diff --git a/nixos/modules/services/misc/radicle.nix b/nixos/modules/services/misc/radicle.nix index 69cac81ee65f..05bbac4cecf4 100644 --- a/nixos/modules/services/misc/radicle.nix +++ b/nixos/modules/services/misc/radicle.nix @@ -45,7 +45,7 @@ let { BindReadOnlyPaths = [ "${cfg.configFile}:${env.RAD_HOME}/config.json" - "${if isPath cfg.publicKeyFile then cfg.publicKeyFile else pkgs.writeText "radicle.pub" cfg.publicKeyFile}:${env.RAD_HOME}/keys/radicle.pub" + "${if types.path.check cfg.publicKey then cfg.publicKey else pkgs.writeText "radicle.pub" cfg.publicKey}:${env.RAD_HOME}/keys/radicle.pub" ]; KillMode = "process"; StateDirectory = [ "radicle" ]; @@ -119,19 +119,21 @@ in enable = mkEnableOption "Radicle Seed Node"; package = mkPackageOption pkgs "radicle-node" { }; privateKeyFile = mkOption { - type = with types; either path str; + type = types.path; description = '' - SSH private key generated by `rad auth`. + Absolute file path to an SSH private key, + usually generated by `rad auth`. If it contains a colon (`:`) the string before the colon is taken as the credential name and the string after as a path encrypted with `systemd-creds`. ''; }; - publicKeyFile = mkOption { + publicKey = mkOption { type = with types; either path str; description = '' - SSH public key generated by `rad auth`. + An SSH public key (as an absolute file path or directly as a string), + usually generated by `rad auth`. ''; }; node = { diff --git a/nixos/tests/radicle.nix b/nixos/tests/radicle.nix index 2deff7487d80..b68cb7d716c2 100644 --- a/nixos/tests/radicle.nix +++ b/nixos/tests/radicle.nix @@ -66,7 +66,7 @@ in services.radicle = { enable = true; privateKeyFile = seed-ssh-keys.snakeOilEd25519PrivateKey; - publicKeyFile = seed-ssh-keys.snakeOilEd25519PublicKey; + publicKey = seed-ssh-keys.snakeOilEd25519PublicKey; node = { openFirewall = true; };