From 18c98feb3464edd9d302afcee5e0237be647ca60 Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Mon, 16 Jan 2023 11:43:43 +0000
Subject: [PATCH] fs: fix /var/lib/private to have expected mode (0700)

---
 hosts/common/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/common/default.nix b/hosts/common/default.nix
index 5fe93266..c3f54367 100644
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -30,6 +30,9 @@
     "/var/lib/machines"            # maybe not needed, but would be painful to add a VM and forget.
   ];
 
+  # some services which use private directories error if the parent (/var/lib/private) isn't 700.
+  sane.fs."/var/lib/private".dir.acl.mode = "0700";
+
   nixpkgs.config.allowUnfree = true;
 
   # time.timeZone = "America/Los_Angeles";