[mcp] Fixes users for some containers.

system/hosts/mcp/containers/offen.nix

@@ -27,7 +27,7 @@ in {
     image = "offen/offen";
     hostName = "offen";
     domain = terakoda;
-    user = "offen:offen";
+    user = "${toString config.users.users.offen.uid}:${toString config.users.groups.offen.gid}";
     port = 80;
     volumes = [
       "${config.sops.templates."offen.env".path}:/etc/offen/offen.env:ro"

system/hosts/mcp/containers/users.nix

@@ -13,27 +13,22 @@
     public-html = {
       uid = 2008;
       shell = "${pkgs.git}/bin/git-shell";
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPiqbLAXpBkjXnHLvz3VCd5i+VmYdd9dAcRt+8E1OQX drew@vega"
+      ];
+      home = "/tank/web";
     };
   };
 
-  mkUser = name: value: let
+  mkUser = name: value: {
-    uid =
+    uid = value.uid or value;
-      if builtins.isInt value
+    isSystemUser = true; # only affects UID allocation, but required
-      then value
-      else value.uid;
-    shell =
-      if builtins.isAttrs value && builtins.hasAttr "shell" value
-      then value.shell
-      else null;
-    extraGroups = 
-      if builtins.isAttrs value && builtins.hasAttr "extraGroups" value
-      then value.extraGroups
-      else [];
-  in {
-    inherit uid shell extraGroups;
-    isSystemUser = true;
     description = "System User for ${name}";
     group = "${name}";
+    shell = value.shell or null;
+    extraGroups = value.extraGroups or [];
+    openssh.authorizedKeys.keys = value.authorizedKeys or [];
+    home = value.home or "/var/empty";
   };
   mkGroup = name: value: let
     # 1. Value if int