From 29f63ae6aa8fb0379984335c3857003d25031ed2 Mon Sep 17 00:00:00 2001 From: "Casper V. Kristensen" Date: Wed, 11 Dec 2024 14:54:48 +0100 Subject: [PATCH] boot: fix systemd-boot security warnings See: https://github.com/NixOS/nixpkgs/issues/279362 https://github.com/NixOS/nixpkgs/pull/300673 --- hosts/alpha/hardware.nix | 3 +-- hosts/delta/hardware.nix | 3 +-- hosts/mu/hardware.nix | 3 +-- hosts/omega/hardware.nix | 1 + hosts/sigma/hardware.nix | 3 +-- hosts/tor/hardware.nix | 2 +- hosts/zeta/hardware.nix | 3 +-- 7 files changed, 7 insertions(+), 11 deletions(-) diff --git a/hosts/alpha/hardware.nix b/hosts/alpha/hardware.nix index 83d7250..dc6795e 100644 --- a/hosts/alpha/hardware.nix +++ b/hosts/alpha/hardware.nix @@ -1,7 +1,5 @@ { - config, lib, - pkgs, modulesPath, ... }: { @@ -25,6 +23,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; + options = ["umask=077"]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/nix"; diff --git a/hosts/delta/hardware.nix b/hosts/delta/hardware.nix index 83d7250..dc6795e 100644 --- a/hosts/delta/hardware.nix +++ b/hosts/delta/hardware.nix @@ -1,7 +1,5 @@ { - config, lib, - pkgs, modulesPath, ... }: { @@ -25,6 +23,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; + options = ["umask=077"]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/nix"; diff --git a/hosts/mu/hardware.nix b/hosts/mu/hardware.nix index abeb019..c182b73 100644 --- a/hosts/mu/hardware.nix +++ b/hosts/mu/hardware.nix @@ -1,7 +1,5 @@ { - config, lib, - pkgs, modulesPath, nixos-hardware, ... @@ -29,6 +27,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; + options = ["umask=077"]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/nix"; diff --git a/hosts/omega/hardware.nix b/hosts/omega/hardware.nix index 0e54848..9d85db7 100644 --- a/hosts/omega/hardware.nix +++ b/hosts/omega/hardware.nix @@ -28,6 +28,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; + options = ["umask=077"]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/nix"; diff --git a/hosts/sigma/hardware.nix b/hosts/sigma/hardware.nix index 5ece9b3..9d23c13 100644 --- a/hosts/sigma/hardware.nix +++ b/hosts/sigma/hardware.nix @@ -1,7 +1,5 @@ { - config, lib, - pkgs, modulesPath, nixos-hardware, ... @@ -29,6 +27,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; + options = ["umask=077"]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/nix"; diff --git a/hosts/tor/hardware.nix b/hosts/tor/hardware.nix index aed5712..5668493 100644 --- a/hosts/tor/hardware.nix +++ b/hosts/tor/hardware.nix @@ -1,5 +1,4 @@ { - config, lib, pkgs, modulesPath, @@ -23,6 +22,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; + options = ["umask=077"]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/nix"; diff --git a/hosts/zeta/hardware.nix b/hosts/zeta/hardware.nix index 5a6ef3f..53da50e 100644 --- a/hosts/zeta/hardware.nix +++ b/hosts/zeta/hardware.nix @@ -1,7 +1,5 @@ { - config, lib, - pkgs, modulesPath, nixos-hardware, ... @@ -29,6 +27,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; + options = ["umask=077"]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/nix";