[mcp] Reworks how system users are defined. [public-html] Adds system user for pushing updates.

2025-04-28 15:57:16 -07:00
parent df2c2aa1ae
commit 509c861529
8 changed files with 71 additions and 116 deletions
--- a/system/hosts/mcp/containers/users.nix
+++ b/system/hosts/mcp/containers/users.nix
@@ -0,0 +1,59 @@
+{ pkgs, ... }: let
+  systemUsers = {
+    gitea = {
+      uid = 2001;
+      extraGroups = [ "git" ];
+    };
+    # timetagger = 2002;
+    pocket-id = 2003;
+    bookstack = 2004;
+    mariadb = 2005;
+    focalboard = 2006;
+    offen = 2007;
+    public-html = {
+      uid = 2008;
+      shell = "${pkgs.git}/bin/git-shell";
+    };
+  };
+
+  mkUser = name: value: let
+    uid =
+      if builtins.isInt value
+      then value
+      else value.uid;
+    shell =
+      if builtins.isAttrs value && builtins.hasAttr "shell" value
+      then value.shell
+      else null;
+    extraGroups = 
+      if builtins.isAttrs value && builtins.hasAttr "extraGroups" value
+      then value.extraGroups
+      else [];
+  in {
+    inherit uid shell extraGroups;
+    isSystemUser = true;
+    description = "System User for ${name}";
+    group = "${name}";
+  };
+  mkGroup = name: value: let
+    # 1. Value if int
+    # 2. "gid" if present
+    # 3. "uid"
+    gid =
+      if builtins.isInt value
+      then value
+      else if builtins.hasAttr "gid" value
+        then value.gid
+        else value.uid;
+  in {
+    inherit gid;
+  };
+in {
+  users.users = builtins.mapAttrs mkUser systemUsers;
+  users.groups = (builtins.mapAttrs mkGroup systemUsers) // {
+    # Legacy groups.
+    git = {
+      gid = 992;
+    };
+  };
+}