yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: improve warnings for non-public secrets

Browse Source
This commit is contained in:
Jörg Thalheim
2025-05-08 17:06:49 +02:00
parent 34b63ca1d5
commit 93d20f48c9
1 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
nixosModules/clanCore/vars/default.nix
View File

@@ -58,7 +58,25 @@ in
)
)
''
The config.clan.core.vars.generators.${generator.name}.files.${file.name} is not secret, but has non-default owner/group/mode set.
The config.clan.core.vars.generators.${generator.name}.files.${file.name} is not secret:
${lib.optionalString
(file.owner != "root")
''
The owner is set to ${file.owner}, but should be root.
''
}
${lib.optionalString
(file.group != (if _class == "darwin" then "wheel" else "root"))
''
The group is set to ${file.group}, but should be ${if _class == "darwin" then "wheel" else "root"}.
''
}
${lib.optionalString
(file.mode != "0400")
''
The mode is set to ${file.mode}, but should be 0400.
''
}
This doesn't work because the file will be added to the nix store
''
) [ ] (lib.attrValues generator.files)