From 5f37f63af2761b251c07fd4b14d3ee2b3f63273b Mon Sep 17 00:00:00 2001
From: Bladesy <gitea.otter307@simplelogin.com>
Date: Fri, 20 Dec 2024 23:54:19 +0000
Subject: [PATCH] fix: close port 8096 and explicitly specify persistent
 directory permissions

---
 modules/sv1.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/sv1.nix b/modules/sv1.nix
index 54c7e85..0415c72 100644
--- a/modules/sv1.nix
+++ b/modules/sv1.nix
@@ -155,7 +155,6 @@
     firewall.allowedTCPPorts = [
       80
       443
-      8096
     ];
   };
 
@@ -262,16 +261,23 @@
     persistence."/persist" = {
       hideMounts = true;
       directories = [
-        "/var/lib/nixos"
+        {
+          directory = "/var/lib/nixos";
+          user = "root";
+          group = "root";
+          mode = "u=rwx,g=rx,o=rx";
+        }
         {
           directory = "/var/lib/gitea";
           user = "gitea";
           group = "gitea";
+          mode = "u=rwx,g=rx,o=";
         }
         {
           directory = "/var/lib/jellyfin";
           user = "jellyfin";
           group = "jellyfin";
+          mode = "u=rwx,g=rx,o=";
         }
       ];
     };