diff options
| -rw-r--r-- | modules/secrets/default.nix | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 296f5fc..04d1bfe 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -11,12 +11,18 @@ in { secrets = let toName = lib.removeSuffix ".age"; userExists = u: builtins.hasAttr u config.users.users; - # Only set the user if it exists, to avoid warnings + groupExists = g: builtins.hasAttr g config.users.groups; + + # Only set the user and/or group if they exist, to avoid warnings userIfExists = u: if userExists u then u else "root"; + groupIfExists = g: if groupExists g then g else "root"; + toSecret = name: - { owner ? "root", ... }: { + { owner ? "root", group ? "root", mode ? "0400", ... }: { file = "${secretsDir}/${name}"; owner = lib.mkDefault (userIfExists owner); + group = lib.mkDefault (groupIfExists group); + mode = mode; }; in if pathExists secretsFile then mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) |