fix: reduce permissions of nix.conf to 0600

zimbatm · zimbatm · commit 5f5781e1e466 · 2025-07-03T14:27:23.000+02:00
Since the file now holds some tokens, make it non-world readable.
diff --git a/internal/config/nixconf.go b/internal/config/nixconf.go
@@ -198,7 +198,7 @@ func (n *NixConfig) readConfigLines() ([]string, error) {
 }
 
 func (n *NixConfig) writeConfigLines(lines []string) error {
-	file, err := os.OpenFile(n.path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+	file, err := os.OpenFile(n.path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return fmt.Errorf("failed to open config file: %w", err)
 	}
@@ -284,7 +284,7 @@ func (n *NixConfig) createBackup(backupPath string) error {
 	if err != nil {
 		return err
 	}
-	return os.WriteFile(backupPath, input, 0644)
+	return os.WriteFile(backupPath, input, 0600)
 }
 
 // expandTilde expands ~ to the user's home directory

Original file line number	Diff line number	Diff line change
`@@ -198,7 +198,7 @@ func (n *NixConfig) readConfigLines() ([]string, error) {`
`198`	`198`	`}`
`199`	`199`
`200`	`200`	`func (n *NixConfig) writeConfigLines(lines []string) error {`
`201`		`- file, err := os.OpenFile(n.path, os.O_WRONLY\|os.O_CREATE\|os.O_TRUNC, 0644)`
	`201`	`+ file, err := os.OpenFile(n.path, os.O_WRONLY\|os.O_CREATE\|os.O_TRUNC, 0600)`
`202`	`202`	`if err != nil {`
`203`	`203`	`return fmt.Errorf("failed to open config file: %w", err)`
`204`	`204`	`}`
`@@ -284,7 +284,7 @@ func (n *NixConfig) createBackup(backupPath string) error {`
`284`	`284`	`if err != nil {`
`285`	`285`	`return err`
`286`	`286`	`}`
`287`		`- return os.WriteFile(backupPath, input, 0644)`
	`287`	`+ return os.WriteFile(backupPath, input, 0600)`
`288`	`288`	`}`
`289`	`289`
`290`	`290`	`// expandTilde expands ~ to the user's home directory`