From aa70a06545893b223efa7496bfd89ed862ac3527 Mon Sep 17 00:00:00 2001
From: toufic ar <contact@toufy.me>
Date: Fri, 22 May 2026 16:19:08 +0300
Subject: gitolite: systemd tmpfile 'leading directories are implicitly created
 owned by root'

---
 aphrodite/devops/git.nix | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

(limited to 'aphrodite/devops/git.nix')

diff --git a/aphrodite/devops/git.nix b/aphrodite/devops/git.nix
index e5590d6..ea6a5eb 100644
--- a/aphrodite/devops/git.nix
+++ b/aphrodite/devops/git.nix
@@ -43,14 +43,22 @@ in {
     '';
   };
 
-  systemd.tmpfiles.settings."gitolite-local-code" = {
-    "${config.services.gitolite.dataDir}/.gitolite/local/hooks/repo-specific" = {
-      d = {
-        user = "${config.services.gitolite.user}";
-        group = "${config.services.gitolite.group}";
-        mode = "0755";
-      };
-    };
+  systemd.tmpfiles.settings = let
+    base = "${config.services.gitolite.dataDir}/.gitolite";
+    paths = ["/local" "/local/hooks" "/local/hooks/repo-specific"];
+    user = config.services.gitolite.user;
+    group = config.services.gitolite.group;
+  in {
+    "gitolite-local-code" = builtins.listToAttrs (map (p: {
+        name = "${base}${p}";
+        value = {
+          d = {
+            user = user;
+            group = group;
+          };
+        };
+      })
+      paths);
   };
 
   services.cgit.${domain} = {
-- 
cgit v1.2.3