From dfefb9682f828a35ae8b7335fc2b1f561721ac11 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Sun, 15 Mar 2026 20:18:01 -0500
Subject: [PATCH] options organization

---
 modules/services/step-ca/ssh-host.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/modules/services/step-ca/ssh-host.nix b/modules/services/step-ca/ssh-host.nix
index 3367aab..63445e2 100644
--- a/modules/services/step-ca/ssh-host.nix
+++ b/modules/services/step-ca/ssh-host.nix
@@ -16,25 +16,27 @@ in
     # NixOS Options
     options.step-ssh-host = {
       hostname = lib.mkOption {
+        description = "Networking host name";
         type = lib.types.str;
       };
       caURL = lib.mkOption {
+        description = "URL for the certificate authority";
         type = lib.types.str;
-        default = "${caURL}";
       };
       rootCertFile = {
         path = lib.mkOption {
-          type = lib.types.str;
           description = "String path to where the root_ca.crt file will be stored for the user";
+          type = lib.types.str;
           default = "step/certs/root_ca.crt";
         };
         source = lib.mkOption {
-          type = lib.types.path;
           description = "Nix path to the root cert file within the repo";
+          type = lib.types.path;
           default = ../../../keys/root_ca.crt;
         };
       };
-      sshHostProvisioner = lib.mkOption {
+      provisioner = lib.mkOption {
+        description = "Provisioner inside Step CA to use for the SSH certificates";
         type = lib.types.str;
         default = "admin";
       };
@@ -60,7 +62,7 @@ in
           --host --sign \
           --root "${rootCertPath}" \
           --ca-url ${cfg.caURL} \
-          --provisioner "${cfg.sshHostProvisioner}" \
+          --provisioner "${cfg.provisioner}" \
           --provisioner-password-file "${provisionerPasswordPath}" \
           --principal "${cfg.hostname}" \
           --principal "${cfg.hostname}.john-stream.com" \