diff --git a/hosts/yodaHedgehog/hardware-configuration.nix b/hosts/yodaHedgehog/hardware-configuration.nix
index 7e7c840..221292a 100644
--- a/hosts/yodaHedgehog/hardware-configuration.nix
+++ b/hosts/yodaHedgehog/hardware-configuration.nix
@@ -30,6 +30,7 @@
   fileSystems."/boot" =
     { device = "/dev/disk/by-uuid/81A5-B98A";
       fsType = "vfat";
+      options = [ "umask=0077" ];
     };
 
   fileSystems."/mnt/backup" =
diff --git a/hosts/yodaNas/hardware-configuration.nix b/hosts/yodaNas/hardware-configuration.nix
index c087ed2..1b57219 100644
--- a/hosts/yodaNas/hardware-configuration.nix
+++ b/hosts/yodaNas/hardware-configuration.nix
@@ -30,6 +30,11 @@
   fileSystems."/boot" =
     { device = "/dev/disk/by-uuid/072E-897D";
       fsType = "vfat";
+      # Fixes the error
+      #   systemd-boot-random-seed.service: Mount point '/boot' which backs the random seed file is world accessible, which is a security hole!
+      # TODO: Do this with disko. Example: https://github.com/wimpysworld/nix-config/blob/0cc52f746d5c5fec9d8edea5391661da811eb08f/nixos/tanis/disks.nix#L17
+      # TODO: Add this to other NixOS hosts.
+      options = [ "umask=0077" ];
     };
 
   fileSystems."/mnt/data" =