aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/secrets/default.nix10
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
index 296f5fc..04d1bfe 100644
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -11,12 +11,18 @@ in {
secrets = let
toName = lib.removeSuffix ".age";
userExists = u: builtins.hasAttr u config.users.users;
- # Only set the user if it exists, to avoid warnings
+ groupExists = g: builtins.hasAttr g config.users.groups;
+
+ # Only set the user and/or group if they exist, to avoid warnings
userIfExists = u: if userExists u then u else "root";
+ groupIfExists = g: if groupExists g then g else "root";
+
toSecret = name:
- { owner ? "root", ... }: {
+ { owner ? "root", group ? "root", mode ? "0400", ... }: {
file = "${secretsDir}/${name}";
owner = lib.mkDefault (userIfExists owner);
+ group = lib.mkDefault (groupIfExists group);
+ mode = mode;
};
in if pathExists secretsFile then
mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v))
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 05:21:18 +0000