about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/secrets/default.nix15
1 files changed, 10 insertions, 5 deletions
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
index 912d556..4660025 100644
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -19,12 +19,17 @@ in
         userIfExists = u: if userExists u then u else "root";
         groupIfExists = g: if groupExists g then g else "root";
 
-        toSecret = name:
-          { owner ? "root", group ? "root", mode ? "0400", ... }: {
+        toSecret = name: attrs:
+          {
             file = "${secretsDir}/${name}";
-            owner = lib.mkDefault (userIfExists owner);
-            group = lib.mkDefault (groupIfExists group);
-            mode = mode;
+          } // lib.optionalAttrs (attrs ? owner) {
+            owner = lib.mkDefault (userIfExists attrs.owner);
+          } // lib.optionalAttrs (attrs ? group) {
+            group = lib.mkDefault (userIfExists attrs.group);
+          } // lib.optionalAttrs (attrs ? mode) {
+            inherit (attrs) mode;
+          } // lib.optionalAttrs (attrs ? path) {
+            inherit (attrs) path;
           };
       in
       if pathExists secretsFile then