From 5370e0485788224126861e076110ac705013d2de Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 11 Sep 2023 15:31:13 +0200
Subject: treewide: don't reference <secrets> explicitly

---
 krebs/3modules/retiolum-bootstrap.nix |  4 ++--
 krebs/3modules/secret.nix             | 12 ++++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

(limited to 'krebs/3modules')

diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index bd7e7c5f6..1e94df14e 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -22,8 +22,8 @@ in
         default = "${config.krebs.secret.directory}/tinc.krebsco.de.key";
     };
     # in use:
-    #  <secrets/tinc.krebsco.de.crt>
-    #  <secrets/tinc.krebsco.de.key>
+    #  ${config.krebs.secret.directory}/tinc.krebsco.de.crt
+    #  ${config.krebs.secret.directory}/tinc.krebsco.de.key
   };
 
   config = mkIf cfg.enable {
diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix
index 90c2f6a6d..c35dceba3 100644
--- a/krebs/3modules/secret.nix
+++ b/krebs/3modules/secret.nix
@@ -7,13 +7,17 @@ in {
       default = toString <secrets>;
       type = types.absolute-pathname;
     };
-    file = mkOption {
-      default = relpath: "${cfg.directory}/${relpath}";
-      readOnly = true;
-    };
     files = mkOption {
       type = with pkgs.stockholm.lib.types; attrsOf secret-file;
       default = {};
+      apply = mapAttrs (name: secret-file:
+        if types.absolute-pathname.check secret-file.source-path then
+          secret-file
+        else
+          secret-file // {
+            source-path = "${config.krebs.secret.directory}/secret-file.source-path";
+          }
+      );
     };
   };
   config = lib.mkIf (cfg.files != {}) {
-- 
cgit v1.2.3


From 1e03553fe6058d06c00a6c92e0ef486282057595 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 13 Sep 2023 16:28:08 +0200
Subject: zones: delegate panda.krebsco.de

---
 krebs/3modules/zones.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'krebs/3modules')

diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix
index e68482d77..29c0b0f23 100644
--- a/krebs/3modules/zones.nix
+++ b/krebs/3modules/zones.nix
@@ -16,6 +16,9 @@ with lib; {
         @ 3600 IN NS ns2.he.net.
         @ 3600 IN NS ns3.he.net.
         @ 3600 IN NS ns2.hosting.de.
+
+        panda NS panda
+        panda A 130.61.237.100
       '';
     };
   };
-- 
cgit v1.2.3