refact: auth: variable for generated keys path in auth.nix

auth/auth.nix

@@ -7,6 +7,8 @@ let
   ldap-host = "127.0.0.1";
   ldap-port = 3636;
 
+  keys-path = "/run/keys";
+
   admins-group = "sp.admins";
   full-users-group = "sp.full_users";
 
@@ -19,7 +21,7 @@ let
   kanidm-service-account-token-name =
     "${selfprivacy-group}-service-account-token";
   kanidm-service-account-token-fp =
-    "/run/keys/${selfprivacy-group}/kanidm-service-account-token";
+    "${keys-path}/${selfprivacy-group}/kanidm-service-account-token";
   kanidmExecStartPreScriptRoot = pkgs.writeShellScript
     "${selfprivacy-group}-kanidm-ExecStartPre-root-script.sh"
     ''
@@ -74,13 +76,12 @@ let
       fi
     '';
 
-  # lua stuff for debugging only
+  # lua stuff for nginx for debugging only
   lua_core_path = "${pkgs.luajitPackages.lua-resty-core}/lib/lua/5.1/?.lua";
   lua_lrucache_path = "${pkgs.luajitPackages.lua-resty-lrucache}/lib/lua/5.1/?.lua";
   lua_path = "${lua_core_path};${lua_lrucache_path};";
 in
-{
+lib.mkIf config.selfprivacy.sso.enable {
-  config = lib.mkIf config.selfprivacy.sso.enable {
   nixpkgs.overlays = [
     (
       _final: prev: {
@@ -237,5 +238,4 @@ in
         (x: "dc=" + x)
         (lib.strings.splitString "." domain);
   };
-  };
 }