From ec0fe7dec802a8686692dc624d180ab81938dd7d Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Sat, 14 Oct 2023 14:03:40 +0800
Subject: [PATCH] services/vouch-proxy: fix permissions for generated secrets

---
 modules/nixos/services/vouch-proxy.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos/services/vouch-proxy.nix b/modules/nixos/services/vouch-proxy.nix
index 53215dee..d162607c 100644
--- a/modules/nixos/services/vouch-proxy.nix
+++ b/modules/nixos/services/vouch-proxy.nix
@@ -70,6 +70,7 @@ let
           ${pkgs.writeScript
             "vouch-proxy-replace-secrets"
             (utils.genJqSecretsReplacementSnippet settings settingsFile')}
+          chmod 0600 "${settingsFile'}"
         ''
         else ''
           install -Dm0600 "${settingsFile}" "${settingsFile'}"