From f30f949895bebebab553052a4c51a0847c7274d0 Mon Sep 17 00:00:00 2001
From: rob thijssen <grenade@rob.tn>
Date: Mon, 4 May 2026 13:32:12 +0300
Subject: [PATCH] fix: ensure root ownership when syncing staged folders

---
 script/deploy.sh | 45 +++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 41 insertions(+), 4 deletions(-)

diff --git a/script/deploy.sh b/script/deploy.sh
index a7c37fa..5dc2ae8 100755
--- a/script/deploy.sh
+++ b/script/deploy.sh
@@ -142,7 +142,16 @@ deploy_api() {
     if (( dry_run )); then
         printf '\033[2m[dry-run]\033[0m rsync staged -> %s:/\n' "$host" >&2
     else
-        rsync -aHAX --rsync-path="sudo rsync" "$stage/" "${host}:/"
+        rsync \
+            --archive \
+            --hard-links \
+            --acls \
+            --xattrs \
+            --numeric-ids \
+            --chown root:root \
+            --rsync-path 'sudo rsync' \
+            "$stage/" \
+            "${host}:/"
     fi
 
     ssh_run "$host" "sudo bash -s" <<'REMOTE_EOF'
@@ -240,7 +249,16 @@ deploy_worker() {
     if (( dry_run )); then
         printf '\033[2m[dry-run]\033[0m rsync staged -> %s:/\n' "$host" >&2
     else
-        rsync -aHAX --rsync-path="sudo rsync" "$stage/" "${host}:/"
+        rsync \
+            --archive \
+            --hard-links \
+            --acls \
+            --xattrs \
+            --numeric-ids \
+            --chown root:root \
+            --rsync-path 'sudo rsync' \
+            "$stage/" \
+            "${host}:/"
     fi
 
     ssh_run "$host" "sudo bash -s" <<'REMOTE_EOF'
@@ -294,8 +312,27 @@ deploy_web() {
     if (( dry_run )); then
         printf '\033[2m[dry-run]\033[0m rsync staged -> %s:/\n' "$host" >&2
     else
-        rsync -aHAX --delete --rsync-path="sudo rsync" "$stage/var/www/rob.tn/" "${host}:/var/www/rob.tn/"
-        rsync -aHAX --rsync-path="sudo rsync" "$stage/etc/nginx/conf.d/rob.tn.conf" "${host}:/etc/nginx/conf.d/rob.tn.conf"
+        rsync \
+            --archive \
+            --hard-links \
+            --acls \
+            --xattrs \
+            --numeric-ids \
+            --chown root:root \
+            --rsync-path 'sudo rsync' \
+            --delete \
+            "$stage/var/www/rob.tn/" \
+            "${host}:/var/www/rob.tn/"
+        rsync \
+            --archive \
+            --hard-links \
+            --acls \
+            --xattrs \
+            --numeric-ids \
+            --chown root:root \
+            --rsync-path 'sudo rsync' \
+            "$stage/etc/nginx/conf.d/rob.tn.conf" \
+            "${host}:/etc/nginx/conf.d/rob.tn.conf"
     fi
 
     ssh_run "$host" "sudo bash -s" <<'REMOTE_EOF'