From 8dc3266b7f98c8bfebe14dd4c2a59d06249b21cf Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Sat, 30 Sep 2023 14:49:50 +0200
Subject: [PATCH] fix: protect agenix-rekey cacheDir on new setups by making it
 sticky by default

---
 modules/config/impermanence.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/config/impermanence.nix b/modules/config/impermanence.nix
index 04f0b40..11aa8cf 100644
--- a/modules/config/impermanence.nix
+++ b/modules/config/impermanence.nix
@@ -90,7 +90,10 @@ in {
     hideMounts = true;
     directories =
       [
-        "/var/tmp/agenix-rekey"
+        {
+          directory = "/var/tmp/agenix-rekey";
+          mode = "1777";
+        }
         "/var/tmp/nix-import-encrypted" # Decrypted repo-secrets can be kept
         "/var/lib/systemd"
         "/var/log"