zaphyra's git: nixfiles

config/modules/nixos/websites: add fixed uid/gid to services

diff --git a/config/nixos/modules/websites/dav.zaphyra.eu.nix b/config/nixos/modules/websites/dav.zaphyra.eu.nix
@@ -32,6 +32,11 @@ in
   config = lib.mkIf cfg.enable {
     dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
 
+    users = {
+      users.radicale.uid = 234;
+      groups.radicale.gid = 234;
+    };
+
     modules.filesystem.impermanence.system.dirs = [
       {
         directory = "/var/lib/radicale";

diff --git a/config/nixos/modules/websites/gts.zaphyra.eu.nix b/config/nixos/modules/websites/gts.zaphyra.eu.nix
@@ -43,7 +43,9 @@ in
 
     systemd.services.gotosocial.after = [ "sops-install-secrets.service" ];
     sops.secrets = {
-      "resticPasswords/gotosocial" = { };
+      "resticPasswords/gotosocial" = {
+        owner = "gotosocial";
+      };
       gotosocialEnv = {
         restartUnits = [ "gotosocial.service" ];
       };

diff --git a/config/nixos/modules/websites/things.zaphyra.eu.nix b/config/nixos/modules/websites/things.zaphyra.eu.nix
@@ -34,6 +34,11 @@ in
 
     sops.secrets."resticPasswords/things" = { };
 
+    users = {
+      users.things.uid = 512;
+      groups.things.gid = 512;
+    };
+
     modules.filesystem.impermanence.system.dirs = [
       {
         directory = "/var/lib/things";

diff --git a/config/nixos/modules/websites/vault.zaphyra.eu.nix b/config/nixos/modules/websites/vault.zaphyra.eu.nix
@@ -32,6 +32,11 @@ in
   config = lib.mkIf cfg.enable {
     dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
 
+    users = {
+      users.vaultwarden.uid = 523;
+      groups.vaultwarden.gid = 523;
+    };
+
     modules.filesystem.impermanence.system.dirs = [
       {
         directory = "/var/lib/vaultwarden";