From e405610baf220848ae03275ab50fa04d794e8195 Mon Sep 17 00:00:00 2001
From: Drew Haven <drew.haven@gmail.com>
Date: Tue, 29 Apr 2025 13:10:33 -0700
Subject: [PATCH] [mcp] Adds back the user changes I accidentally clobbered.

---
 system/hosts/mcp/containers.nix            | 21 +--------------------
 system/hosts/mcp/containers/bookstack.nix  | 20 ++++----------------
 system/hosts/mcp/containers/focalboard.nix | 19 +++----------------
 system/hosts/mcp/containers/mariadb.nix    | 10 +---------
 system/hosts/mcp/containers/offen.nix      |  5 +----
 system/hosts/mcp/containers/pocket-id.nix  | 16 ++--------------
 6 files changed, 12 insertions(+), 79 deletions(-)

diff --git a/system/hosts/mcp/containers.nix b/system/hosts/mcp/containers.nix
index a6dd8ad..9c6cc40 100644
--- a/system/hosts/mcp/containers.nix
+++ b/system/hosts/mcp/containers.nix
@@ -18,6 +18,7 @@
     ./containers/shared-postgres.nix
     ./containers/synapse.nix
     ./containers/traefik.nix
+    ./containers/users.nix
   ];
 
   # Enable common container config files in /etc/containers
@@ -44,26 +45,6 @@
     #podman-compose # start group of containers for dev
   ];
 
-  users.groups = {
-    git = { };
-    timetagger = { };
-  };
-  users.users = {
-    gitea = {
-      uid = 2001;
-      isSystemUser = true;
-      description = "System User for Gitea";
-      extraGroups = [ "git" ];
-      group = "git";
-    };
-    timetagger = {
-      uid = 2002;
-      isSystemUser = true;
-      description = "System User for TimeTagger";
-      group = "timetagger";
-    };
-  };
-
   virtualisation.oci-containers.backend = "podman";
   virtualisation.oci-containers.containers =
     let
diff --git a/system/hosts/mcp/containers/bookstack.nix b/system/hosts/mcp/containers/bookstack.nix
index 172d345..6fde8db 100644
--- a/system/hosts/mcp/containers/bookstack.nix
+++ b/system/hosts/mcp/containers/bookstack.nix
@@ -1,29 +1,17 @@
 { config, ... }:
 let 
   inherit (import ./lib.nix config) mkContainer mkMariaDbContainer havenisms;
-  userIds = import ./user-ids.nix;
 in {
   imports = [
     (mkMariaDbContainer {
       name = "bookstack";
-      uid = userIds.bookstack.uid;
-      gid = userIds.bookstack.gid;
+      uid = config.users.users.bookstack.uid;
+      gid = config.users.groups.bookstack.gid;
       directory = "/tank/bookstack/db";
       passwordSecret = "bookstack_db";
     })
   ];
 
-  users.groups.bookstack = {
-    gid = userIds.bookstack.gid;
-  };
-
-  users.users.bookstack = {
-    uid = userIds.bookstack.uid;
-    isSystemUser = true;
-    description = "System User for Bookstack";
-    group = "bookstack";
-  };
-
   sops.secrets = {
     bookstack_app_key = {
       restartUnits = [ "podman-bookstack.service" ];
@@ -55,8 +43,8 @@ in {
     ];
     environment = {
       APP_URL = "https://bookstack.${havenisms}";
-      PID = toString userIds.bookstack.uid;
-      GID = toString userIds.bookstack.gid;
+      PID = toString config.users.users.bookstack.uid;
+      GID = toString config.users.groups.bookstack.gid;
       DB_HOST = "bookstack-mariadb";
       DB_USERNAME = "bookstack";
       DB_DATABASE = "bookstack";
diff --git a/system/hosts/mcp/containers/focalboard.nix b/system/hosts/mcp/containers/focalboard.nix
index 47be53a..e653a64 100644
--- a/system/hosts/mcp/containers/focalboard.nix
+++ b/system/hosts/mcp/containers/focalboard.nix
@@ -1,30 +1,17 @@
 { config, ... }:
 let
   inherit (import ./lib.nix config) mkContainer mkPostgresContainer terakoda;
-  userIds = import ./user-ids.nix;
-  
 in {
   imports = [
     (mkPostgresContainer {
       name = "focalboard";
       directory = "/tank/focalboard/db";
-      uid = userIds.focalboard.uid;
-      gid = userIds.focalboard.gid;
+      uid = config.users.users.focalboard.uid;
+      gid = config.users.groups.focalboard.gid;
       passwordSecret = "focalboard/database";
     })
   ];
 
