From 1f4d922fbefd3bc1d6ceb97226361bf7ff28dd0d Mon Sep 17 00:00:00 2001
From: Fabian Hauser <fabian@fh2.ch>
Date: Sat, 22 Feb 2025 21:53:18 +0200
Subject: [PATCH] Make /boot only accessible by root for security reasons

---
 nixos-configurations/speer/disko-config.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nixos-configurations/speer/disko-config.nix b/nixos-configurations/speer/disko-config.nix
index e956450..6e047c8 100644
--- a/nixos-configurations/speer/disko-config.nix
+++ b/nixos-configurations/speer/disko-config.nix
@@ -15,6 +15,12 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
+                mountOptions = [
+                  "uid=0"
+                  "gid=0"
+                  "fmask=0077"
+                  "dmask=0077"
+                ];
               };
             };
             raid_system = {