From 4b44917e2d2c0d765e305be92b10fcc0b6602906 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Fri, 14 Jun 2024 12:54:19 -0400
Subject: [PATCH] disko: fix /boot being world-writeable

---
 hosts/fallarbor/disko.nix | 1 +
 hosts/lavaridge/disko.nix | 2 +-
 hosts/petalburg/disko.nix | 2 +-
 hosts/rustboro/disko.nix  | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hosts/fallarbor/disko.nix b/hosts/fallarbor/disko.nix
index 2f549777..90076db9 100644
--- a/hosts/fallarbor/disko.nix
+++ b/hosts/fallarbor/disko.nix
@@ -20,6 +20,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
+                mountOptions = ["umask=0077"];
               };
             };
             root = {
diff --git a/hosts/lavaridge/disko.nix b/hosts/lavaridge/disko.nix
index 0558b9a9..47ce23df 100644
--- a/hosts/lavaridge/disko.nix
+++ b/hosts/lavaridge/disko.nix
@@ -18,7 +18,7 @@
                 format = "vfat";
                 mountpoint = "/boot";
                 mountOptions = [
-                  "defaults"
+                  "umask=0077"
                 ];
               };
             };
diff --git a/hosts/petalburg/disko.nix b/hosts/petalburg/disko.nix
index 0558b9a9..47ce23df 100644
--- a/hosts/petalburg/disko.nix
+++ b/hosts/petalburg/disko.nix
@@ -18,7 +18,7 @@
                 format = "vfat";
                 mountpoint = "/boot";
                 mountOptions = [
-                  "defaults"
+                  "umask=0077"
                 ];
               };
             };
diff --git a/hosts/rustboro/disko.nix b/hosts/rustboro/disko.nix
index 7c41aa1f..44e593a0 100644
--- a/hosts/rustboro/disko.nix
+++ b/hosts/rustboro/disko.nix
@@ -18,7 +18,7 @@
                 format = "vfat";
                 mountpoint = "/boot";
                 mountOptions = [
-                  "defaults"
+                  "umask=0077"
                 ];
               };
             };