[mcp] Reworks how system users are defined. [public-html] Adds system user for pushing updates.

system/hosts/mcp/containers/pocket-id.nix

@@ -1,7 +1,6 @@
 { config, ... }:
 let 
   inherit (import ./lib.nix config) mkContainer blazestar;
-  userIds = import ./user-ids.nix;
   # The default is to run on port 80, which the pocket-id user cannot bind to.
   # We need a different port to be able to serve traffic.
   # The following ports in the container are already taken:
@@ -11,17 +10,6 @@ let
   port = 8888;
 in
 {
-  users.groups.pocket-id = {
-    gid = userIds.pocket-id.gid;
-  };
-
-  users.users.pocket-id = {
-    uid = userIds.pocket-id.uid;
-    isSystemUser = true;
-    description = "System User for Pocket ID";
-    group = "pocket-id";
-  };
-
   virtualisation.oci-containers.containers.pocket-id = mkContainer {
     image = "ghcr.io/pocket-id/pocket-id";
     dependsOn = [];
@@ -45,8 +33,8 @@ in
       CADDY_PORT = toString port;
       # PORT = "3000"; # Frontend port
       # BACKEND_PORT = "8080"; # Backend port
-      PUID = toString userIds.pocket-id.uid;
-      PGID = toString userIds.pocket-id.gid;
+      PUID = toString config.users.users."pocket-id".uid;
+      PGID = toString config.users.groups."pocket-id".gid;
     };
   };
 }