do not run chown if not needed

2024-08-24 05:59:21 +02:00 · 2024-08-24 05:59:21 +02:00 · 2a6bbd0f53
commit 2a6bbd0f53
parent 7bbe23e146
1 changed files with 6 additions and 4 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -9,7 +9,7 @@ rec {
  # - resultPath is the location the config file should have on the filesystem.
  # - generator is a function taking two arguments name and value and returning path in the nix
  #   nix store where the
-  replaceSecrets = { userConfig, resultPath, generator, user ? "root", permissions ? "u=r,g=r,o=" }:
+  replaceSecrets = { userConfig, resultPath, generator, user ? null, permissions ? "u=r,g=r,o=" }:
    let
      configWithTemplates = withReplacements userConfig;

@ -31,7 +31,7 @@ rec {
    resultPath = newPath;
  };

-  replaceSecretsScript = { file, resultPath, replacements, user ? "root", permissions ? "u=r,g=r,o=" }:
+  replaceSecretsScript = { file, resultPath, replacements, user ? null, permissions ? "u=r,g=r,o=" }:
    let
      templatePath = resultPath + ".template";
      sedPatterns = lib.strings.concatStringsSep " " (lib.attrsets.mapAttrsToList (from: to: "-e \"s|${from}|${to}|\"") replacements);
@ -46,9 +46,11 @@ rec {
      ln -fs ${file} ${templatePath}
      rm -f ${resultPath}
      touch ${resultPath}
+      '' + (lib.optionalString (user != null) ''
      chown ${user} ${resultPath}
-      chmod ${permissions} ${resultPath}
+      '') + ''
      ${sedCmd} ${templatePath} > ${resultPath}
+      chmod ${permissions} ${resultPath}
      '';

  secretFileType = lib.types.submodule {
@ -241,7 +243,7 @@ rec {
      pkgs.runCommand "nix-flake-tests-success" { } "echo > $out";


-  genConfigOutOfBandSystemd = { config, configLocation, generator, user ? "root", permissions ? "u=r,g=r,o=" }:
+  genConfigOutOfBandSystemd = { config, configLocation, generator, user ? null, permissions ? "u=r,g=r,o=" }:
    {
      loadCredentials = getLoadCredentials "source" config;
      preStart = lib.mkBefore (replaceSecrets {