My nix-darwin and NixOS config
fix: correct git config path
+3
-1
+3
-1
modules/common.nix
+3
-1
modules/common.nix
···
27
27
# Allow the nixos-upgrade service (runs as root) to read the flake repo
28
28
# owned by the regular user. Without this, git 2.35.2+ refuses to open
29
29
# repos not owned by the calling user (CVE-2022-24765 mitigation).
30
+
# Use --file to target root's gitconfig explicitly — activation scripts
31
+
# run without $HOME set, which git --global requires.
30
32
system.activationScripts.nixosUpgradeGitSafeDir = ''
31
-
${pkgs.git}/bin/git config --global --add safe.directory /home/${cfg.user.username}/.config/nix-config
33
+
${pkgs.git}/bin/git config --file /root/.gitconfig --add safe.directory /home/${cfg.user.username}/.config/nix-config
32
34
'';
33
35
34
36
# Symlink tracked hooks into .git/hooks so they're always up to date.