From b8d33d3cfffc9b04d1110e8afde8ac5dca006c01 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Thu, 9 May 2024 02:35:07 -0400
Subject: [PATCH] secrets: set file permissions for withGroup/withOwnerGroup

---
 secrets/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/secrets/default.nix b/secrets/default.nix
index 6e195a4..590e2ac 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -9,9 +9,9 @@ let
     { file = "${./.}/${name}"; };
   secrets = listToAttrs (map mkSecret (attrNames (import ./secrets.nix)));
 
-  withOwnerGroup = name: secret: secret // { owner = name; group = name; };
+  withOwnerGroup = name: secret: secret // { owner = name; group = name; mode = "440"; };
   withOwner = name: secret: secret // { owner = name; };
-  withGroup = name: secret: secret // { group = name; };
+  withGroup = name: secret: secret // { group = name; mode = "440"; };
 in
 {
   options = {