automatically generate

further increases parity with
https://git.clan.lol/clan/clan-core/src/branch/main/nixosModules/clanCore/vars/interface.nix,
particularly:
-
f540ab91a1 (diff-7b681998bb14b48b80f83251424be17c6e3ce3bf)
-
19a251d6fc (diff-7b681998bb14b48b80f83251424be17c6e3ce3bf)
-
222915a9ed (diff-7b681998bb14b48b80f83251424be17c6e3ce3bf)

backends/on-machine.nix

@@ -46,6 +46,12 @@ let
           fi
         '') (lib.attrValues gen.files)}
 
+        # outputs
+        out=$(mktemp -d)
+        trap 'rm -rf $out' EXIT
+        export out
+        mkdir -p "$out"
+
         if [ $all_files_missing = false ] && [ $all_files_present = false ] ; then
           echo "Inconsistent state for generator: ${gen.name}"
           exit 1
@@ -80,12 +86,6 @@ let
             '') (lib.attrValues config.vars.generators.${input}.files)}
           '') gen.dependencies}
 
-          # outputs
-          out=$(mktemp -d)
-          trap 'rm -rf $out' EXIT
-          export out
-          mkdir -p "$out"
-
           (
             # prepare PATH
             unset PATH
@@ -112,8 +112,15 @@ let
             mkdir -p "$(dirname "$OUT_FILE")"
             mv "$out"/${file.name} "$OUT_FILE"
           '') (lib.attrValues gen.files)}
-          rm -rf "$out"
         fi
+
+        # move the files to the correct location
+        ${lib.concatMapStringsSep "\n" (file: ''
+          OUT_FILE="$OUT_DIR"/${if file.secret then "secret" else "public"}/${file.generator}/${file.name}
+          chown ${file.owner}:${file.group} "''${OUT_FILE}"
+          chmod ${file.mode} "''${OUT_FILE}"
+        '') (lib.attrValues gen.files)}
+        rm -rf "$out"
       '') sortedGenerators}
     '';
   };
@@ -138,5 +145,13 @@ in
       generate-vars
     ];
     system.build.generate-vars = generate-vars;
+
+    systemd.services.generate-vars = {
+       wantedBy = [ "multi-user.target" ];
+       after = [ "default.target" ];
+       description = "generate needed secrets";
+       path = [ generate-vars ];
+       serviceConfig.ExecStart = "${generate-vars}/bin/generate-vars";
+    };
   };
 }

options.nix

@@ -82,6 +82,19 @@
                       default = generator.config.name;
                       defaultText = "Name of the generator";
                     };
+                    owner = lib.mkOption {
+                      description = "The user name or id that will own the file.";
+                      default = "root";
+                    };
+                    group = lib.mkOption {
+                      description = "The group name or id that will own the file.";
+                      default = "root";
+                    };
+                    mode = lib.mkOption {
+                      type = lib.types.strMatching "^[0-7]{4}$";
+                      description = "The unix file mode of the file. Must be a 4-digit octal number.";
+                      default = if file.config.group == "root" then "0400" else "0440";
+                    };
                     deploy = lib.mkOption {
                       description = ''
                         Whether the file should be deployed to the target machine.