fix(servers): declare safe.directory in /etc/gitconfig 🔒
The dotfiles-rebuild service runs as root, but /etc/dotfiles is owned by `danny`. The GIT_CONFIG_* env vars in the service unit only affect the git CLI — nix/libgit2 reads safe.directory from /etc/gitconfig. After a recent nixpkgs bump libgit2 now enforces this strictly, so the service was failing to evaluate the flake. Enable programs.git and set programs.git.config.safe.directory = [ dotfilesDir ] on both sunken-ship and phantom-ship so the trust is persistent and Nix-managed.
This commit is contained in:
DannyDannyDanny
parent
c69c7c9b11
commit
5e7b76bdcf
2 changed files with 12 additions and 0 deletions
|
|
@ -134,6 +134,12 @@ in
|
|||
ReadWritePaths = [ "/var/lib/openclaw" "/etc/openclaw" ];
|
||||
};
|
||||
|
||||
# Trust /etc/dotfiles as root even though it's owned by `danny`.
|
||||
# The GIT_CONFIG_* env vars below only affect the git CLI; nix/libgit2
|
||||
# reads safe.directory from /etc/gitconfig, so set it there too.
|
||||
programs.git.enable = true;
|
||||
programs.git.config.safe.directory = [ dotfilesDir ];
|
||||
|
||||
# Pull dotfiles and rebuild if the repo has new commits.
|
||||
systemd.services.dotfiles-rebuild = {
|
||||
description = "Pull dotfiles and run nixos-rebuild if repo changed";
|
||||
|
|
|
|||
|
|
@ -185,6 +185,12 @@ in
|
|||
timerConfig.RandomizedDelaySec = "2min";
|
||||
};
|
||||
|
||||
# Trust /etc/dotfiles as root even though it's owned by `danny`.
|
||||
# The GIT_CONFIG_* env vars below only affect the git CLI; nix/libgit2
|
||||
# reads safe.directory from /etc/gitconfig, so set it there too.
|
||||
programs.git.enable = true;
|
||||
programs.git.config.safe.directory = [ dotfilesDir ];
|
||||
|
||||
# Pull dotfiles and rebuild if the repo has new commits.
|
||||
systemd.services.dotfiles-rebuild = {
|
||||
description = "Pull dotfiles and run nixos-rebuild if repo changed";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue