commonized root CA pattern

modules/programs/step-client.nix

@@ -29,7 +29,7 @@ in
         path = lib.mkOption {
           type = lib.types.str;
           description = "String path to where the root_ca.crt file will be stored for the user";
-          default = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
+          default = ".step/certs/root_ca.crt";
         };
         source = lib.mkOption {
           type = lib.types.path;
@@ -47,7 +47,7 @@ in
       };
     };
     config = lib.mkIf cfg.enable {
-      home.file.".step/certs/root_ca.crt".source = cfg.rootCertFile.source;
+      home.file."${cfg.rootCertFile.path}".source = cfg.rootCertFile.source;
       home.file.".step/config/defaults.json".text = builtins.toJSON {
         "ca-url" = cfg.caURL;
         fingerprint = cfg.fingerprint;

modules/services/step-ca/ssh-host.nix

@@ -22,11 +22,18 @@ in
         type = lib.types.str;
         default = "${caURL}";
       };
-      rootCertFile = lib.mkOption {
+      rootCertFile = {
+        path = lib.mkOption {
+          type = lib.types.str;
+          description = "String path to where the root_ca.crt file will be stored for the user";
+          default = "step/certs/root_ca.crt";
+        };
+        source = lib.mkOption {
           type = lib.types.path;
-        description = "Public Step root CA certificate file from the repo.";
+          description = "Nix path to the root cert file within the repo";
           default = ../../../keys/root_ca.crt;
         };
+      };
       sshHostProvisioner = lib.mkOption {
         type = lib.types.str;
         default = "admin";
@@ -45,7 +52,7 @@ in
       networking.nameservers = [ "192.168.1.150" ];
       networking.dhcpcd.extraConfig = "nohook resolv.conf";
 
-      environment.etc."step/certs/root_ca.crt".source = cfg.rootCertFile;
+      environment.etc."${cfg.rootCertFile.path}".source = cfg.rootCertFile.source;
       environment.systemPackages = with pkgs; [
         step-cli
         (writeShellScriptBin "ssh-host-cert-renew" ''