fix: allow server configs to writeable by service user

This allows secrets to be correctly written to the files

modules/squad-server.nix

@@ -983,16 +983,16 @@ in
                 cp -f "${path}" ./"${name}.cfg"
                 '') "" cfgs}
 
+                # Correct the permissions for the Squad Server cfgs. When the Squad Server is first
+                # installed it will include the configs by default with an overly open CHMOD.
+                chmod 0600 *.cfg
+
                 ${lib.optionalString (cfg.config.server.passwordFile != null) ''
                 ## Handle secrets for the `Server.cfg` file ##
                 # Safely load the server password outside of the nix store
                 sed -i -e 's/^ServerPassword=.*$/ServerPassword='"$(${pkgs.systemd}/bin/systemd-creds cat SQUAD_SERVER_PASSWORD_FILE)"'/g' ./Server.cfg
                 ''}
 
-                # Correct the permissions for the Squad Server cfgs. When the Squad Server is first
-                # installed it will include the configs by default with an overly open CHMOD.
-                chmod 0400 *.cfg
-
                 ${lib.optionalString (cfg.config.rcon.passwordFile != null) ''
                 ## Handle secrets for the `Rcon.cfg` file ##
                 # Safely load the rcon password outside of the nix store
@@ -1005,6 +1005,10 @@ in
                 printf "%s" "$(${pkgs.systemd}/bin/systemd-creds cat SQUAD_LICENSE_FILE)" > ./License.cfg
                 ''}
 
+                # Correct the permissions for the Squad Server cfgs. When the Squad Server is first
+                # installed it will include the configs by default with an overly open CHMOD.
+                chmod 0600 *.cfg
+
                 popd >/dev/null 2>&1
 
                 cat <<-__EOS__