cfg cosmetics

modules/services/deployerbot/default.nix

@@ -45,7 +45,10 @@ in {
   };
 
   config = lib.mkMerge [
-    (lib.mkIf cfg.main.enable {
+    (let
+      cfg = config.mj.services.deployerbot.main;
+    in
+      lib.mkIf cfg.enable {
         # TODO: git config --global user.email bot@jakstys.lt
         users.users.deployerbot-main = {
           description = "Deployerbot Main";
@@ -54,9 +57,9 @@ in {
           group = "deployerbot-main";
           isSystemUser = true;
           createHome = true;
-        uid = cfg.main.uidgid;
+          uid = cfg.uidgid;
         };
-      users.groups.deployerbot-main.gid = cfg.main.uidgid;
+        users.groups.deployerbot-main.gid = cfg.uidgid;
 
         systemd.services.deployerbot = {
           description = "Update all known systems";
@@ -70,12 +73,12 @@ in {
             LoadCredential = ["ssh-key:/etc/ssh/ssh_host_ed25519_key"];
           };
           script = let
-          deployDerivationsStr = builtins.concatStringsSep " " cfg.main.deployDerivations;
+            deployDerivationsStr = builtins.concatStringsSep " " cfg.deployDerivations;
           in ''
             set -x
             export GIT_SSH_COMMAND="ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key"
             if [[ ! -d config ]]; then
-            git clone ${cfg.main.repo} config
+              git clone ${cfg.repo} config
               cd config
             else
               cd config
@@ -93,7 +96,7 @@ in {
                 --accept-flake-config
 
             # Optional deployments
-          ${lib.concatLines (map mkOptional cfg.main.deployIfPresent)}
+            ${lib.concatLines (map mkOptional cfg.deployIfPresent)}
 
             # done
             git push origin main
@@ -110,7 +113,11 @@ in {
 
         nix.settings.trusted-users = ["deployerbot-main"];
       })
-    (lib.mkIf cfg.follower.enable {
+
+    (let
+      cfg = config.mj.services.deployerbot.follower;
+    in
+      lib.mkIf cfg.enable {
         users.users = {
           deployerbot-follower = {
             description = "Deployerbot Follower";
@@ -120,13 +127,13 @@ in {
             extraGroups = ["wheel"];
             isSystemUser = true;
             createHome = true;
-          uid = cfg.follower.uidgid;
+            uid = cfg.uidgid;
             openssh.authorizedKeys.keys = let
-            restrictedPubKey = "from=\"${builtins.concatStringsSep "," cfg.follower.sshAllowSubnets}\" " + cfg.follower.publicKey;
+              restrictedPubKey = "from=\"${builtins.concatStringsSep "," cfg.sshAllowSubnets}\" " + cfg.publicKey;
             in [restrictedPubKey];
           };
         };
-      users.groups.deployerbot-follower.gid = cfg.follower.uidgid;
+        users.groups.deployerbot-follower.gid = cfg.uidgid;
         nix.settings.trusted-users = ["deployerbot-follower"];
       })
   ];

modules/services/nsd-acme/default.nix

@@ -4,6 +4,7 @@
   pkgs,
   ...
 }: let
+  cfg = config.mj.services.nsd-acme;
   mkHook = zone: let
     rc = config.services.nsd.remoteControl;
     fullZone = "_acme-endpoint.${zone}";
@@ -84,7 +85,7 @@ in {
   };
 
   # TODO assert services.nsd.enable
-  config = lib.mkIf config.mj.services.nsd-acme.enable {
+  config = lib.mkIf cfg.enable {
     services.nsd.remoteControl.enable = true;
     services.nsd.extraConfig = ''
       pattern:
@@ -186,7 +187,7 @@ in {
             };
           }
       )
-      config.mj.services.nsd-acme.zones;
+      cfg.zones;
 
     systemd.timers =
       lib.mapAttrs'
@@ -201,14 +202,14 @@ in {
             after = ["network-online.target"];
           }
       )
-      config.mj.services.nsd-acme.zones;
+      cfg.zones;
 
     mj.base.unitstatus.units =
       lib.mkIf config.mj.base.unitstatus.enable
       (
         ["nsd-control-setup"]
         ++ map (z: "nsd-acme-${z}")
-        (lib.attrNames config.mj.services.nsd-acme.zones)
+        (lib.attrNames cfg.zones)
       );
   };
 }