From 0842b0568762334444c14378cb31e953ab60beaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 30 Oct 2024 12:15:04 +0100
Subject: [PATCH] vars: move owner/group to a sops namespace

we want to allow users to use this feature but do not want to use this
option in our own module because it's not supported by password store.
---
 nixosModules/clanCore/vars/interface.nix      | 30 ++++++++++++++-----
 .../clanCore/vars/secret/sops/default.nix     |  2 +-
 .../clanCore/vars/secret/sops/funcs.nix       |  2 +-
 3 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/nixosModules/clanCore/vars/interface.nix b/nixosModules/clanCore/vars/interface.nix
index 276cb5fc0..cbc77de95 100644
--- a/nixosModules/clanCore/vars/interface.nix
+++ b/nixosModules/clanCore/vars/interface.nix
@@ -67,7 +67,17 @@ in
               '';
               type = attrsOf (
                 submodule (file: {
-                  imports = [ config.settings.fileModule ];
+                  imports = [
+                    config.settings.fileModule
+                    (lib.mkRenamedOptionModule [ "owner" ] [
+                      "sops"
+                      "owner"
+                    ])
+                    (lib.mkRenamedOptionModule [ "group" ] [
+                      "sops"
+                      "group"
+                    ])
+                  ];
                   options = options {
                     name = {
                       type = lib.types.str;
@@ -119,14 +129,18 @@ in
                       '';
                       type = str;
                     };
-                    owner = {
-                      description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
-                      default = "root";
-                    };
-                    group = {
-                      description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
-                      default = "root";
+
+                    sops = {
+                      owner = {
+                        description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
+                        default = "root";
+                      };
+                      group = {
+                        description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
+                        default = "root";
+                      };
                     };
+
                     value =
                       {
                         description = ''
diff --git a/nixosModules/clanCore/vars/secret/sops/default.nix b/nixosModules/clanCore/vars/secret/sops/default.nix
index c809fa3c4..a3c024fa5 100644
--- a/nixosModules/clanCore/vars/secret/sops/default.nix
+++ b/nixosModules/clanCore/vars/secret/sops/default.nix
@@ -40,7 +40,7 @@ in
       flip map vars (secret: {
         name = "vars/${secret.generator}/${secret.name}";
         value = {
-          inherit (secret) owner group;
+          inherit (secret.sops) owner group;
           sopsFile = secretPath secret;
           format = "binary";
         };
diff --git a/nixosModules/clanCore/vars/secret/sops/funcs.nix b/nixosModules/clanCore/vars/secret/sops/funcs.nix
index f0049b417..3e5857ac7 100644
--- a/nixosModules/clanCore/vars/secret/sops/funcs.nix
+++ b/nixosModules/clanCore/vars/secret/sops/funcs.nix
@@ -25,7 +25,7 @@ in
               name = fname;
               generator = gen_name;
               inherit (generator) share;
-              inherit (file) owner group;
+              inherit (file) sops;
             }
           )
         )