[mcp] Reworks how system users are defined. [public-html] Adds system user for pushing updates.

system/hosts/mcp/containers/bookstack.nix

@@ -1,29 +1,17 @@
 { config, ... }:
 let 
   inherit (import ./lib.nix config) mkContainer mkMariaDbContainer havenisms;
-  userIds = import ./user-ids.nix;
 in {
   imports = [
     (mkMariaDbContainer {
       name = "bookstack";
-      uid = userIds.bookstack.uid;
-      gid = userIds.bookstack.gid;
+      uid = config.users.users.bookstack.uid;
+      gid = config.users.groups.bookstack.gid;
       directory = "/tank/bookstack/db";
       passwordSecret = "bookstack_db";
     })
   ];
 
-  users.groups.bookstack = {
-    gid = userIds.bookstack.gid;
-  };
-
-  users.users.bookstack = {
-    uid = userIds.bookstack.uid;
-    isSystemUser = true;
-    description = "System User for Bookstack";
-    group = "bookstack";
-  };
-
   sops.secrets = {
     bookstack_app_key = {
       restartUnits = [ "podman-bookstack.service" ];
@@ -55,8 +43,8 @@ in {
     ];
     environment = {
       APP_URL = "https://bookstack.${havenisms}";
-      PID = toString userIds.bookstack.uid;
-      GID = toString userIds.bookstack.gid;
+      PID = toString config.users.users.bookstack.uid;
+      GID = toString config.users.groups.bookstack.gid;
       DB_HOST = "bookstack-mariadb";
       DB_USERNAME = "bookstack";
       DB_DATABASE = "bookstack";