From 36e122ecb63eca274c909716483ee18aaedce8e9 Mon Sep 17 00:00:00 2001
From: Hunter Halloran <hdhdog@live.com>
Date: Wed, 17 Dec 2025 11:04:22 -0500
Subject: [PATCH] fix gh runner perms

---
 sw/builders/services.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sw/builders/services.nix b/sw/builders/services.nix
index 2984648..44d6b65 100644
--- a/sw/builders/services.nix
+++ b/sw/builders/services.nix
@@ -27,4 +27,10 @@ mkIf builderCfg.githubRunner.enable {
   systemd.services."github-runner-${builderCfg.githubRunner.name}".unitConfig = {
     ConditionPathExists = builderCfg.githubRunner.tokenFile;
   };
+
+  # Ensure the work directory exists with proper ownership before service starts
+  systemd.tmpfiles.rules = [
+    "d ${builderCfg.githubRunner.workDir} 0755 ${builderCfg.githubRunner.user} ${builderCfg.githubRunner.user} -"
+    "d ${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name} 0755 ${builderCfg.githubRunner.user} ${builderCfg.githubRunner.user} -"
+  ];
 }