nixos/acme: change service umask to 0023

Closes #106603 Some webservers (lighttpd) require that the files they are serving are world readable. We do our own chmods in the scripts anyway, and lego has sensible permissions on its output files, so this change is safe enough.
2020-12-13 22:33:27 +00:00 · 2020-12-13 22:33:27 +00:00 · f670e1dc23
parent 351065f970
commit f670e1dc23
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@ -24,7 +24,7 @@ let
      Type = "oneshot";
      User = "acme";
      Group = mkDefault "acme";
-      UMask = 0027;
+      UMask = 0023;
      StateDirectoryMode = 750;
      ProtectSystem = "full";
      PrivateTmp = true;