From 51ec9e0d88b15276ec0891f932f6b572d6450809 Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Mon, 17 Aug 2020 21:22:15 +0100
Subject: [PATCH] Move /home/wpcarro/nixpkgs-channels to /var/lib

My builds are still failing. This time with...
```
error: getting status of /home/wpcarro/nixpkgs-channels: Permission denied
```
...what confused me was the following:

```shell
$ sudo -u buildkite-agent-socrates stat /home/wpcarro/nixpkgs-channels
permission denied
```

But `ls -al /home/wpcarro | grep nixpkgs-channels` showed `r-w` for all users...

Thankfully @riking on ##tvl told me that I should check the permissions for
/home/wpcarro and /home...

After running `ls -al /home`, I saw `---` for all user... I then reproduced the
error by running:

```shell
$ sudo -u buildkite-agent-socrates stat /home
permission denied
```

Great!

So then I moved nixpkgs-channels to /var/lib/buildkite-agent-socrates. @edef
recommended that I read more about DynamicUser= setting for systemd, which looks
relevant after I took a cursory glance.

I'll also want a more declarative way to manager this, but I'm making small
improvements every day.
---
 ci/scripts/build-briefcase.sh | 2 +-
 ci/scripts/build-socrates.sh  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ci/scripts/build-briefcase.sh b/ci/scripts/build-briefcase.sh
index dfe828650..a75402277 100644
--- a/ci/scripts/build-briefcase.sh
+++ b/ci/scripts/build-briefcase.sh
@@ -2,5 +2,5 @@ set -euo pipefail
 
 nix-build . \
   -I briefcase="$(pwd)" \
-  -I nixpkgs=/home/wpcarro/nixpkgs-channel \
+  -I nixpkgs=/var/lib/buildkite-agent-socrates/nixpkgs-channels \
   --show-trace
diff --git a/ci/scripts/build-socrates.sh b/ci/scripts/build-socrates.sh
index 721fbdf57..e7b550ea7 100644
--- a/ci/scripts/build-socrates.sh
+++ b/ci/scripts/build-socrates.sh
@@ -2,7 +2,7 @@ set -euo pipefail
 
 nix-build '<nixpkgs/nixos>' \
   -I briefcase="$(pwd)" \
-  -I nixpkgs=/home/wpcarro/nixpkgs-channels \
+  -I nixpkgs=/var/lib/buildkite-agent-socrates/nixpkgs-channels \
   -I nixos-config=nixos/socrates/default.nix \
   -A system \
   --show-trace