From f76a9eb52674e6f8941a774954dc5ba3f1faceae Mon Sep 17 00:00:00 2001
From: Renaud <c0bw3b@users.noreply.github.com>
Date: Mon, 22 Oct 2018 23:58:12 +0200
Subject: [PATCH] nixos/ddclient: make RuntimeDirectory private

ddclient will raise a warning if /run/ddclient/ is world-readable
---
 nixos/modules/services/networking/ddclient.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix
index 9a2e13e9553c..77a9af058c7c 100644
--- a/nixos/modules/services/networking/ddclient.nix
+++ b/nixos/modules/services/networking/ddclient.nix
@@ -182,6 +182,7 @@ with lib;
       serviceConfig = rec {
         DynamicUser = true;
         RuntimeDirectory = StateDirectory;
+        RuntimeDirectoryMode = "0750";
         StateDirectory = builtins.baseNameOf dataDir;
         Type = "oneshot";
         ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m666 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf";