diff --git a/checks/nixos-test.nix b/checks/nixos-test.nix index 95c7a125..7a113fc9 100644 --- a/checks/nixos-test.nix +++ b/checks/nixos-test.nix @@ -321,6 +321,14 @@ in path = "/etc/externally/linked"; }; + sops.templates.test_uid_gid = { + uid = 420; + gid = 420; + content = '' + Test value: ${config.sops.placeholder.test_key} + ''; + }; + users.groups.somegroup = { }; users.users.someuser = { isSystemUser = true; @@ -339,6 +347,8 @@ in machine.succeed("[ $(stat -c%G /run/secrets/rendered/test_template) = 'somegroup' ]") machine.succeed("[ $(stat -c%U /run/secrets/rendered/test_default) = 'root' ]") machine.succeed("[ $(stat -c%G /run/secrets/rendered/test_default) = 'root' ]") + machine.succeed("[ $(stat -c%u /run/secrets/rendered/test_uid_gid) = '420' ]") + machine.succeed("[ $(stat -c%g /run/secrets/rendered/test_uid_gid) = '420' ]") expected = """\ This line is not modified. diff --git a/modules/nix-darwin/templates/default.nix b/modules/nix-darwin/templates/default.nix index da1dcbba..6c174d4c 100644 --- a/modules/nix-darwin/templates/default.nix +++ b/modules/nix-darwin/templates/default.nix @@ -49,18 +49,32 @@ in ''; }; owner = mkOption { - type = types.singleLineStr; - default = "root"; + type = with lib.types; nullOr singleLineStr; + default = null; + description = '' + User of the file. Can only be set if uid is 0; + ''; + }; + uid = mkOption { + type = with lib.types; nullOr int; + default = 0; description = '' - User of the file. + UID of the template, only applied with owner is null. the UID will be applied even if the corresponding user doesn't exist. ''; }; group = mkOption { - type = types.singleLineStr; - default = "staff"; + type = with lib.types; nullOr singleLineStr; + default = if config.owner != null then "staff" else null; defaultText = "staff"; description = '' - Group of the file. Default on darwin in staff. + Group of the file. Can only be set if gid is 0. Default on darwin to 'staff' + ''; + }; + gid = mkOption { + type = with lib.types; nullOr int; + default = 0; + description = '' + GID of the template, only applied when group is null. The GID will be applied even if the corresponding group doesn't exist. ''; }; file = mkOption { diff --git a/modules/sops/templates/default.nix b/modules/sops/templates/default.nix index fb3fb2c2..c8c24d1c 100644 --- a/modules/sops/templates/default.nix +++ b/modules/sops/templates/default.nix @@ -52,18 +52,32 @@ in ''; }; owner = mkOption { - type = types.singleLineStr; - default = "root"; + type = with lib.types; nullOr singleLineStr; + default = null; + description = '' + User of the file. Can only be set if uid is 0; + ''; + }; + uid = mkOption { + type = with lib.types; nullOr int; + default = 0; description = '' - User of the file. + UID of the template, only applied with owner is null. the UID will be applied even if the corresponding user doesn't exist. ''; }; group = mkOption { - type = types.singleLineStr; - default = users.${config.owner}.group; + type = with lib.types; nullOr singleLineStr; + default = if config.owner != null then users.${config.owner}.group else null; defaultText = lib.literalExpression ''config.users.users.''${cfg.owner}.group''; description = '' - Group of the file. + Group of the file. Can only be set if gid is 0. + ''; + }; + gid = mkOption { + type = with lib.types; nullOr int; + default = 0; + description = '' + GID of the template, only applied when group is null. The GID will be applied even if the corresponding group doesn't exist. ''; }; file = mkOption {