From d413dc071e397bb0c37f376a9e3f684a5cabf440 Mon Sep 17 00:00:00 2001
From: echtnurich <ich@echtnurich.de>
Date: Fri, 24 Jan 2025 18:00:26 +0100
Subject: [PATCH 1/3] switch from ExexReload to systemd.services.<name>.reload

---
 config/hosts/yate/yate.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/hosts/yate/yate.nix b/config/hosts/yate/yate.nix
index d5e64f1..a1f165b 100644
--- a/config/hosts/yate/yate.nix
+++ b/config/hosts/yate/yate.nix
@@ -45,11 +45,6 @@
     };
     serviceConfig = {
       ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
-      ExecReload= ''
-	${pkgs.git}/bin/git config --global --add safe.directory /var/lib/yate
-	/usr/bin/env GIT_SSH_COMMAND=\\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
-	/usr/bin/env GIT_SSH_COMMAND=\\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\\" ${pkgs.git}/bin/git -C /var/lib/yate reset --hard origin/main
-      '';
       Type="simple";
       Restart="always";
       User="yate";
@@ -71,5 +66,10 @@
         ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
       fi
     '';
+    reload= ''
+      ${pkgs.git}/bin/git config --global --add safe.directory /var/lib/yate
+      /usr/bin/env GIT_SSH_COMMAND=\\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
+      /usr/bin/env GIT_SSH_COMMAND=\\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\\" ${pkgs.git}/bin/git -C /var/lib/yate reset --hard origin/main
+    '';
   };
 }

From a2e67f746f563a794b4e9db9f3c9db8a6c6b3f53 Mon Sep 17 00:00:00 2001
From: echtnurich <ich@echtnurich.de>
Date: Fri, 24 Jan 2025 19:12:46 +0100
Subject: [PATCH 2/3] finally fix pulling and refreshing the config in a stable
 way

---
 config/hosts/yate/yate.nix | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/config/hosts/yate/yate.nix b/config/hosts/yate/yate.nix
index a1f165b..89f225e 100644
--- a/config/hosts/yate/yate.nix
+++ b/config/hosts/yate/yate.nix
@@ -56,20 +56,22 @@
     requires = [ "network-online.target" ];
     preStart = ''
       echo \"\n\" >> /run/secrets/git_clone_key
+      id
       sleep 5
       SSH_SUCCESS=1
       ${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG  || SSH_SUCCESS=0
       if [ $SSH_SUCCESS = 1 ]; then
         rm -rf /var/lib/yate/*
         rm -rf /var/lib/yate/.*
-        env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
-        ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
+        env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
+        ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory "/var/lib/yate"
       fi
     '';
     reload= ''
+      id
       ${pkgs.git}/bin/git config --global --add safe.directory /var/lib/yate
-      /usr/bin/env GIT_SSH_COMMAND=\\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
-      /usr/bin/env GIT_SSH_COMMAND=\\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\\" ${pkgs.git}/bin/git -C /var/lib/yate reset --hard origin/main
+      /usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
+      /usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate reset --hard origin/master
     '';
   };
 }

From 6383cbb62f0b2f2743e83eb47609fe5d149d1c96 Mon Sep 17 00:00:00 2001
From: echtnurich <ich@echtnurich.de>
Date: Fri, 24 Jan 2025 19:54:31 +0100
Subject: [PATCH 3/3] report users and do basic ownership check before trying
 to delete repo

---
 config/hosts/yate/yate.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/config/hosts/yate/yate.nix b/config/hosts/yate/yate.nix
index 89f225e..236e1f0 100644
--- a/config/hosts/yate/yate.nix
+++ b/config/hosts/yate/yate.nix
@@ -55,12 +55,13 @@
     wantedBy = [ "default.target" ];
     requires = [ "network-online.target" ];
     preStart = ''
-      echo \"\n\" >> /run/secrets/git_clone_key
-      id
+      echo "\n" >> /run/secrets/git_clone_key
       sleep 5
+      id
+      echo "$(stat -c '%U' /var/lib/yate/.git) owns /var/lib/yate/.git"
       SSH_SUCCESS=1
       ${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG  || SSH_SUCCESS=0
-      if [ $SSH_SUCCESS = 1 ]; then
+      if [[ $SSH_SUCCESS = 1 && $(stat -c '%U' /var/lib/yate/.git) == *yate* ]]; then
         rm -rf /var/lib/yate/*
         rm -rf /var/lib/yate/.*
         env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate