From 9bc2d533742ba8b988390a56f13e323bbcbffc80 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Wed, 20 Jul 2022 17:33:21 -0700 Subject: fix(modules/secrets): set correctly all possible attributes Secrets can have multiple attributes: the owner, group, mode and path. So far, we were setting the file (path where it should be read from), the owner (if it exists), the group (if it exists) and the mode. The attribute 'path' was not propagated correctly. We now check for all these attributes (as optional) and if they exists we set them. We still validate that the user and group exist before setting them. Change-Id: Ifeccf2ee9d0acd17a3cd05de8d08968cea49550b Reviewed-on: https://cl.fcuny.net/c/world/+/641 Tested-by: CI Reviewed-by: Franck Cuny --- modules/secrets/default.nix | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 912d556..4660025 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -19,12 +19,17 @@ in userIfExists = u: if userExists u then u else "root"; groupIfExists = g: if groupExists g then g else "root"; - toSecret = name: - { owner ? "root", group ? "root", mode ? "0400", ... }: { + toSecret = name: attrs: + { file = "${secretsDir}/${name}"; - owner = lib.mkDefault (userIfExists owner); - group = lib.mkDefault (groupIfExists group); - mode = mode; + } // lib.optionalAttrs (attrs ? owner) { + owner = lib.mkDefault (userIfExists attrs.owner); + } // lib.optionalAttrs (attrs ? group) { + group = lib.mkDefault (userIfExists attrs.group); + } // lib.optionalAttrs (attrs ? mode) { + inherit (attrs) mode; + } // lib.optionalAttrs (attrs ? path) { + inherit (attrs) path; }; in if pathExists secretsFile then -- cgit 1.4.1