Assert that not both owner and uid and group and gid are set

Mic92 · Oct 22, 2024 · 1855ad2 · 1855ad2
1 parent 1b7abd3
commit 1855ad2
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/modules/sops/default.nix b/modules/sops/default.nix
@@ -332,6 +332,12 @@ in {
             builtins.isPath secret.sopsFile ||
             (builtins.isString secret.sopsFile && lib.hasPrefix builtins.storeDir secret.sopsFile);
           message = "'${secret.sopsFile}' is not in the Nix store. Either add it to the Nix store or set sops.validateSopsFiles to false";
+        } {
+          assertion = cfg.owner == "" && cfg.uid != null || cfg.owner != "" && cfg.uid == null;
+          message = "Exactly one of sops.owner and sops.uid must be set";
+        } {
+          assertion = cfg.group == "" && cfg.gid != null || cfg.group != "" && cfg.gid == null;
+          message = "Exactly one of sops.group and sops.gid must be set";
         }]) cfg.secrets)
       );