/home/colin: fix perms to 0700
This commit is contained in:
parent
f1aa685a03
commit
1f99d44288
|
@ -27,6 +27,8 @@ in
|
|||
# sets group to "users" (?)
|
||||
isNormalUser = true;
|
||||
home = "/home/colin";
|
||||
createHome = true;
|
||||
homeMode = "700";
|
||||
uid = config.sane.allocations.colin-uid;
|
||||
# i don't get exactly what this is, but nixos defaults to this non-deterministically
|
||||
# in /var/lib/nixos/auto-subuid-map and i don't want that.
|
||||
|
|
|
@ -83,6 +83,15 @@ in
|
|||
# files = [ "/etc/machine-id" ];
|
||||
};
|
||||
|
||||
# for each edge in a mount path, impermanence gives that target directory the same permissions
|
||||
# as the matching folder in /nix/persist.
|
||||
# /nix/persist is often created with poor permissions. so patch them to get the desired directory permissions.
|
||||
system.activationScripts.fixImpermanencePerms = {
|
||||
text = "chmod ${config.users.users.colin.homeMode} /nix/persist/home/colin";
|
||||
deps = [ "users" ];
|
||||
};
|
||||
system.activationScripts.createPersistentStorageDirs.deps = [ "fixImpermanencePerms" ];
|
||||
|
||||
# secret decoding depends on /etc/ssh keys, which may be persisted
|
||||
system.activationScripts.setupSecrets.deps = [ "persist-ssh-host-keys" ];
|
||||
system.activationScripts.setupSecretsForUsers = lib.mkIf secretsForUsers {
|
||||
|
|
Loading…
Reference in New Issue
Block a user