From edf1f0c77d29e969dc3c93240aa97ca604a730b7 Mon Sep 17 00:00:00 2001
From: Ethan Turkeltaub <ethan@turkeltaub.dev>
Date: Wed, 10 Jun 2026 21:05:40 -0400
Subject: [PATCH] Set SSH key mode for `nix-docker`

---
 modules/profiles/system/builders/nix-docker.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/modules/profiles/system/builders/nix-docker.nix b/modules/profiles/system/builders/nix-docker.nix
index 461c7e43..e55611bc 100644
--- a/modules/profiles/system/builders/nix-docker.nix
+++ b/modules/profiles/system/builders/nix-docker.nix
@@ -1,8 +1,4 @@
-# NOTE: After this is applied, the permissions on the SSH key still need to be set:
-#
-#   $ sudo chmod 0400 /etc/nix/docker_rsa
-#
-# Also need to add to /var/root/.ssh/config, see nix-docker's README
+# NOTE: Also need to add to /var/root/.ssh/config, see nix-docker's README
 
 { config, pkgs, ... }: {
   environment = {
@@ -12,6 +8,7 @@
       "nix/docker_rsa" = {
         enable = true;
         source = "${pkgs.nix-docker}/ssh/insecure_rsa";
+        mode = "0400";
       };
 
       "nix/remote-build-env" = {