commit 7838093b6c8ed968cc2b9df66293286beea84535
parent a0c883434b42680856204f71e7776232d0a0c470
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Sat, 28 Jun 2025 11:33:38 +0200
parent a0c883434b42680856204f71e7776232d0a0c470
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Sat, 28 Jun 2025 11:33:38 +0200
config/modules/nixos/websites: add fixed uid/gid to services
4 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/config/nixos/modules/websites/dav.zaphyra.eu.nix b/config/nixos/modules/websites/dav.zaphyra.eu.nix @@ -32,6 +32,11 @@ in config = lib.mkIf cfg.enable { dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ]; + users = { + users.radicale.uid = 234; + groups.radicale.gid = 234; + }; + modules.filesystem.impermanence.system.dirs = [ { directory = "/var/lib/radicale";
diff --git a/config/nixos/modules/websites/gts.zaphyra.eu.nix b/config/nixos/modules/websites/gts.zaphyra.eu.nix @@ -43,7 +43,9 @@ in systemd.services.gotosocial.after = [ "sops-install-secrets.service" ]; sops.secrets = { - "resticPasswords/gotosocial" = { }; + "resticPasswords/gotosocial" = { + owner = "gotosocial"; + }; gotosocialEnv = { restartUnits = [ "gotosocial.service" ]; };
diff --git a/config/nixos/modules/websites/things.zaphyra.eu.nix b/config/nixos/modules/websites/things.zaphyra.eu.nix @@ -34,6 +34,11 @@ in sops.secrets."resticPasswords/things" = { }; + users = { + users.things.uid = 512; + groups.things.gid = 512; + }; + modules.filesystem.impermanence.system.dirs = [ { directory = "/var/lib/things";
diff --git a/config/nixos/modules/websites/vault.zaphyra.eu.nix b/config/nixos/modules/websites/vault.zaphyra.eu.nix @@ -32,6 +32,11 @@ in config = lib.mkIf cfg.enable { dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ]; + users = { + users.vaultwarden.uid = 523; + groups.vaultwarden.gid = 523; + }; + modules.filesystem.impermanence.system.dirs = [ { directory = "/var/lib/vaultwarden";