From 32e1f6771a5548ae72710ba1ce25c8789cc4c86c Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Mon, 25 Aug 2025 11:13:27 -0400
Subject: [PATCH] qbt: restrict permissions around TempPath

---
 services/qbittorrent.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix
index 3989d1a..0105a02 100644
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@@ -200,7 +200,7 @@
 
   systemd.tmpfiles.rules = [
     "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
-    "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
+    "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
     "d ${config.services.qbittorrent.profileDir} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
   ];