From bfe7bb410f3cad92dd291ba3a97831f7aa04972e Mon Sep 17 00:00:00 2001
From: Victor Engmark <victor@engmark.name>
Date: Wed, 20 Nov 2024 14:54:00 +1300
Subject: [PATCH] nixos/printing: fix ShellCheck issues

ShellCheck reports the following:

> SC2174 (warning): When used with -p, -m only applies to the deepest
> directory.

Avoid this warning by splitting `mkdir -m MODE -p DIR` into
`(umask MASK && mkdir -p DIR)`.
---
 nixos/modules/services/printing/cupsd.nix | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix
index a1fb0b3951e4..c916839f126c 100644
--- a/nixos/modules/services/printing/cupsd.nix
+++ b/nixos/modules/services/printing/cupsd.nix
@@ -384,14 +384,11 @@ in
         preStart = lib.optionalString cfg.stateless ''
           rm -rf /var/cache/cups /var/lib/cups /var/spool/cups
         '' + ''
-            mkdir -m 0700 -p /var/cache/cups
-            mkdir -m 0700 -p /var/spool/cups
-            mkdir -m 0755 -p ${cfg.tempDir}
-
-            mkdir -m 0755 -p /var/lib/cups
+            (umask 077 && mkdir -p /var/cache/cups /var/spool/cups)
+            (umask 022 && mkdir -p ${cfg.tempDir} /var/lib/cups)
             # While cups will automatically create self-signed certificates if accessed via TLS,
             # this directory to store the certificates needs to be created manually.
-            mkdir -m 0700 -p /var/lib/cups/ssl
+            (umask 077 && mkdir -p /var/lib/cups/ssl)
 
             # Backwards compatibility
             if [ ! -L /etc/cups ]; then