From 4b954850906af1e2d395da71f065f7140d7c7f0c Mon Sep 17 00:00:00 2001
From: Andreas Zweili <andreas@zweili.ch>
Date: Mon, 21 Nov 2022 08:35:49 +0100
Subject: [PATCH] Make the restic key readable by the restic user

---
 modules/restic-server/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/restic-server/default.nix b/modules/restic-server/default.nix
index be4f668..9d20fa6 100644
--- a/modules/restic-server/default.nix
+++ b/modules/restic-server/default.nix
@@ -3,7 +3,12 @@ let
   repository = "/var/lib/restic-server";
 in
 {
-  age.secrets.resticKey.file = "${custom.inputs.self}/scrts/restic.key.age";
+  age.secrets.resticKey = {
+    file = "${custom.inputs.self}/scrts/restic.key.age";
+    mode = "440";
+    owner = "restic";
+    group = "restic";
+  };
 
   environment.systemPackages = with pkgs; [
     restic