From 4effc0c50e8070202854b64ca7d365651bfb6380 Mon Sep 17 00:00:00 2001
From: Louis Opter <louis@opter.org>
Date: Sat, 12 Oct 2024 11:17:38 -0700
Subject: [PATCH] vars: add the `user` and `group` options on files

This changeset forwards the ownership control options from sops-nix.
---
 nixosModules/clanCore/vars/interface.nix           | 8 ++++++++
 nixosModules/clanCore/vars/secret/sops/default.nix | 1 +
 nixosModules/clanCore/vars/secret/sops/funcs.nix   | 3 ++-
 pkgs/clan-cli/clan_cli/secrets/__init__.py         | 5 ++++-
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/nixosModules/clanCore/vars/interface.nix b/nixosModules/clanCore/vars/interface.nix
index 25b224d12..276cb5fc0 100644
--- a/nixosModules/clanCore/vars/interface.nix
+++ b/nixosModules/clanCore/vars/interface.nix
@@ -119,6 +119,14 @@ in
                       '';
                       type = str;
                     };
+                    owner = {
+                      description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
+                      default = "root";
+                    };
+                    group = {
+                      description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
+                      default = "root";
+                    };
                     value =
                       {
                         description = ''
diff --git a/nixosModules/clanCore/vars/secret/sops/default.nix b/nixosModules/clanCore/vars/secret/sops/default.nix
index a3489d632..c809fa3c4 100644
--- a/nixosModules/clanCore/vars/secret/sops/default.nix
+++ b/nixosModules/clanCore/vars/secret/sops/default.nix
@@ -40,6 +40,7 @@ in
       flip map vars (secret: {
         name = "vars/${secret.generator}/${secret.name}";
         value = {
+          inherit (secret) owner group;
           sopsFile = secretPath secret;
           format = "binary";
         };
diff --git a/nixosModules/clanCore/vars/secret/sops/funcs.nix b/nixosModules/clanCore/vars/secret/sops/funcs.nix
index cc7a321d6..f0049b417 100644
--- a/nixosModules/clanCore/vars/secret/sops/funcs.nix
+++ b/nixosModules/clanCore/vars/secret/sops/funcs.nix
@@ -21,10 +21,11 @@ in
         flip mapAttrsToList vars.generators (
           gen_name: generator:
           flip mapAttrsToList (relevantFiles generator) (
-            fname: _file: {
+            fname: file: {
               name = fname;
               generator = gen_name;
               inherit (generator) share;
+              inherit (file) owner group;
             }
           )
         )
diff --git a/pkgs/clan-cli/clan_cli/secrets/__init__.py b/pkgs/clan-cli/clan_cli/secrets/__init__.py
index 57e6cd83a..9770c4afd 100644
--- a/pkgs/clan-cli/clan_cli/secrets/__init__.py
+++ b/pkgs/clan-cli/clan_cli/secrets/__init__.py
@@ -30,7 +30,10 @@ def register_parser(parser: argparse.ArgumentParser) -> None:
     import_sops_parser = subparser.add_parser("import-sops", help="import a sops file")
     register_import_sops_parser(import_sops_parser)
 
-    parser_key = subparser.add_parser("key", help="create and show age keys")
+    parser_key = subparser.add_parser(
+        "key",
+        help="create, show, or update the key for the clan",
+    )
     register_key_parser(parser_key)
 
     register_secrets_parser(subparser)