[mcp] Fixes users for some containers.

2025-04-28 16:22:00 -07:00
parent 509c861529
commit 60a6cf8e89
2 changed files with 12 additions and 17 deletions
--- a/system/hosts/mcp/containers/offen.nix
+++ b/system/hosts/mcp/containers/offen.nix
@@ -27,7 +27,7 @@ in {
    image = "offen/offen";
    hostName = "offen";
    domain = terakoda;
-    user = "offen:offen";
+    user = "${toString config.users.users.offen.uid}:${toString config.users.groups.offen.gid}";
    port = 80;
    volumes = [
      "${config.sops.templates."offen.env".path}:/etc/offen/offen.env:ro"
--- a/system/hosts/mcp/containers/users.nix
+++ b/system/hosts/mcp/containers/users.nix
@@ -13,27 +13,22 @@
    public-html = {
      uid = 2008;
      shell = "${pkgs.git}/bin/git-shell";
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPiqbLAXpBkjXnHLvz3VCd5i+VmYdd9dAcRt+8E1OQX drew@vega"
+      ];
+      home = "/tank/web";
    };
  };

-  mkUser = name: value: let
-    uid =
-      if builtins.isInt value
-      then value
-      else value.uid;
-    shell =
-      if builtins.isAttrs value && builtins.hasAttr "shell" value
-      then value.shell
-      else null;
-    extraGroups = 
-      if builtins.isAttrs value && builtins.hasAttr "extraGroups" value
-      then value.extraGroups
-      else [];
-  in {
-    inherit uid shell extraGroups;
-    isSystemUser = true;
+  mkUser = name: value: {
+    uid = value.uid or value;
+    isSystemUser = true; # only affects UID allocation, but required
    description = "System User for ${name}";
    group = "${name}";
+    shell = value.shell or null;
+    extraGroups = value.extraGroups or [];
+    openssh.authorizedKeys.keys = value.authorizedKeys or [];
+    home = value.home or "/var/empty";
  };
  mkGroup = name: value: let
    # 1. Value if int