config.networking.hostName}.key;
       };
 
       networking.extraHosts = lib.mkForce "";