From c8fb6da714412bf80d45d66a8a4aea75e8fcc247 Mon Sep 17 00:00:00 2001 From: Lily Miller Date: Mon, 6 Oct 2025 16:50:39 -0600 Subject: [PATCH] Fix: Run macha-chat as macha user for SSH key access CRITICAL FIX: macha-chat was running as the invoking user (e.g., lily), but SSH keys are stored at /var/lib/macha/.ssh/id_ed25519 which only the macha user can access. This caused password prompts when using SSH commands in macha-chat, while macha-ask (which runs as macha user) worked correctly. Changes: - macha-chat now uses 'sudo -u macha' like macha-ask does - Both interfaces now run with identical permissions - Ensures consistent SSH key access and behavior Now both macha-chat and macha-ask: - Run as the macha user - Have access to /var/lib/macha/.ssh/id_ed25519 - Use centralized command_patterns.py - No password prompts for SSH! --- module.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/module.nix b/module.nix index 716c9f2..bf34132 100644 --- a/module.nix +++ b/module.nix @@ -432,16 +432,16 @@ else: " "$QUERY" "$SYSTEM" '') - # Interactive chat tool (runs as invoking user, not as macha-autonomous) + # Interactive chat tool (runs as macha user for consistent permissions) (pkgs.writeScriptBin "macha-chat" '' #!${pkgs.bash}/bin/bash - export PYTHONPATH=${toString ./.} - export CHROMA_ENV_FILE="" - export ANONYMIZED_TELEMETRY="False" - - # Run as the current user, not as macha-autonomous - # This allows the chat to execute privileged commands with the user's permissions - ${pythonEnv}/bin/python3 ${./.}/chat.py + # Run as macha user to ensure access to SSH keys and consistent behavior + # Both macha-chat and macha-ask now run with the same permissions + sudo -u ${cfg.user} ${pkgs.coreutils}/bin/env \ + PYTHONPATH=${toString ./.} \ + CHROMA_ENV_FILE="" \ + ANONYMIZED_TELEMETRY="False" \ + ${pythonEnv}/bin/python3 ${./.}/chat.py '') # Tool to read full config file