From ef2b10f22c2a60db2adfaea16de4cc83edb0ad03 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 24 Feb 2026 13:27:24 +0100 Subject: [PATCH] Prefer `File` in option names over `Path` --- external-hosts/fairphone/default.nix | 4 ++-- modules/home/programs/ssh.nix | 2 +- modules/system/services/nebula/default.nix | 18 +++++++++--------- modules/system/services/sshd.nix | 2 +- scripts/nebula/recert-host.nix | 4 ++-- tests/infrastructure/default.nix | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/external-hosts/fairphone/default.nix b/external-hosts/fairphone/default.nix index a8646b8..a0170c0 100644 --- a/external-hosts/fairphone/default.nix +++ b/external-hosts/fairphone/default.nix @@ -15,8 +15,8 @@ services = { nebula = { - publicKeyPath = toString ./keys/nebula.pub; - certificatePath = toString ./keys/nebula.crt; + publicKeyFile = ./keys/nebula.pub; + certificateFile = ./keys/nebula.crt; }; syncthing = { diff --git a/modules/home/programs/ssh.nix b/modules/home/programs/ssh.nix index 0592d04..afc18a0 100644 --- a/modules/home/programs/ssh.nix +++ b/modules/home/programs/ssh.nix @@ -8,7 +8,7 @@ { options.custom.programs.ssh = { enable = lib.mkEnableOption ""; - publicKeyPath = lib.mkOption { + publicKeyFile = lib.mkOption { type = lib.types.path; default = "${self}/users/${config.home.username}/@${osConfig.networking.hostName}/keys/ssh.pub"; }; diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix index 9613bdb..bce4a75 100644 --- a/modules/system/services/nebula/default.nix +++ b/modules/system/services/nebula/default.nix @@ -27,19 +27,19 @@ in ++ lib.optional config.custom.services.syncthing.enable "syncthing"; }; - caCertificatePath = lib.mkOption { + caCertificateFile = lib.mkOption { type = lib.types.path; default = ./ca.crt; }; - publicKeyPath = lib.mkOption { + publicKeyFile = lib.mkOption { type = lib.types.path; default = "${self}/hosts/${netCfg.hostName}/keys/nebula.pub"; }; - certificatePath = lib.mkOption { + certificateFile = lib.mkOption { type = lib.types.path; default = "${self}/hosts/${netCfg.hostName}/keys/nebula.crt"; }; - privateKeyPath = lib.mkOption { + privateKeyFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; }; @@ -51,19 +51,19 @@ in message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` is not set. Lighthouses must be publicly reachable."; }; - sops.secrets."nebula/host-key" = lib.mkIf (cfg.privateKeyPath == null) { + sops.secrets."nebula/host-key" = lib.mkIf (cfg.privateKeyFile == null) { owner = config.users.users.nebula-mesh.name; restartUnits = [ "nebula@mesh.service" ]; }; environment.etc = { "nebula/ca.crt" = { - source = cfg.caCertificatePath; + source = cfg.caCertificateFile; mode = "0440"; user = config.systemd.services."nebula@mesh".serviceConfig.User; }; "nebula/host.crt" = { - source = cfg.certificatePath; + source = cfg.certificateFile; mode = "0440"; user = config.systemd.services."nebula@mesh".serviceConfig.User; }; @@ -75,8 +75,8 @@ in ca = "/etc/nebula/ca.crt"; cert = "/etc/nebula/host.crt"; key = - if (cfg.privateKeyPath != null) then - cfg.privateKeyPath + if (cfg.privateKeyFile != null) then + cfg.privateKeyFile else config.sops.secrets."nebula/host-key".path; diff --git a/modules/system/services/sshd.nix b/modules/system/services/sshd.nix index ca32281..6127ad3 100644 --- a/modules/system/services/sshd.nix +++ b/modules/system/services/sshd.nix @@ -47,6 +47,6 @@ in |> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh) |> lib.filter (ssh: ssh.enable) - |> lib.map (ssh: ssh.publicKeyPath); + |> lib.map (ssh: ssh.publicKeyFile); }; } diff --git a/scripts/nebula/recert-host.nix b/scripts/nebula/recert-host.nix index 50cf6f3..32d5b08 100644 --- a/scripts/nebula/recert-host.nix +++ b/scripts/nebula/recert-host.nix @@ -15,8 +15,8 @@ address="$(nix eval --raw ".#allHosts.$host.config.custom.networking.overlay.cidr")" groups="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')" ca_cert='modules/system/services/nebula/ca.crt' - host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyPath")" - host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificatePath")" + host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyFile")" + host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificateFile")" host_cert="''${host_cert#*-source/}" if [[ $# -eq 2 ]]; then diff --git a/tests/infrastructure/default.nix b/tests/infrastructure/default.nix index a5b2790..8d97be8 100644 --- a/tests/infrastructure/default.nix +++ b/tests/infrastructure/default.nix @@ -33,9 +33,9 @@ }; custom.services.nebula = { - caCertificatePath = ./keys/ca.crt; - certificatePath = ./keys/${config.networking.hostName}.crt; - privateKeyPath = ./keys/${config.networking.hostName}.key; + caCertificateFile = ./keys/ca.crt; + certificateFile = ./keys/${config.networking.hostName}.crt; + privateKeyFile = ./keys/${config.networking.hostName}.key; }; networking.extraHosts = lib.mkForce "";