From 60a6cf8e89d5309ab867be63cbc085cc8a6bfaeb Mon Sep 17 00:00:00 2001
From: Drew Haven <drew.haven@gmail.com>
Date: Mon, 28 Apr 2025 16:22:00 -0700
Subject: [PATCH] [mcp] Fixes users for some containers.

---
 system/hosts/mcp/containers/offen.nix |  2 +-
 system/hosts/mcp/containers/users.nix | 27 +++++++++++----------------
 2 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/system/hosts/mcp/containers/offen.nix b/system/hosts/mcp/containers/offen.nix
index eef4ff6..4caca96 100644
--- a/system/hosts/mcp/containers/offen.nix
+++ b/system/hosts/mcp/containers/offen.nix
@@ -27,7 +27,7 @@ in {
     image = "offen/offen";
     hostName = "offen";
     domain = terakoda;
-    user = "offen:offen";
+    user = "${toString config.users.users.offen.uid}:${toString config.users.groups.offen.gid}";
     port = 80;
     volumes = [
       "${config.sops.templates."offen.env".path}:/etc/offen/offen.env:ro"
diff --git a/system/hosts/mcp/containers/users.nix b/system/hosts/mcp/containers/users.nix
index 10646ce..52a557d 100644
--- a/system/hosts/mcp/containers/users.nix
+++ b/system/hosts/mcp/containers/users.nix
@@ -13,27 +13,22 @@
     public-html = {
       uid = 2008;
       shell = "${pkgs.git}/bin/git-shell";
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPiqbLAXpBkjXnHLvz3VCd5i+VmYdd9dAcRt+8E1OQX drew@vega"
+      ];
+      home = "/tank/web";
     };
   };
 
-  mkUser = name: value: let
-    uid =
-      if builtins.isInt value
-      then value
-      else value.uid;
-    shell =
-      if builtins.isAttrs value && builtins.hasAttr "shell" value
-      then value.shell
-      else null;
-    extraGroups = 
-      if builtins.isAttrs value && builtins.hasAttr "extraGroups" value
-      then value.extraGroups
-      else [];
-  in {
-    inherit uid shell extraGroups;
-    isSystemUser = true;
+  mkUser = name: value: {
+    uid = value.uid or value;
+    isSystemUser = true; # only affects UID allocation, but required
     description = "System User for ${name}";
     group = "${name}";
+    shell = value.shell or null;
+    extraGroups = value.extraGroups or [];
+    openssh.authorizedKeys.keys = value.authorizedKeys or [];
+    home = value.home or "/var/empty";
   };
   mkGroup = name: value: let
     # 1. Value if int