Fix config/data ownership — chown to invoking user after make install

make install runs as root so all generated files (config/, data/) land
as root:root. Added a chown pass in install.sh after make install
completes, re-applying REPO_OWNER ownership. Also fixed the make setup
chown to use SUDO_USER when invoked via sudo rather than always id -u
(which is 0 when running as root).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Makefile

@@ -79,7 +79,7 @@ check-deps:
 
 setup: check-deps
 	@echo "Setting up Personal Internet Cell..."
-	@sudo chown -R $$(id -u):$$(id -g) config/ data/ 2>/dev/null || true
+	@sudo chown -R $${SUDO_USER:-$$(id -un)}:$${SUDO_USER:-$$(id -un)} config/ data/ 2>/dev/null || true
 	CELL_NAME=$(or $(CELL_NAME),mycell) \
 	CELL_DOMAIN=$(or $(CELL_DOMAIN),cell) \
 	VPN_ADDRESS=$(or $(VPN_ADDRESS),10.0.0.1/24) \

install.sh

@@ -257,15 +257,16 @@ git config --system --add safe.directory "$PIC_DIR" 2>/dev/null || true
 # ---------------------------------------------------------------------------
 log_step 5 "Running 'make install'..."
 
-# make install generates config, writes the systemd unit, and touches .installed.
-# We run it as the pic user (via sudo -u) so files get correct ownership, but
-# make install itself calls sudo internally where root is needed.
 cd "$PIC_DIR"
 
 if ! make install 2>&1 | sed 's/^/  /'; then
     die "'make install' failed. Check the output above."
 fi
 
+# make install runs as root so config/ and data/ get created root-owned.
+# Re-apply ownership to the invoking user so they can manage files without sudo.
+chown -R "${REPO_OWNER}:${REPO_OWNER}" "$PIC_DIR"
+
 log_ok "'make install' complete"
 
 # ---------------------------------------------------------------------------