From 4117eb2f373bd149df63c999610079ca36271e61 Mon Sep 17 00:00:00 2001 From: Raymond Barbiero Date: Wed, 23 Apr 2025 22:30:15 -0400 Subject: [PATCH] clanCore/vars: allow mode to be set fmt --- .../clanCore/vars/eval-tests/default.nix | 19 +++++++++++++++++++ nixosModules/clanCore/vars/interface.nix | 6 +++--- .../clanCore/vars/secret/sops/default.nix | 7 ++++++- .../clanCore/vars/secret/sops/funcs.nix | 2 +- pkgs/clan-cli/clan_cli/vars/var.py | 2 +- 5 files changed, 30 insertions(+), 6 deletions(-) diff --git a/nixosModules/clanCore/vars/eval-tests/default.nix b/nixosModules/clanCore/vars/eval-tests/default.nix index 40bd31f53..d6fc88cab 100644 --- a/nixosModules/clanCore/vars/eval-tests/default.nix +++ b/nixosModules/clanCore/vars/eval-tests/default.nix @@ -89,4 +89,23 @@ in expr = lib.hasPrefix builtins.storeDir config.generators.my_secret.script; expected = true; }; + + # test for mode attribute + test_mode_attribute = + let + config = eval { + generators.my_secret = { + files.password = { + mode = "0400"; + }; + script = '' + echo "Mode set to ${config.generators.my_secret.files.password.mode}" + ''; + }; + }; + in + { + expr = config.generators.my_secret.files.password.mode; + expected = "0400"; + }; } diff --git a/nixosModules/clanCore/vars/interface.nix b/nixosModules/clanCore/vars/interface.nix index 611f757ef..0c33045e2 100644 --- a/nixosModules/clanCore/vars/interface.nix +++ b/nixosModules/clanCore/vars/interface.nix @@ -276,9 +276,9 @@ in defaultText = lib.literalExpression ''if _class == "darwin" then "wheel" else "root"''; }; mode = lib.mkOption { - type = lib.types.strMatching "^[0-7]{3}$"; - description = "The unix file mode of the file. Must be a 3-digit octal number."; - default = "400"; + type = lib.types.strMatching "^[0-7]{4}$"; + description = "The unix file mode of the file. Must be a 4-digit octal number."; + default = "0400"; }; value = lib.mkOption { diff --git a/nixosModules/clanCore/vars/secret/sops/default.nix b/nixosModules/clanCore/vars/secret/sops/default.nix index d2453ae8c..51604e96d 100644 --- a/nixosModules/clanCore/vars/secret/sops/default.nix +++ b/nixosModules/clanCore/vars/secret/sops/default.nix @@ -43,7 +43,12 @@ in map (secret: { name = "vars/${secret.generator}/${secret.name}"; value = { - inherit (secret) owner group neededForUsers; + inherit (secret) + owner + group + mode + neededForUsers + ; sopsFile = secretPath secret; format = "binary"; }; diff --git a/nixosModules/clanCore/vars/secret/sops/funcs.nix b/nixosModules/clanCore/vars/secret/sops/funcs.nix index 0afd839bb..bf9095dd1 100644 --- a/nixosModules/clanCore/vars/secret/sops/funcs.nix +++ b/nixosModules/clanCore/vars/secret/sops/funcs.nix @@ -28,7 +28,7 @@ in generator = gen_name; neededForUsers = file.neededFor == "users"; inherit (generator) share; - inherit (file) owner group; + inherit (file) owner group mode; }) (relevantFiles generator) ) vars.generators ); diff --git a/pkgs/clan-cli/clan_cli/vars/var.py b/pkgs/clan-cli/clan_cli/vars/var.py index 427a3a72d..5c41fac04 100644 --- a/pkgs/clan-cli/clan_cli/vars/var.py +++ b/pkgs/clan-cli/clan_cli/vars/var.py @@ -77,6 +77,6 @@ class Var: deploy=data["deploy"], owner=data.get("owner", "root"), group=data.get("group", "root"), - mode=int(data.get("mode", "400"), 8), + mode=int(data.get("mode", "0400"), 8), needed_for=data.get("neededFor", "services"), )