From da8a733899706617b1a039d1e500f21851677d41 Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Sun, 2 Jun 2024 19:10:48 +0200
Subject: [PATCH] clan_cli secrets_upload: fix permissions

---
 pkgs/clan-cli/clan_cli/facts/upload.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/clan-cli/clan_cli/facts/upload.py b/pkgs/clan-cli/clan_cli/facts/upload.py
index 8d8cf30d..6cb6bf8b 100644
--- a/pkgs/clan-cli/clan_cli/facts/upload.py
+++ b/pkgs/clan-cli/clan_cli/facts/upload.py
@@ -33,6 +33,8 @@ def upload_secrets(machine: Machine) -> None:
                     " ".join(["ssh"] + ssh_cmd[2:]),
                     "-az",
                     "--delete",
+                    "--chown=root:root",
+                    "--chmod=D700,F600",
                     f"{tempdir!s}/",
                     f"{host.user}@{host.host}:{machine.secrets_upload_directory}/",
                 ],