vars: add file mode

nixosModules/clanCore/vars/default.nix

@@ -51,6 +51,7 @@ in
             _name: file: {
               inherit (file)
                 name
+                mode
                 deploy
                 secret
                 neededForUsers

nixosModules/clanCore/vars/interface.nix

@@ -213,6 +213,10 @@ in
                       description = "The group name or id that will own the secret file.";
                       default = "root";
                     };
+                    mode = lib.mkOption {
+                      type = lib.types.strMatching "^[0-7]{3}$";
+                      default = "400";
+                    };
                     value =
                       lib.mkOption {
                         description = ''

pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py

@@ -170,7 +170,7 @@ class SecretStore(SecretStoreBase):
                     tar_file = tarfile.TarInfo(name=f"{generator.name}/{file.name}")
                     content = self.get(generator, file.name)
                     tar_file.size = len(content)
-                    tar_file.mode = 0o440
+                    tar_file.mode = file.mode
                     tar_file.uname = file.owner
                     tar_file.gname = file.group
                     if file.needed_for_users:

pkgs/clan-cli/clan_cli/vars/var.py

@@ -15,6 +15,7 @@ class Var:
     deploy: bool = False
     owner: str = "root"
     group: str = "root"
+    mode: int = 0o400
     needed_for_users: bool = False
 
     # TODO: those shouldn't be set here
@@ -75,5 +76,6 @@ class Var:
             deploy=data["deploy"],
             owner=data.get("owner", "root"),
             group=data.get("group", "root"),
+            mode=int(data.get("mode", "400"), 8),
             needed_for_users=data.get("neededForUsers", False),
         )