| { config, lib, ... }: { |
| options.clicks.security.secrets.groupPerms.enable = lib.mkOption { |
| description = '' |
| Enable setting permissions for age secrets to 0440 rather than 0400 by |
| default, allowing group access |
| |
| The default age permissions for secrets block the "group" from accessing |
| the secret, making that option useless without additionally specifying a |
| mode |
| ''; |
| type = lib.types.bool; |
| default = config.clicks.security.secrets.enable; |
| }; |
| |
| options.age = { |
| secrets = lib.mkOption { |
| type = lib.types.attrsOf (lib.types.submodule (submodule: { |
| config = lib.optionalAttrs config.clicks.security.secrets.groupPerms.enable { |
| mode = lib.mkOverride 999 "0440"; |
| }; |
| })); |
| }; |
| }; |
| } |