From 24b5686a26bc810f954e564285d5ba97b4c732da Mon Sep 17 00:00:00 2001
From: TheGeneralist <180094941+thegeneralist01@users.noreply.github.com>
Date: Sat, 31 Jan 2026 18:47:05 +0100
Subject: [PATCH] forgejo: add fs rules for the CI

---
 hosts/thegeneralist-central/forgejo/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/thegeneralist-central/forgejo/default.nix b/hosts/thegeneralist-central/forgejo/default.nix
index 1f54c11..bc076b6 100644
--- a/hosts/thegeneralist-central/forgejo/default.nix
+++ b/hosts/thegeneralist-central/forgejo/default.nix
@@ -156,6 +156,9 @@ in
   systemd.tmpfiles.rules = [
     "d /var/lib/gitea-runner 0755 gitea-runner gitea-runner -"
     "d /var/lib/gitea-runner/central 0755 gitea-runner gitea-runner -"
+    # Allow gitea-runner (in group users) to write to the blog repo's .git dir.
+    "d /home/thegeneralist/blog 2770 thegeneralist users -"
+    "Z /home/thegeneralist/blog/.git - thegeneralist users -"
   ];
 
   networking.firewall.allowedTCPPorts = [ 2222 ];