From 6fd0acb81b8ef8121df0d27eae65a86baf9ad4c2 Mon Sep 17 00:00:00 2001
From: Felix Buehler <account@buehler.rocks>
Date: Mon, 8 Apr 2024 23:49:36 +0200
Subject: [PATCH] ec2-data: prefer 'install/umask' over 'chmod'

---
 nixos/modules/virtualisation/ec2-data.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix
index 0cc6d9938e22..3414c5a1fc9d 100644
--- a/nixos/modules/virtualisation/ec2-data.nix
+++ b/nixos/modules/virtualisation/ec2-data.nix
@@ -35,9 +35,8 @@ with lib;
                 echo "obtaining SSH key..."
                 mkdir -m 0700 -p /root/.ssh
                 if [ -s /etc/ec2-metadata/public-keys-0-openssh-key ]; then
-                    cat /etc/ec2-metadata/public-keys-0-openssh-key >> /root/.ssh/authorized_keys
+                    (umask 177; cat /etc/ec2-metadata/public-keys-0-openssh-key >> /root/.ssh/authorized_keys)
                     echo "new key added to authorized_keys"
-                    chmod 600 /root/.ssh/authorized_keys
                 fi
             fi