diff --git a/modules/sops/templates/default.nix b/modules/sops/templates/default.nix index 4a6dcf9..1db686c 100644 --- a/modules/sops/templates/default.nix +++ b/modules/sops/templates/default.nix @@ -5,6 +5,7 @@ with builtins; let cfg = config.sops; secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets; + users = config.users.users; in { options.sops = { templates = mkOption { @@ -44,7 +45,7 @@ in { }; group = mkOption { type = str; - default = config.users.users.${config.owner}.group; + default = users.${config.owner}.group; description = '' Group of the file. ''; diff --git a/pkgs/sops-install-secrets/nixos-test.nix b/pkgs/sops-install-secrets/nixos-test.nix index d055abc..78d023d 100644 --- a/pkgs/sops-install-secrets/nixos-test.nix +++ b/pkgs/sops-install-secrets/nixos-test.nix @@ -222,6 +222,9 @@ owner = "someuser"; group = "somegroup"; }; + sops.templates.test_default.content = '' + Test value: ${config.sops.placeholder.test_key} + ''; users.groups.somegroup = {}; users.users.someuser = { @@ -234,6 +237,8 @@ start_all() machine.succeed("[ $(stat -c%U /run/secrets-rendered/test_template) = 'someuser' ]") machine.succeed("[ $(stat -c%G /run/secrets-rendered/test_template) = 'somegroup' ]") + machine.succeed("[ $(stat -c%U /run/secrets-rendered/test_default) = 'root' ]") + machine.succeed("[ $(stat -c%G /run/secrets-rendered/test_default) = 'root' ]") expected = """ This line is not modified. @@ -242,7 +247,12 @@ """ rendered = machine.succeed("cat /run/secrets-rendered/test_template") - if rendered.strip() != expected.strip(): + expected_default = """ + Test value: test_value + """ + rendered_default = machine.succeed("cat /run/secrets-rendered/test_default") + + if rendered.strip() != expected.strip() or rendered_default.strip() != expected_default.strip(): raise Exception("Template is not rendered correctly") ''; } {