Merge pull request 'clan-cli: vars: add the owner and group options on files' (#2255) from lopter/clan-core:lo-sops-ownership into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2255
2024-10-23 09:05:53 +00:00
parent 004cd31857 f540ab91a1
commit 4c4d4d07f0
4 changed files with 15 additions and 2 deletions
--- a/nixosModules/clanCore/vars/interface.nix
+++ b/nixosModules/clanCore/vars/interface.nix
@@ -119,6 +119,14 @@ in
                      '';
                      type = str;
                    };
+                    owner = {
+                      description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
+                      default = "root";
+                    };
+                    group = {
+                      description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
+                      default = "root";
+                    };
                    value =
                      {
                        description = ''
--- a/nixosModules/clanCore/vars/secret/sops/default.nix
+++ b/nixosModules/clanCore/vars/secret/sops/default.nix
@@ -40,6 +40,7 @@ in
      flip map vars (secret: {
        name = "vars/${secret.generator}/${secret.name}";
        value = {
+          inherit (secret) owner group;
          sopsFile = secretPath secret;
          format = "binary";
        };
--- a/nixosModules/clanCore/vars/secret/sops/funcs.nix
+++ b/nixosModules/clanCore/vars/secret/sops/funcs.nix
@@ -21,10 +21,11 @@ in
        flip mapAttrsToList vars.generators (
          gen_name: generator:
          flip mapAttrsToList (relevantFiles generator) (
-            fname: _file: {
+            fname: file: {
              name = fname;
              generator = gen_name;
              inherit (generator) share;
+              inherit (file) owner group;
            }
          )
        )
--- a/pkgs/clan-cli/clan_cli/secrets/init.py
+++ b/pkgs/clan-cli/clan_cli/secrets/init.py
@@ -30,7 +30,10 @@ def register_parser(parser: argparse.ArgumentParser) -> None:
    import_sops_parser = subparser.add_parser("import-sops", help="import a sops file")
    register_import_sops_parser(import_sops_parser)

-    parser_key = subparser.add_parser("key", help="create and show age keys")
+    parser_key = subparser.add_parser(
+        "key",
+        help="create, show, or update the key for the clan",
+    )
    register_key_parser(parser_key)

    register_secrets_parser(subparser)