Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[mcp] Reworks how system users are defined. [public-html] Adds system user for pushing updates.

Browse Source
This commit is contained in:
Drew Haven
2025-04-28 15:57:16 -07:00
parent df2c2aa1ae
commit 509c861529
8 changed files with 71 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
system/hosts/mcp/containers/focalboard.nix
View File

@@ -1,30 +1,17 @@
{ config, ... }:
let
inherit (import ./lib.nix config) mkContainer mkPostgresContainer terakoda;
userIds = import ./user-ids.nix;
in {
imports = [
(mkPostgresContainer {
name = "focalboard";
directory = "/tank/focalboard/db";
uid = userIds.focalboard.uid;
gid = userIds.focalboard.gid;
uid = config.users.users.focalboard.uid;
gid = config.users.groups.focalboard.gid;
passwordSecret = "focalboard/database";
})
];
users.groups.focalboard = {
gid = userIds.focalboard.gid;
};
users.users.focalboard = {
uid = userIds.focalboard.uid;
isSystemUser = true;
description = "System User for Focalboard";
group = "focalboard";
};
sops.secrets = {
"focalboard/database" = {
restartUnits = [ "podman-focalboard.service" "podman-focalboard-postgres.service" ];
@@ -63,7 +50,7 @@ in {
domain = terakoda;
dependsOn = [ "focalboard-postgres" ];
port = 8000;
user = "${toString userIds.focalboard.uid}:${toString userIds.focalboard.gid}";
user = "${toString config.users.users.focalboard.name}:${config.users.groups.focalboard.name}";
volumes = [
"/tank/focalboard/data/files:/opt/focalboard/data/files"
"${config.sops.templates."focalboard-config.json".path}:/opt/focalboard/config.json:ro"