From 077dc7d1fa4812c6a76b3a821512856f54ec92bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Thu, 4 Apr 2024 22:20:52 +0200
Subject: [PATCH] fix(restic): restic user should own its password

---
 systems/zaatar/configuration.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/systems/zaatar/configuration.nix b/systems/zaatar/configuration.nix
index 1a172af..38ec856 100644
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -45,7 +45,12 @@ in {
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
-    restic.file = ../../secrets/restic.age;
+    restic = {
+      file = ../../secrets/restic.age;
+      mode = "400";
+      owner = "restic";
+      group = "restic";
+    };
   };
 
   services.restic.backups.niveum = {