From d8e5cbe26a572cd95ef9f1846a5a7616cb940a21 Mon Sep 17 00:00:00 2001
From: DannyDannyDanny <dth@taiga.ai>
Date: Mon, 30 Mar 2026 14:20:31 +0200
Subject: [PATCH] fix(nixos): add safe.directory for dotfiles-rebuild service
 :wrench:

Git refuses to operate on /etc/dotfiles owned by danny when the
service runs as root. Pass safe.directory via environment variables.
---
 nixos/hosts/sunken-ship.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/hosts/sunken-ship.nix b/nixos/hosts/sunken-ship.nix
index 4774878..5739d3f 100644
--- a/nixos/hosts/sunken-ship.nix
+++ b/nixos/hosts/sunken-ship.nix
@@ -67,6 +67,9 @@ in
   systemd.services.dotfiles-rebuild = {
     description = "Pull dotfiles and run nixos-rebuild if repo changed";
     path = with pkgs; [ git nix ];
+    environment.GIT_CONFIG_COUNT = "1";
+    environment.GIT_CONFIG_KEY_0 = "safe.directory";
+    environment.GIT_CONFIG_VALUE_0 = dotfilesDir;
     script = ''
       set -euo pipefail
       cd ${dotfilesDir}