modules/nixos/clicks/security/secrets/groupPerms/default.nix - Infra/NixFiles - Gitiles

 { config, lib, ... }: {
   options.clicks.security.secrets.groupPerms.enable = lib.mkOption {
     description = ''
       Enable setting permissions for age secrets to 0440 rather than 0400 by
       default, allowing group access

       The default age permissions for secrets block the "group" from accessing
       the secret, making that option useless without additionally specifying a
       mode
       '';
     type = lib.types.bool;
     default = config.clicks.security.secrets.enable;
   };

   options.age = {
     secrets = lib.mkOption {
       type = lib.types.attrsOf (lib.types.submodule (submodule: {
         config = {
           mode = lib.pipe "0440" [
             (lib.mkOverride 999)
             (lib.mkIf config.clicks.security.secrets.groupPerms.enable)
           ];
         };
       }));
     };
   };
 }
	{ config, lib, ... }: {
	options.clicks.security.secrets.groupPerms.enable = lib.mkOption {
	description = ''
	Enable setting permissions for age secrets to 0440 rather than 0400 by
	default, allowing group access

	The default age permissions for secrets block the "group" from accessing
	the secret, making that option useless without additionally specifying a
	mode
	'';
	type = lib.types.bool;
	default = config.clicks.security.secrets.enable;
	};

	options.age = {
	secrets = lib.mkOption {
	type = lib.types.attrsOf (lib.types.submodule (submodule: {
	config = {
	mode = lib.pipe "0440" [
	(lib.mkOverride 999)
	(lib.mkIf config.clicks.security.secrets.groupPerms.enable)
	];
	};
	}));
	};
	};
	}