Merge pull request 'clanCore/vars: allow mode to be set' (#3404) from visualphoenix/clan-core:mode_fix into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3404
2025-04-25 09:44:25 +00:00
parent d8780b8da9 222915a9ed
commit e78bd89426
5 changed files with 30 additions and 6 deletions
--- a/nixosModules/clanCore/vars/eval-tests/default.nix
+++ b/nixosModules/clanCore/vars/eval-tests/default.nix
@@ -89,4 +89,23 @@ in
      expr = lib.hasPrefix builtins.storeDir config.generators.my_secret.script;
      expected = true;
    };
+
+  # test for mode attribute
+  test_mode_attribute =
+    let
+      config = eval {
+        generators.my_secret = {
+          files.password = {
+            mode = "0400";
+          };
+          script = ''
+            echo "Mode set to ${config.generators.my_secret.files.password.mode}"
+          '';
+        };
+      };
+    in
+    {
+      expr = config.generators.my_secret.files.password.mode;
+      expected = "0400";
+    };
 }
--- a/nixosModules/clanCore/vars/interface.nix
+++ b/nixosModules/clanCore/vars/interface.nix
@@ -276,9 +276,9 @@ in
                      defaultText = lib.literalExpression ''if _class == "darwin" then "wheel" else "root"'';
                    };
                    mode = lib.mkOption {
-                      type = lib.types.strMatching "^[0-7]{3}$";
-                      description = "The unix file mode of the file. Must be a 3-digit octal number.";
-                      default = "400";
+                      type = lib.types.strMatching "^[0-7]{4}$";
+                      description = "The unix file mode of the file. Must be a 4-digit octal number.";
+                      default = "0400";
                    };
                    value =
                      lib.mkOption {
--- a/nixosModules/clanCore/vars/secret/sops/default.nix
+++ b/nixosModules/clanCore/vars/secret/sops/default.nix
@@ -43,7 +43,12 @@ in
      map (secret: {
        name = "vars/${secret.generator}/${secret.name}";
        value = {
-          inherit (secret) owner group neededForUsers;
+          inherit (secret)
+            owner
+            group
+            mode
+            neededForUsers
+            ;
          sopsFile = secretPath secret;
          format = "binary";
        };
--- a/nixosModules/clanCore/vars/secret/sops/funcs.nix
+++ b/nixosModules/clanCore/vars/secret/sops/funcs.nix
@@ -28,7 +28,7 @@ in
            generator = gen_name;
            neededForUsers = file.neededFor == "users";
            inherit (generator) share;
-            inherit (file) owner group;
+            inherit (file) owner group mode;
          }) (relevantFiles generator)
        ) vars.generators
      );
--- a/pkgs/clan-cli/clan_cli/vars/var.py
+++ b/pkgs/clan-cli/clan_cli/vars/var.py
@@ -77,6 +77,6 @@ class Var:
            deploy=data["deploy"],
            owner=data.get("owner", "root"),
            group=data.get("group", "root"),
-            mode=int(data.get("mode", "400"), 8),
+            mode=int(data.get("mode", "0400"), 8),
            needed_for=data.get("neededFor", "services"),
        )