Remove redundant group assignments for sops secrets

2026-01-21 12:51:34 +01:00 · 2025-05-24 15:31:52 +02:00 · 2025-05-24 15:31:52 +02:00 · 9bfcf3b023
commit 9bfcf3b023
parent 529bf4abec
3 changed files with 11 additions and 26 deletions
--- a/modules/system/hedgedoc/default.nix
+++ b/modules/system/hedgedoc/default.nix
@ -8,7 +8,6 @@ let
  cfg = config.myConfig.hedgedoc;

  user = config.users.users.hedgedoc.name;
-  inherit (config.users.users.hedgedoc) group;

  manage_users = "CMD_CONFIG_FILE=/run/hedgedoc/config.json NODE_ENV=production ${lib.getExe' pkgs.hedgedoc "manage_users"}";
 in
@ -27,24 +26,17 @@ in

  config = lib.mkIf cfg.enable {
    sops = {
-        secrets = {
-          "hedgedoc/seb-password" = {
-            owner = user;
-            inherit group;
-          };
-          "hedgedoc/gitlab-auth-secret" = {
-            owner = user;
-            inherit group;
-          };
-        };
-
-        templates."hedgedoc/environment" = {
-          owner = user;
-          inherit group;
-          content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
-        };
+      secrets = {
+        "hedgedoc/seb-password".owner = user;
+        "hedgedoc/gitlab-auth-secret".owner = user;
      };

+      templates."hedgedoc/environment" = {
+        owner = user;
+        content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
+      };
+    };
+
    services.hedgedoc = {
      enable = true;

--- a/modules/system/nextcloud/default.nix
+++ b/modules/system/nextcloud/default.nix
@ -9,7 +9,6 @@ let
  cfg = config.myConfig.nextcloud;

  user = config.users.users.nextcloud.name;
-  inherit (config.users.users.nextcloud) group;
 in
 {
  options.myConfig.nextcloud = {
@ -26,10 +25,7 @@ in
  };

  config = lib.mkIf cfg.enable {
-    sops.secrets."nextcloud/admin-password" = {
-      owner = user;
-      inherit group;
-    };
+    sops.secrets."nextcloud/admin-password".owner = user;

    services.nextcloud = {
      enable = true;
--- a/modules/system/tailscale/caddy-serve.nix
+++ b/modules/system/tailscale/caddy-serve.nix
@ -38,10 +38,7 @@ in
  };

  config = lib.mkIf (nodes != { }) {
-    sops.secrets."service-tailscale-auth-key" = {
-      owner = config.services.caddy.user;
-      inherit (config.services.caddy) group;
-    };
+    sops.secrets."service-tailscale-auth-key".owner = config.services.caddy.user;

    services.caddy = {
      enable = true;