From 9f205fee5efb7dea41c5e42fe32bfa082b051bff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Sat, 7 Feb 2026 05:57:59 +0100
Subject: [PATCH] fix: add writable cache directory for nix git flake fetching

The listener service had ProtectHome=read-only which prevented Nix
from writing to /root/.cache when fetching git flakes. This adds a
CacheDirectory managed by systemd and sets XDG_CACHE_HOME to use it.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 nixos/module.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nixos/module.nix b/nixos/module.nix
index 714563f..efdd1a2 100644
--- a/nixos/module.nix
+++ b/nixos/module.nix
@@ -103,11 +103,15 @@ in
       after = [ "network-online.target" ];
       wants = [ "network-online.target" ];
 
-      environment = cfg.environment;
+      environment = cfg.environment // {
+        # Nix needs a writable cache for git flake fetching
+        XDG_CACHE_HOME = "/var/cache/homelab-deploy";
+      };
 
       path = [ pkgs.git config.system.build.nixos-rebuild ];
 
       serviceConfig = {
+        CacheDirectory = "homelab-deploy";
         Type = "simple";
         ExecStart = "${cfg.package}/bin/homelab-deploy listener ${args}";
         Restart = "always";