From b69fd62fbb4a6fdc94eed36791e84c65e7904f8f Mon Sep 17 00:00:00 2001
From: Ryan Mulligan <ryan@ryantm.com>
Date: Wed, 12 May 2021 20:11:17 -0700
Subject: [PATCH] fix: umask

fixes #38
---
 modules/age.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/age.nix b/modules/age.nix
index 2b55673..9cd72b3 100644
--- a/modules/age.nix
+++ b/modules/age.nix
@@ -19,7 +19,10 @@ let
     echo "decrypting ${secretType.file} to ${secretType.path}..."
     TMP_FILE="${secretType.path}.tmp"
     mkdir -p $(dirname ${secretType.path})
-    (umask 0400; LANG=${config.i18n.defaultLocale} ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
+    (
+      umask u=r,g=,o=
+      LANG=${config.i18n.defaultLocale} ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}"
+    )
     chmod ${secretType.mode} "$TMP_FILE"
     chown ${secretType.owner}:${secretType.group} "$TMP_FILE"
     mv -f "$TMP_FILE" '${secretType.path}'