Change umask settings in age-home.nix

[mihakrumpestar]

When using:

let
  rage-with-tpm =
    pkgs.runCommand "rage-with-tpm"
    {
      nativeBuildInputs = [pkgs.makeWrapper];
      propagatedBuildInputs = [pkgs.rage];
    }
    ''
      makeWrapper ${pkgs.rage}/bin/rage $out/bin/rage \
        --prefix PATH : "${pkgs.lib.makeBinPath [pkgs.age-plugin-tpm]}"
    ''
    // {meta.mainProgram = "rage";};
in {
  age = {
    identityPaths = [age_host_identity];
    ageBin = lib.getExe rage-with-tpm;
  };

  home-manager.sharedModules = [
    {
      # systemctl status --user agenix.service
      age = {
        inherit (config.age) identityPaths;
        package = rage-with-tpm;
      };
    }
  ];
  
  environment.systemPackages = with pkgs; [
    rage-with-tpm
    age-plugin-tpm
  ];
  

age-plugin-tpm is unable to see TPM in home-manager, eg. it reports error:

Error: No matching keys found

Note that this happens only with non-root users, the nixos activation and activation of the user activation script as root works fine.

With the change of umask u to rx this problem is mitigated and the activation of agenix for normal users works.

Why exactly does this not work without x (execute) I have no idea.