diff --git a/modules/borgbackup/default.nix b/modules/borgbackup/default.nix
index db1edb3..d67167c 100644
--- a/modules/borgbackup/default.nix
+++ b/modules/borgbackup/default.nix
@@ -156,10 +156,11 @@ let
     let
       # Because of the following line, clients do not need to specify an absolute repo path
       cdCommand = "cd ${escapeShellArg cfg.path}";
+      umaskArg = optionalString (cfg.umask != null) "--umask ${cfg.umask}";
       restrictedArg = "--restrict-to-${if cfg.allowSubRepos then "path" else "repository"} .";
       appendOnlyArg = optionalString appendOnly "--append-only";
       quotaArg = optionalString (cfg.quota != null) "--storage-quota ${cfg.quota}";
-      serveCommand = "borg serve ${restrictedArg} ${appendOnlyArg} ${quotaArg}";
+      serveCommand = "borg ${umaskArg} serve ${restrictedArg} ${appendOnlyArg} ${quotaArg}";
     in
       ''command="${cdCommand} && ${serveCommand}",restrict ${key}'';
 
@@ -646,6 +647,15 @@ in {
             example = "100G";
           };
 
+          umask = mkOption {
+            type = with types; nullOr str;
+            description = ''
+              Permissions applied to newly created files and directories.
+            '';
+            default = null;
+            example = "0027";
+          };
+
         };
       }
     ));