From 8e8a2c9c3ce0618fbfdd0b4581bcb1f256397c10 Mon Sep 17 00:00:00 2001
From: Kyren223 <kyren223@proton.me>
Date: Sun, 3 Aug 2025 20:06:32 +0300
Subject: [PATCH] Hardening

---
 nixosModules/eko.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixosModules/eko.nix b/nixosModules/eko.nix
index 246e850..d8a92bd 100644
--- a/nixosModules/eko.nix
+++ b/nixosModules/eko.nix
@@ -26,7 +26,8 @@
     ];
 
     # Allow grafana access to the sqlite db
-    systemd.services.eko.serviceConfig.StateDirectoryMode = lib.mkForce 0755;
+    users.users.eko.extraGroups = [ "grafana" ];
+    systemd.services.eko.serviceConfig.StateDirectoryMode = lib.mkForce 0750;
     systemd.services.grafana = {
       serviceConfig = {
         ProtectHome = lib.mkForce false;