diff options
| author | Caroline Larimore <caroline@larimo.re> | 2024-07-25 12:28:20 -0700 |
|---|---|---|
| committer | Caroline Larimore <caroline@larimo.re> | 2024-07-25 12:28:20 -0700 |
| commit | e4ce37362d381efc38c0a6e1eea44056f6af5ba7 (patch) | |
| tree | 05a6357acee7ddea5fab10be496d8ac8cfb898a5 /hosts/copenhagen/hardware-configuration.nix | |
| parent | 636fa60c1f69f97c9c3b84d685bea1e04d86a70c (diff) | |
copenhagen: Set /secret permissions on boot
Diffstat (limited to 'hosts/copenhagen/hardware-configuration.nix')
| -rw-r--r-- | hosts/copenhagen/hardware-configuration.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/hosts/copenhagen/hardware-configuration.nix b/hosts/copenhagen/hardware-configuration.nix index 853c51d..061700b 100644 --- a/hosts/copenhagen/hardware-configuration.nix +++ b/hosts/copenhagen/hardware-configuration.nix @@ -24,6 +24,10 @@ postDeviceCommands = lib.mkAfter '' zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank ''; + + postMountCommands = lib.mkAfter '' + chmod u=rw,g=,o= /secrets + ''; }; kernelModules = [ "kvm-intel" ]; |