Services: fix (hopefully) autoupgrade script per https://discourse.nixos.org/t/sudo-uid-issues/9133

modules/services/autoupgrade.nix

@@ -63,12 +63,12 @@ in
           cd ${cfg.configDir}
           # Check if there are changes from Git.
           echo "Pulling latest version..."
-          sudo -u ${cfg.user} git fetch
+          /run/wrappers/bin/sudo -u ${cfg.user} git fetch
-          sudo -u ${cfg.user} git diff --quiet --exit-code ${cfg.branches.local} ${cfg.branches.remoteName}/${cfg.branches.remote} || true
+          /run/wrappers/bin/sudo -u ${cfg.user} git diff --quiet --exit-code ${cfg.branches.local} ${cfg.branches.remoteName}/${cfg.branches.remote} || true
           # If we have changes (git diff returns 1), pull changes and run the update
           if [ $? -eq 1 ]; then
             echo "Updates found, running nixos-rebuild..."
-            sudo -u ${cfg.user} git pull --recurse-submodules
+            /run/wrappers/bin/sudo -u ${cfg.user} git pull --recurse-submodules
             nixos-rebuild switch --flake .
           else
             echo "No updates found. Exiting."
@@ -99,9 +99,9 @@ in
           cd ${cfg.configDir}
           # Make sure we're up-to-date
           echo "Pulling the latest version..."
-          sudo -u ${cfg.user} git pull --recurse-submodules
+          /run/wrappers/bin/sudo -u ${cfg.user} git pull --recurse-submodules
-          sudo -u ${cfg.user} nix flake update --commit-lock-file
+          /run/wrappers/bin/sudo -u ${cfg.user} nix flake update --commit-lock-file
-          sudo -u ${cfg.user} git push
+          /run/wrappers/bin/sudo -u ${cfg.user} git push
         '';
       };