From 03c92b4722e0d635c33176a0afe79d4a6d0d31b9 Mon Sep 17 00:00:00 2001
From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com>
Date: Sat, 2 Mar 2024 18:26:52 +0100
Subject: [PATCH] Fix security hole /boot and /boot/loader/random-seed

https://github.com/nix-community/disko/issues/527
---
 hosts/franz/disko.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/franz/disko.nix b/hosts/franz/disko.nix
index 313c8c3..29ec4ca 100644
--- a/hosts/franz/disko.nix
+++ b/hosts/franz/disko.nix
@@ -19,6 +19,7 @@
               type = "filesystem";
               format = "vfat";
               mountpoint = "/boot";
+              mountOptions = ["umask=0077"];
             };
           };
           swap = {