From 19a251d6fc86e286c3e0daac5f8d980c51bc8410 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 4 Dec 2024 23:28:15 +0100 Subject: [PATCH 1/3] vars: add file mode --- nixosModules/clanCore/vars/default.nix | 1 + nixosModules/clanCore/vars/interface.nix | 4 ++++ pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py | 2 +- pkgs/clan-cli/clan_cli/vars/var.py | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/nixosModules/clanCore/vars/default.nix b/nixosModules/clanCore/vars/default.nix index 453aa740b..b7173c951 100644 --- a/nixosModules/clanCore/vars/default.nix +++ b/nixosModules/clanCore/vars/default.nix @@ -51,6 +51,7 @@ in _name: file: { inherit (file) name + mode deploy secret neededForUsers diff --git a/nixosModules/clanCore/vars/interface.nix b/nixosModules/clanCore/vars/interface.nix index 4067254f4..7c830810d 100644 --- a/nixosModules/clanCore/vars/interface.nix +++ b/nixosModules/clanCore/vars/interface.nix @@ -213,6 +213,10 @@ in description = "The group name or id that will own the secret file."; default = "root"; }; + mode = lib.mkOption { + type = lib.types.strMatching "^[0-7]{3}$"; + default = "400"; + }; value = lib.mkOption { description = '' diff --git a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py index 7053f8d50..dc51c7b9b 100644 --- a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py +++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py @@ -170,7 +170,7 @@ class SecretStore(SecretStoreBase): tar_file = tarfile.TarInfo(name=f"{generator.name}/{file.name}") content = self.get(generator, file.name) tar_file.size = len(content) - tar_file.mode = 0o440 + tar_file.mode = file.mode tar_file.uname = file.owner tar_file.gname = file.group if file.needed_for_users: diff --git a/pkgs/clan-cli/clan_cli/vars/var.py b/pkgs/clan-cli/clan_cli/vars/var.py index d562623d6..74324a406 100644 --- a/pkgs/clan-cli/clan_cli/vars/var.py +++ b/pkgs/clan-cli/clan_cli/vars/var.py @@ -15,6 +15,7 @@ class Var: deploy: bool = False owner: str = "root" group: str = "root" + mode: int = 0o400 needed_for_users: bool = False # TODO: those shouldn't be set here @@ -75,5 +76,6 @@ class Var: deploy=data["deploy"], owner=data.get("owner", "root"), group=data.get("group", "root"), + mode=int(data.get("mode", "400"), 8), needed_for_users=data.get("neededForUsers", False), ) From 9572a73fe8025a46c42f780350a3d2e5ebb37bb9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 4 Dec 2024 23:28:54 +0100 Subject: [PATCH 2/3] vars password-store: create tarball dir if not for users --- pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py index dc51c7b9b..97e4e0f5e 100644 --- a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py +++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py @@ -161,7 +161,7 @@ class SecretStore(SecretStoreBase): continue if not file.secret: continue - if not dir_exists: + if not dir_exists and not file.needed_for_users: tar_dir = tarfile.TarInfo(name=generator.name) tar_dir.type = tarfile.DIRTYPE tar_dir.mode = 0o511 From 3abe7154722159cad5510cac6790da04d1606aa8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 4 Dec 2024 23:29:22 +0100 Subject: [PATCH 3/3] vars: export also file owner & group to deployment.json --- nixosModules/clanCore/vars/default.nix | 2 ++ nixosModules/clanCore/vars/interface.nix | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/nixosModules/clanCore/vars/default.nix b/nixosModules/clanCore/vars/default.nix index b7173c951..3a7fe5db2 100644 --- a/nixosModules/clanCore/vars/default.nix +++ b/nixosModules/clanCore/vars/default.nix @@ -51,6 +51,8 @@ in _name: file: { inherit (file) name + owner + group mode deploy secret diff --git a/nixosModules/clanCore/vars/interface.nix b/nixosModules/clanCore/vars/interface.nix index 7c830810d..dee8c5561 100644 --- a/nixosModules/clanCore/vars/interface.nix +++ b/nixosModules/clanCore/vars/interface.nix @@ -206,15 +206,16 @@ in default = false; }; owner = lib.mkOption { - description = "The user name or id that will own the secret file."; + description = "The user name or id that will own the file."; default = "root"; }; group = lib.mkOption { - description = "The group name or id that will own the secret file."; + description = "The group name or id that will own the file."; default = "root"; }; mode = lib.mkOption { type = lib.types.strMatching "^[0-7]{3}$"; + description = "The unix file mode of the file. Must be a 3-digit octal number."; default = "400"; }; value =