Skip to content

Commit

Permalink
change /boot permissions so random-seed won't be accessible
Browse files Browse the repository at this point in the history
  • Loading branch information
@adomixaszvers
adomixaszvers committed Dec 20, 2024
1 parent 9ee64ab commit 567c4da
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 2 deletions.
3 changes: 1 addition & 2 deletions nixos/m75s/hardware-configuration.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,7 @@
device = "/dev/disk/by-uuid/9D0A-EF86";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
"umask=077"
];
};

Expand Down
3 changes: 3 additions & 0 deletions nixos/pc/hardware-configuration.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2EF0-B6A1";
fsType = "vfat";
options = [
"umask=077"
];
};

fileSystems."/nix" = {
Expand Down
3 changes: 3 additions & 0 deletions nixos/t14/hardware-configuration.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXOS-BOOT";
fsType = "vfat";
options = [
"umask=077"
];
};

fileSystems."/var/lib/libvirt" = {
Expand Down
3 changes: 3 additions & 0 deletions nixos/work/hardware-configuration.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2641-D99C";
fsType = "vfat";
options = [
"umask=077"
];
};

fileSystems."/home" = {
Expand Down

0 comments on commit 567c4da

Please sign in to comment.