From 5ff75b48b419c0c89e2de0f927eb81e312b980ca Mon Sep 17 00:00:00 2001
From: Ryan Mulligan <ryan@ryantm.com>
Date: Sat, 20 Nov 2021 12:13:59 -0800
Subject: [PATCH] fix: make non-root secrets accessible again

fixes #69
---
 modules/age.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/age.nix b/modules/age.nix
index f8978c6..f884d3f 100644
--- a/modules/age.nix
+++ b/modules/age.nix
@@ -140,10 +140,10 @@ in
       (( ++_agenix_generation ))
       echo "[agenix] symlinking new secrets to /run/agenix (generation $_agenix_generation)..."
       mkdir -p "${cfg.secretsMountPoint}"
-      chmod 0750 "${cfg.secretsMountPoint}"
-      grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts || mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0750
+      chmod 0751 "${cfg.secretsMountPoint}"
+      grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts || mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
       mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
-      chmod 0750 "${cfg.secretsMountPoint}/$_agenix_generation"
+      chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
       ln -sfn "${cfg.secretsMountPoint}/$_agenix_generation" /run/agenix
 
       (( _agenix_generation > 1 )) && {