yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'Data-mesher: don't set owner for public vars' (#3571) from misc-fixes-2 into main

Browse Source 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3571
This commit is contained in:
Mic92
2025-05-12 10:27:05 +00:00
parent 0064a8bfbc 1e8b9def2a
commit ecc327277c
4 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
checks/sanity-checks/dont-depend-on-repo-root.nix → checks/dont-depend-on-repo-root.nix
View File

2
checks/flake-module.nix
View File

@@ -14,7 +14,7 @@ in
./installation/flake-module.nix
./morph/flake-module.nix
./nixos-documentation/flake-module.nix
./sanity-checks/dont-depend-on-repo-root.nix
./dont-depend-on-repo-root.nix
];
perSystem =
{

10
clanModules/data-mesher/shared.nix
View File

@@ -105,10 +105,7 @@ in
private_key = {
inherit owner;
};
public_key = {
inherit owner;
secret = false;
};
public_key.secret = false;
};
runtimeInputs = [
@@ -134,10 +131,7 @@ in
private_key = {
inherit owner;
};
public_key = {
inherit owner;
secret = false;
};
public_key.secret = false;
};
runtimeInputs = [

11
nixosModules/clanCore/vars/default.nix
View File

@@ -58,7 +58,16 @@ in
)
)
''
The config.clan.core.vars.generators.${generator.name}.files.${file.name} is not secret, but has non-default owner/group/mode set.
The config.clan.core.vars.generators.${generator.name}.files.${file.name} is not secret:
${lib.optionalString (file.owner != "root") ''
The owner is set to ${file.owner}, but should be root.
''}
${lib.optionalString (file.group != (if _class == "darwin" then "wheel" else "root")) ''
The group is set to ${file.group}, but should be ${if _class == "darwin" then "wheel" else "root"}.
''}
${lib.optionalString (file.mode != "0400") ''
The mode is set to ${file.mode}, but should be 0400.
''}
This doesn't work because the file will be added to the nix store
''
) [ ] (lib.attrValues generator.files)