diff --git a/system/hosts/router/default.nix b/system/hosts/router/default.nix index 55e7275..cdad05f 100644 --- a/system/hosts/router/default.nix +++ b/system/hosts/router/default.nix @@ -948,6 +948,6 @@ in { { directory = /secrets; mode = "0000"; } # my custom impermanence module doesnt detect it { directory = /var/db/dhcpcd; mode = "0755"; } - { directory = /var/lib/private/kea; mode = "0750"; } + { directory = /var/lib/private/kea; mode = "0750"; parentDirectory.mode = "0700"; } ]; } diff --git a/system/modules/impermanence.nix b/system/modules/impermanence.nix index f375c86..6616587 100644 --- a/system/modules/impermanence.nix +++ b/system/modules/impermanence.nix @@ -70,14 +70,14 @@ in { ] ++ lib.optionals config.services.akkoma.enable [ { directory = /var/lib/akkoma; user = "akkoma"; group = "akkoma"; mode = "0700"; } ] ++ lib.optionals config.services.botamusique.enable [ - { directory = /var/lib/private/botamusique; user = "root"; group = "root"; mode = "0750"; } + { directory = /var/lib/private/botamusique; user = "root"; group = "root"; mode = "0750"; parentDirectory.mode = "0700"; } ] ++ lib.optionals config.programs.ccache.enable [ { directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; } { directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; } ] ++ lib.optionals config.services.certspotter.enable [ { directory = /var/lib/certspotter; user = "certspotter"; group = "certspotter"; mode = "0755"; } ] ++ lib.optionals (config.services.coop-ofd.enable or false) [ - { directory = /var/lib/private/coop-ofd; mode = "0750"; } + { directory = /var/lib/private/coop-ofd; mode = "0750"; parentDirectory.mode = "0700"; } ] ++ lib.optionals config.services.dovecot2.enable [ { directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }