8 files changed, 13 insertions, 13 deletions

diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 093ae2030..4e42ce72e 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -20,14 +20,14 @@ let
     };
 
     dkim = mkOption {
-      type = types.listOf (types.submodule ({ config, ... }: {
+      type = types.listOf (types.submodule (dkim: {
         options = {
           domain = mkOption {
             type = types.str;
           };
           private_key = mkOption {
             type = types.absolute-pathname;
-            default = toString <secrets> + "/${config.domain}.dkim.priv";
+            default = "${config.krebs.secret.directory}/${dkim.config.domain}.dkim.priv";
             defaultText = "‹secrets/‹domain›.dkim.priv›";
           };
           selector = mkOption {
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 79187adfa..0d67120fd 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -40,7 +40,7 @@ let
     };
   };
 
-  fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
+  fetchWallpaperScript = pkgs.writers.writeDash "fetchWallpaper" ''
     set -euf
 
     mkdir -p ${cfg.stateDir}
diff --git a/krebs/3modules/github/hosts-sync.nix b/krebs/3modules/github/hosts-sync.nix
index 6f9aee0ce..2f373f9bc 100644
--- a/krebs/3modules/github/hosts-sync.nix
+++ b/krebs/3modules/github/hosts-sync.nix
@@ -22,7 +22,7 @@ let
     };
     ssh-identity-file = mkOption {
       type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
-      default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
+      default = "${config.krebs.secret.directory}/github-hosts-sync.ssh.id_ed25519";
       defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›";
     };
     url = mkOption {
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index c1c5b68c8..32a5273a5 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -177,7 +177,7 @@ let
       ${buildTables iptables-version cfg.tables}
     '';
 
-  startScript = pkgs.writeDash "krebs-iptables_start" ''
+  startScript = pkgs.writers.writeDash "krebs-iptables_start" ''
     set -euf
     iptables-restore < ${rules "v4"}
     ip6tables-restore < ${rules "v6"}
diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix
index 71e2b541a..a9ed24d3f 100644
--- a/krebs/3modules/power-action.nix
+++ b/krebs/3modules/power-action.nix
@@ -60,7 +60,7 @@ let
     };
   };
 
-  startScript = pkgs.writeDash "power-action" ''
+  startScript = pkgs.writers.writeDash "power-action" ''
     set -euf
 
     power="$(${powerlvl})"
@@ -77,11 +77,11 @@ let
   writeRule = _: plan:
     "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
 
-  powerlvl = pkgs.writeDash "powerlvl" ''
+  powerlvl = pkgs.writers.writeDash "powerlvl" ''
     cat /sys/class/power_supply/${cfg.battery}/capacity
   '';
 
-  state = pkgs.writeDash "state" ''
+  state = pkgs.writers.writeDash "state" ''
     if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ]
       then echo "false"
       else echo "true"
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index a6de3f3f6..5208d91ae 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -123,7 +123,7 @@ let
 
     privateKeyFile = mkOption {
       type = types.absolute-pathname;
-      default = toString <secrets> + "/repo-sync.ssh.key";
+      default = "${config.krebs.secret.directory}/repo-sync.ssh.key";
       defaultText = "‹secrets/repo-sync.ssh.key›";
     };
 
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index c9ea8a619..bd7e7c5f6 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -14,12 +14,12 @@ in
     sslCertificate = mkOption {
         type = types.str;
         description = "Certificate file to use for ssl";
-        default = "${toString <secrets>}/tinc.krebsco.de.crt" ;
+        default = "${config.krebs.secret.directory}/tinc.krebsco.de.crt" ;
     };
     sslCertificateKey = mkOption {
         type = types.str;
         description = "Certificate key to use for ssl";
-        default = "${toString <secrets>}/tinc.krebsco.de.key";
+        default = "${config.krebs.secret.directory}/tinc.krebsco.de.key";
     };
     # in use:
     #  <secrets/tinc.krebsco.de.crt>
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 2f9efad46..9df368cfb 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -149,7 +149,7 @@ with import ../../lib/pure.nix { inherit lib; }; {
 
         privkey = mkOption {
           type = types.absolute-pathname;
-          default = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
+          default = "${config.krebs.secret.directory}/${tinc.config.netname}.rsa_key.priv";
           defaultText = "‹secrets/‹netname›.rsa_key.priv›";
         };
 
@@ -158,7 +158,7 @@ with import ../../lib/pure.nix { inherit lib; }; {
           default =
             if tinc.config.host.nets.${netname}.tinc.pubkey_ed25519 == null
               then null
-              else toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv";
+              else "${config.krebs.secret.directory}/${tinc.config.netname}.ed25519_key.priv";
           defaultText = "‹secrets/‹netname›.ed25519_key.priv›";
         };