add file rights: owner, group, mode

further increases parity with https://git.clan.lol/clan/clan-core/src/branch/main/nixosModules/clanCore/vars/interface.nix, particularly: - f540ab91a1 (diff-7b681998bb14b48b80f83251424be17c6e3ce3bf) - 19a251d6fc (diff-7b681998bb14b48b80f83251424be17c6e3ce3bf) - 222915a9ed (diff-7b681998bb14b48b80f83251424be17c6e3ce3bf)
2025-07-05 10:54:06 +02:00 · 2025-07-05 10:54:06 +02:00 · 52ee8bab58
commit 52ee8bab58
parent 8ce9bd9cad
2 changed files with 27 additions and 7 deletions
--- a/backends/on-machine.nix
+++ b/backends/on-machine.nix
@ -46,6 +46,12 @@ let
          fi
        '') (lib.attrValues gen.files)}

+        # outputs
+        out=$(mktemp -d)
+        trap 'rm -rf $out' EXIT
+        export out
+        mkdir -p "$out"
+
        if [ $all_files_missing = false ] && [ $all_files_present = false ] ; then
          echo "Inconsistent state for generator: ${gen.name}"
          exit 1
@ -80,12 +86,6 @@ let
            '') (lib.attrValues config.vars.generators.${input}.files)}
          '') gen.dependencies}

-          # outputs
-          out=$(mktemp -d)
-          trap 'rm -rf $out' EXIT
-          export out
-          mkdir -p "$out"
-
          (
            # prepare PATH
            unset PATH
@ -112,8 +112,15 @@ let
            mkdir -p "$(dirname "$OUT_FILE")"
            mv "$out"/${file.name} "$OUT_FILE"
          '') (lib.attrValues gen.files)}
-          rm -rf "$out"
        fi
+
+        # move the files to the correct location
+        ${lib.concatMapStringsSep "\n" (file: ''
+          OUT_FILE="$OUT_DIR"/${if file.secret then "secret" else "public"}/${file.generator}/${file.name}
+          chown ${file.owner}:${file.group} "''${OUT_FILE}"
+          chmod ${file.mode} "''${OUT_FILE}"
+        '') (lib.attrValues gen.files)}
+        rm -rf "$out"
      '') sortedGenerators}
    '';
  };
--- a/options.nix
+++ b/options.nix
@ -82,6 +82,19 @@
                      default = generator.config.name;
                      defaultText = "Name of the generator";
                    };
+                    owner = lib.mkOption {
+                      description = "The user name or id that will own the file.";
+                      default = "root";
+                    };
+                    group = lib.mkOption {
+                      description = "The group name or id that will own the file.";
+                      default = "root";
+                    };
+                    mode = lib.mkOption {
+                      type = lib.types.strMatching "^[0-7]{4}$";
+                      description = "The unix file mode of the file. Must be a 4-digit octal number.";
+                      default = "0400";
+                    };
                    deploy = lib.mkOption {
                      description = ''
                        Whether the file should be deployed to the target machine.