Git config requires sudo

I’m setting up git through home-manager as a flake module. When I run git config it requires root priviledges. In my config folder I can see that the git/config is a link to the nix store, so I don’t want to mess with permissions or anything in there. Instead, I’m configuring git as much as possible via my home.nix file like so:

  programs.git = {
    enable = true;
    userName = "Leigh Gable";
    userEmail = "";
    extraConfig = {
      credential.helper = "${
          pkgs.git.override { withLibsecret = true; }

But I would like to set the default branch, and do some other stuff
that I can’t figure out from home.nix file.

Could someone let me know if this sudo issue is a sign that I’m doing something
wrong, and / or if I should just finish the configuration in the home.nix file?
All the best,
Leigh Gable

The nix store is read only. It can only be changed by nix. So you can’t mix git config with the home-manager module.

I assume you mean it says something like:

error: could not lock config file /home/tlater/.config/git/config: Read-only file system

That’s not “it requires root”, it’s just trying to edit a file on a read-only file system (which is prohibited, and not even root can do that). The difference is significant; nothing really “requires root”, and thinking that way is harmful.

Think instead about what it means to edit this file with git config. It means modifying the file created by your nix config after the fact. Do you really want to do that? It breaks the reproducibility, and potentially breaks nix’ cache, because you would also change the file hash, yet nix’ cache would have a record of a different hash. I’d cautiously say that you probably don’t intend to break nix :wink:


I don’t want to mess with permissions or anything in there.

is the correct call, I just want to make this explicit - don’t think in “requiring root” terms, think in terms of what you want to do, why only the root user is allowed to do it, and whether forcing it by becoming the root user is appropriate. Often when there is a file permissions issue, there is a good reason for it, and using sudo to circumvent it is bad practice that may bite you in the future.

All of that said, you can pretty easily translate git config commands to extraConfig settings.

For example this command:

git config --global init.defaultBranch main


programs.git.extraConfig.init.defaultBranch = "main";

both of those translate to:

        defaultBranch = "main"

The setting names just translate to attrsets, and then TOML-style dictionaries in the git config :slight_smile:

For more complex settings, like pushInsteadOf, where there is a parameter on the key (I have no idea how to use git config to set these, frankly), you can use nested attrsets:

programs.git.extraConfig.url."ssh://git@".pushInsteadOf = "https://";

This translates to the following git config:

[url "ssh://git@"]
        pushInsteadOf = "https://"

Hope that helps - in a nutshell, the git config stuff is anyway just syntax around setting keys and values in a git config file, you can do this really easily with nix.

The alternative is not configuring git via nix, or instructing home-manager to install a hand-made git config file (which you could pre-make with git config commands). I’d recommend the nix approach, though.


Thank you for the response, the detailed explanation and especially the examples!