-  users.groups.focalboard = {
-    gid = userIds.focalboard.gid;
-  };
-
-  users.users.focalboard = {
-    uid = userIds.focalboard.uid;
-    isSystemUser = true;
-    description = "System User for Focalboard";
-    group = "focalboard";
-  };
-
   sops.secrets = {
     "focalboard/database" = {
       restartUnits = [ "podman-focalboard.service" "podman-focalboard-postgres.service" ];
@@ -63,7 +50,7 @@ in {
       domain = terakoda;
       dependsOn = [ "focalboard-postgres" ];
       port = 8000;
-      user = "${toString userIds.focalboard.uid}:${toString userIds.focalboard.gid}";
+      user = "${toString config.users.users.focalboard.uid}:${toString config.users.groups.focalboard.gid}";
       volumes = [
         "/tank/focalboard/data/files:/opt/focalboard/data/files"
         "${config.sops.templates."focalboard-config.json".path}:/opt/focalboard/config.json:ro"
diff --git a/system/hosts/mcp/containers/mariadb.nix b/system/hosts/mcp/containers/mariadb.nix
index 89f4e1e..7fe0af4 100644
--- a/system/hosts/mcp/containers/mariadb.nix
+++ b/system/hosts/mcp/containers/mariadb.nix
@@ -1,14 +1,6 @@
 # Common config for all mariadb containers
 { ... }:
-let
-  userIds = import ./user-ids.nix;
-in {
-  users = {
-    groups."mariadb" = {
-      gid = userIds.mariadb.gid;
-    };
-  };
-
+{
   sops.secrets."mariadb_root_password" = {
     restartUnits = [ "podman-mariadb.service" ];
     mode = "0440";
diff --git a/system/hosts/mcp/containers/offen.nix b/system/hosts/mcp/containers/offen.nix
index 34bc826..4caca96 100644
--- a/system/hosts/mcp/containers/offen.nix
+++ b/system/hosts/mcp/containers/offen.nix
@@ -1,10 +1,7 @@
 { config, ... }:
 let
   inherit (import ./lib.nix config) mkContainer terakoda;
-  userIds = import ./user-ids.nix;
 in {
-  users = userIds.mkUserAndGroup "offen" userIds.offen;
-
   sops = {
     secrets = {
       "offen/smtp-token" = {};
@@ -30,7 +27,7 @@ in {
     image = "offen/offen";
     hostName = "offen";
     domain = terakoda;
-    user = "${toString userIds.offen.uid}:${toString userIds.offen.gid}";
+    user = "${toString config.users.users.offen.uid}:${toString config.users.groups.offen.gid}";
     port = 80;
     volumes = [
       "${config.sops.templates."offen.env".path}:/etc/offen/offen.env:ro"
diff --git a/system/hosts/mcp/containers/pocket-id.nix b/system/hosts/mcp/containers/pocket-id.nix
index 432c6a7..a31f3aa 100644
--- a/system/hosts/mcp/containers/pocket-id.nix
+++ b/system/hosts/mcp/containers/pocket-id.nix
@@ -1,7 +1,6 @@
 { config, ... }:
 let 
   inherit (import ./lib.nix config) mkContainer blazestar;
-  userIds = import ./user-ids.nix;
   # The default is to run on port 80, which the pocket-id user cannot bind to.
   # We need a different port to be able to serve traffic.
   # The following ports in the container are already taken:
@@ -11,17 +10,6 @@ let
   port = 8888;
 in
 {
-  users.groups.pocket-id = {
-    gid = userIds.pocket-id.gid;
-  };
-
-  users.users.pocket-id = {
-    uid = userIds.pocket-id.uid;
-    isSystemUser = true;
-    description = "System User for Pocket ID";
-    group = "pocket-id";
-  };
-
   virtualisation.oci-containers.containers.pocket-id = mkContainer {
     image = "ghcr.io/pocket-id/pocket-id";
     dependsOn = [];
@@ -45,8 +33,8 @@ in
       CADDY_PORT = toString port;
       # PORT = "3000"; # Frontend port
       # BACKEND_PORT = "8080"; # Backend port
-      PUID = toString userIds.pocket-id.uid;
-      PGID = toString userIds.pocket-id.gid;
+      PUID = toString config.users.users."pocket-id".uid;
+      PGID = toString config.users.groups."pocket-id".gid;
     };
   };
 }