[bookstack] Adds bookstack and cleans up a bunch of other files. Rewrites how mariadb instances are provisioned.

system/hosts/mcp/containers/mariadb.nix

@@ -1,26 +1,17 @@
+# Common config for all mariadb containers
 { ... }:
-{
-  virtualisation.oci-containers.containers.mariadb = {
-    image = "mariadb:11";
-    autoStart = true;
-    extraOptions = [
-    ];
-    volumes = [
-      "/tank/mariadb:/var/lib/mysql"
-    ];
-    cmd = [
-      "--innodb-buffer-pool-size=512M"
-      "--transaction-isolation=READ-COMMITTED"
-      "--character-set-server=utf8mb4"
-      "--collation-server=utf8mb4_unicode_ci"
-      "--max-connections=512"
-      "--innodb-rollback-on-timeout=OFF"
-      "--innodb-lock-wait-timeout=120"
-    ];
-    environment = {
-      MARIADB_DATABASE = "mariadb";
-      # TODO: Secrets
-      MARIADB_ROOT_PASSWORD = "root123";
+let
+  userIds = import ./user-ids.nix;
+in {
+  users = {
+    groups."mariadb" = {
+      gid = userIds.mariadb.gid;
     };
   };
+
+  sops.secrets."mariadb_root_password" = {
+    restartUnits = [ "podman-mariadb.service" ];
+    mode = "0440";
+    group = "mariadb";
+  };
 }