From 361c7f79b770c807b023768419bb26f1364a6aad Mon Sep 17 00:00:00 2001
From: Victor Engmark <victor@engmark.name>
Date: Sat, 4 Jan 2025 14:00:21 +0100
Subject: [PATCH] nixos/cron: Fix ShellCheck issue in preStart script

Fixes the following warning when setting
`systemd.enableStrictShellChecks = true`:

> SC2174 (warning): When used with -p, -m only applies to the deepest
> directory.

Since it could conceivably be possible for `/var` to not exist when
running this script, the fix also explicitly tries to create /var with
the normal 0755 permissions.
---
 nixos/modules/services/scheduling/cron.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix
index 447d07b4baf43..b6e43097f2d6e 100644
--- a/nixos/modules/services/scheduling/cron.nix
+++ b/nixos/modules/services/scheduling/cron.nix
@@ -125,7 +125,8 @@ in
         wantedBy = [ "multi-user.target" ];
 
         preStart = ''
-          mkdir -m 710 -p /var/cron
+          (umask 022 && mkdir -p /var)
+          (umask 067 && mkdir -p /var/cron)
 
           # By default, allow all users to create a crontab.  This
           # is denoted by the existence of an empty cron.deny file.