From 5ca4da94ebc1c0f6dbf775ee1506b9708df7e040 Mon Sep 17 00:00:00 2001
From: Aaron Honeycutt <aaronhoneycutt@protonmail.com>
Date: Sat, 19 Apr 2025 17:25:52 -0600
Subject: [PATCH] add boot permission fix

---
 src/main.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/main.rs b/src/main.rs
index c1b5ffc..c0a5a65 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -228,6 +228,17 @@ fn main() {
         .output()
         .expect("Failed to move nix files over");
 
+    // Fixes a security issue with boot
+    let _boot_fix = Command::new("sed")
+        .arg("-i")
+        .arg(r#"/fsType = "vfat"/ {
+            n
+            s/\(options = \[.*\)\]/\1"umask=0077"]/ 
+        }"#)
+        .arg("/mnt/etc/nixos/hardware-configuration.nix")
+        .output()
+        .expect("Failed to apply boot fix");
+    
     // Host selection
     loop {
         println!("");