From 304dd297ba6a128c21ebba20d83298c2c9cecbc8 Mon Sep 17 00:00:00 2001
From: nixbitcoin <nixbitcoin@i2pmail.org>
Date: Mon, 11 May 2020 13:59:53 +0200
Subject: [PATCH] clightning: remove config group read access

---
 modules/clightning.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/clightning.nix b/modules/clightning.nix
index 2a41b11..619d210 100644
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@@ -89,10 +89,9 @@ in {
         mkdir -m 0770 -p ${cfg.dataDir}
         cp ${configFile} ${cfg.dataDir}/config
         chown -R 'clightning:clightning' '${cfg.dataDir}'
-        # give group read access to allow using lightning-cli
-        chmod u=rw,g=r,o= ${cfg.dataDir}/config
         # The RPC socket has to be removed otherwise we might have stale sockets
         rm -f ${cfg.dataDir}/bitcoin/lightning-rpc
+        chmod 600 ${cfg.dataDir}/config
         echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'
         '';
       serviceConfig = {