From 73e7daf926ce832335a529d67c8076a02b1c5dbc Mon Sep 17 00:00:00 2001
From: Trolli Schmittlauch <t.schmittlauch@orlives.de>
Date: Wed, 6 May 2026 14:31:13 +0200
Subject: [PATCH] /boot: protect random seed file

---
 hosts/framenix/storage.nix | 5 ++++-
 hosts/thinknix/storage.nix | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/hosts/framenix/storage.nix b/hosts/framenix/storage.nix
index 8acb7fd..3e4b194 100644
--- a/hosts/framenix/storage.nix
+++ b/hosts/framenix/storage.nix
@@ -37,7 +37,10 @@ in
     "/boot" = {
       device = "/dev/disk/by-uuid/AF8E-E9E6";
       fsType = "vfat";
-      options = [ "discard" ];
+      options = [
+        "discard"
+        "umask=077"
+      ];
     };
     # nix/ lix build directory
     # lix:
diff --git a/hosts/thinknix/storage.nix b/hosts/thinknix/storage.nix
index 169cca6..e9d67a8 100644
--- a/hosts/thinknix/storage.nix
+++ b/hosts/thinknix/storage.nix
@@ -35,7 +35,10 @@ in
     "/boot" = {
       device = "/dev/disk/by-uuid/DED9-661B";
       fsType = "vfat";
-      options = [ "discard" ];
+      options = [
+        "discard"
+        "umask=077"
+      ];
     };
 
     "/home" = {