gitolite: systemd tmpfile 'leading directories are implicitly created owned by root'

author: toufic ar <contact@toufy.me> 2026-05-22 16:19:08 +0300
committer: toufic ar <contact@toufy.me> 2026-05-22 16:19:08 +0300
commit: aa70a06545893b223efa7496bfd89ed862ac3527 (patch)
tree: d09a23ec5a0f47777b9e091ff942158559d27676 /aphrodite/devops
parent: 36983f35cfda233dab3f110bbbd00823e38eab64 (diff)
download: servers-aa70a06545893b223efa7496bfd89ed862ac3527.tar.gz
servers-aa70a06545893b223efa7496bfd89ed862ac3527.zip
1 files changed, 16 insertions, 8 deletions
diff --git a/aphrodite/devops/git.nix b/aphrodite/devops/git.nix
index e5590d6..ea6a5eb 100644
--- a/aphrodite/devops/git.nix
+++ b/aphrodite/devops/git.nix
@@ -43,14 +43,22 @@ in {
     '';
   };
 
-  systemd.tmpfiles.settings."gitolite-local-code" = {
-    "${config.services.gitolite.dataDir}/.gitolite/local/hooks/repo-specific" = {
-      d = {
-        user = "${config.services.gitolite.user}";
-        group = "${config.services.gitolite.group}";
-        mode = "0755";
-      };
-    };
+  systemd.tmpfiles.settings = let
+    base = "${config.services.gitolite.dataDir}/.gitolite";
+    paths = ["/local" "/local/hooks" "/local/hooks/repo-specific"];
+    user = config.services.gitolite.user;
+    group = config.services.gitolite.group;
+  in {
+    "gitolite-local-code" = builtins.listToAttrs (map (p: {
+        name = "${base}${p}";
+        value = {
+          d = {
+            user = user;
+            group = group;
+          };
+        };
+      })
+      paths);
   };
 
   services.cgit.${domain} = {
author	toufic ar <contact@toufy.me>	2026-05-22 16:19:08 +0300
committer	toufic ar <contact@toufy.me>	2026-05-22 16:19:08 +0300
commit	aa70a06545893b223efa7496bfd89ed862ac3527 (patch)
tree	d09a23ec5a0f47777b9e091ff942158559d27676 /aphrodite/devops
parent	36983f35cfda233dab3f110bbbd00823e38eab64 (diff)
download	servers-aa70a06545893b223efa7496bfd89ed862ac3527.tar.gz servers-aa70a06545893b223efa7496bfd89ed862ac3527.zip