Commit `0ee212aa9e96`

Vincent Demeester <vincent@sbr.pm>

2026-01-09 01:04:10

fix(kerkouane): Use stable path for systemd-run in git hooks

- Prevent git hook failures when systemd is garbage collected - Replace hardcoded Nix store paths with /run/current-system/sw/bin - Ensure sudo configuration remains valid across system rebuilds Signed-off-by: Vincent Demeester <vincent@sbr.pm>

main

1 parent 596bd2d

Changed files (1)

systems

kerkouane

extra.nix

@@ -119,12 +119,13 @@ in
   users.users.caddy.extraGroups = [ "users" ];
 
   # Allow vincent to run systemd-run without password (for git hooks)
+  # Use /run/current-system/sw/bin path to avoid hardcoded Nix store paths
   security.sudo.extraRules = [
     {
       users = [ "vincent" ];
       commands = [
         {
-          command = "${pkgs.systemd}/bin/systemd-run";
+          command = "/run/current-system/sw/bin/systemd-run";
           options = [ "NOPASSWD" ];
         }
       ];
@@ -237,7 +238,7 @@ in
 
       # SSH to aomi and trigger build with systemd-run
       ${pkgs.openssh}/bin/ssh -o BatchMode=yes builder@10.100.0.17 \
-        "sudo ${pkgs.systemd}/bin/systemd-run \
+        "sudo /run/current-system/sw/bin/systemd-run \
           --unit=\"$UNIT_NAME\" \
           --description=\"Remote build: $REPO_NAME ($BUILD_TYPE)\" \
           --property=\"OnSuccess=job-notify@\''${UNIT_NAME}.service\" \
@@ -283,7 +284,7 @@ in
         UNIT_NAME="git-gitmal-''${REPO_NAME}-''${TIMESTAMP}"
         echo "Queuing gitmal generation for $REPO_NAME with theme: $GITMAL_THEME..."
 
-        sudo ${pkgs.systemd}/bin/systemd-run \
+        sudo /run/current-system/sw/bin/systemd-run \
           --unit="$UNIT_NAME" \
           --description="Gitmal generation for $REPO_NAME" \
           --property="OnSuccess=git-notify@''${UNIT_NAME}.service" \

Commit 0ee212aa9e96

Commit `0ee212aa9e96`