/home/colin: fix perms to 0700

hosts/common/users.nix

@@ -27,6 +27,8 @@ in
       # sets group to "users" (?)
       isNormalUser = true;
       home = "/home/colin";
+      createHome = true;
+      homeMode = "700";
       uid = config.sane.allocations.colin-uid;
       # i don't get exactly what this is, but nixos defaults to this non-deterministically
       # in /var/lib/nixos/auto-subuid-map and i don't want that.

modules/impermanence.nix

@@ -83,6 +83,15 @@ in
       # files = [ "/etc/machine-id" ];
     };
 
+    # for each edge in a mount path, impermanence gives that target directory the same permissions
+    # as the matching folder in /nix/persist.
+    # /nix/persist is often created with poor permissions. so patch them to get the desired directory permissions.
+    system.activationScripts.fixImpermanencePerms = {
+      text = "chmod ${config.users.users.colin.homeMode} /nix/persist/home/colin";
+      deps = [ "users" ];
+    };
+    system.activationScripts.createPersistentStorageDirs.deps = [ "fixImpermanencePerms" ];
+
     # secret decoding depends on /etc/ssh keys, which may be persisted
     system.activationScripts.setupSecrets.deps = [ "persist-ssh-host-keys" ];
     system.activationScripts.setupSecretsForUsers = lib.mkIf secretsForUsers {