yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: improve warnings for non-public secrets

Browse Source
This commit is contained in:
Jörg Thalheim
2025-05-08 17:06:49 +02:00
parent 34b63ca1d5
commit 10bc9e3e44
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nixosModules/clanCore/vars/default.nix
View File

@@ -58,7 +58,16 @@ in
) )
) )
'' ''
The config.clan.core.vars.generators.${generator.name}.files.${file.name} is not secret, but has non-default owner/group/mode set. The config.clan.core.vars.generators.${generator.name}.files.${file.name} is not secret:
${lib.optionalString (file.owner != "root") ''
The owner is set to ${file.owner}, but should be root.
''}
${lib.optionalString (file.group != (if _class == "darwin" then "wheel" else "root")) ''
The group is set to ${file.group}, but should be ${if _class == "darwin" then "wheel" else "root"}.
''}
${lib.optionalString (file.mode != "0400") ''
The mode is set to ${file.mode}, but should be 0400.
''}
This doesn't work because the file will be added to the nix store This doesn't work because the file will be added to the nix store
'' ''
) [ ] (lib.attrValues generator.files) ) [ ] (lib.attrValues generator.files)