add o+x permission on service-state directories

this is needed for resolvconf, which writes resolv.conf as
an output and wants to make it world-readable

examples/rotuer.nix

@@ -128,6 +128,7 @@ in rec {
       ( in_outputs ${name}
        echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
        echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
+       chmod 0444 resolv.conf
       )
     '';
     down = ''

modules/ntp/service.nix

@@ -22,7 +22,7 @@ let
     ++
     (mapAttrsToList (name: opts: "peer ${name} ${concatStringsSep "" opts}")
       p.peers)
-    ++ [ "user ${p.user}" ]
+    ++ lib.optional (p.user != null) "user ${p.user}"
     ++ (lib.optional (p.makestep != null) "makestep ${toString p.makestep.threshold} ${toString p.makestep.limit}")
     ++ (map (n: "allow ${n}") p.allow)
     ++ (lib.optional (p.bindaddress != null) "bindaddress ${p.bindaddress}")

modules/s6/scripts/rc.init

@@ -21,7 +21,7 @@ mount -t sysfs none /sys
 mkdir /dev/pts
 mount -t devpts none /dev/pts
 
-mkdir -m 0750 /run/service-state
+mkdir -m 0751 /run/service-state
 chgrp system /run/service-state
 
 ### If your services are managed by s6-rc:

pkgs/service-fns/default.nix

@@ -4,7 +4,7 @@ writeText "service-fns.sh" ''
   output_path() { echo $(realpath $1/.outputs)/$2; }
   mkoutputs() {
     d=/run/service-state/$1
-    mkdir -m 2750 -p $d && chown root:system $d
+    mkdir -m 2751 -p $d && chown root:system $d
     echo $d
   }
   in_outputs() {