From 4d5bc810eb7b0af6da5861c22b880d0ad8c2552f Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Sat, 2 Oct 2021 11:49:49 +0200
Subject: [PATCH] secrets: fix setup-secrets in case of no secrets

Previously, the glob (*) returned '*' when no files existed in the
secrets dir, leading to error `chown: cannot access '*'`.

Now `unprocessedFiles` is empty when there are no secrets.

Also remove the unneeded sorting of `unprocessedFiles` and
remove redundant leading zero in the default mode.
---
 modules/secrets/secrets.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index ffd74f8..4776bca 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -58,7 +58,7 @@ let
             };
             permissions = mkOption {
               type = str;
-              default = "0440";
+              default = "440";
             };
           };
         }
@@ -205,7 +205,9 @@ in {
         }
 
         # Make all other files accessible to root only
-        unprocessedFiles=$(comm -23 <(printf '%s\n' *) <(printf '%s\n' "''${processedFiles[@]}" | sort))
+        unprocessedFiles=$(
+          comm -23 <(shopt -s nullglob; printf '%s\n' *) <(printf '%s\n' "''${processedFiles[@]}")
+        )
         if [[ $unprocessedFiles ]]; then
           IFS=$'\n'
           chown root: $unprocessedFiles