From bdaac67bf23363e49884010f7515dd5aa1bc4e49 Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Sat, 8 Mar 2025 11:59:01 +0000 Subject: [PATCH] Fix rootless podman permissions Signed-off-by: Nikolaos Karaolidis --- hosts/eirene/format.nix | 1 + hosts/elara/format.nix | 1 + hosts/installer/format.nix | 1 + hosts/jupiter/format.nix | 1 + .../configs/console/podman/authelia/default.nix | 16 +++++----------- 5 files changed, 9 insertions(+), 11 deletions(-) diff --git a/hosts/eirene/format.nix b/hosts/eirene/format.nix index ee7e118..302bd9b 100644 --- a/hosts/eirene/format.nix +++ b/hosts/eirene/format.nix @@ -48,6 +48,7 @@ mountOptions = [ "compress=zstd:1" "noatime" + "user_subvol_rm_allowed" ]; in { diff --git a/hosts/elara/format.nix b/hosts/elara/format.nix index e63647c..3883cda 100644 --- a/hosts/elara/format.nix +++ b/hosts/elara/format.nix @@ -48,6 +48,7 @@ mountOptions = [ "compress=zstd:3" "noatime" + "user_subvol_rm_allowed" ]; in { diff --git a/hosts/installer/format.nix b/hosts/installer/format.nix index 0210164..c12fda1 100644 --- a/hosts/installer/format.nix +++ b/hosts/installer/format.nix @@ -40,6 +40,7 @@ mountOptions = [ "compress=zstd:5" "noatime" + "user_subvol_rm_allowed" ]; in { diff --git a/hosts/jupiter/format.nix b/hosts/jupiter/format.nix index e9a1175..a6783b8 100644 --- a/hosts/jupiter/format.nix +++ b/hosts/jupiter/format.nix @@ -51,6 +51,7 @@ mountOptions = [ "compress=zstd:1" "noatime" + "user_subvol_rm_allowed" ]; in { diff --git a/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix b/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix index 69a8709..f492628 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix @@ -69,7 +69,8 @@ in "/workdir/users.yaml" "-i" ]; - userns = "keep-id:uid=1000,gid=1000"; + user = "0"; + group = "0"; }; serviceConfig = { @@ -123,7 +124,6 @@ in username = "jupiter@karaolidis.com"; sender = "jupiter@karaolidis.com"; }; - }; in { @@ -185,9 +185,6 @@ in environmentFiles = [ hmConfig.sops.templates."authelia-postgresql.env".path ]; entrypoint = "/entrypoint.sh"; exec = [ "postgres" ]; - user = "999"; - group = "999"; - userns = "keep-id:uid=999,gid=999"; }; unitConfig.After = [ "sops-nix.service" ]; @@ -199,17 +196,14 @@ in networks = [ networks.authelia.ref ]; volumes = [ "${volumes."authelia-redis".ref}:/data" ]; exec = [ "--save 60 1" ]; - user = "999"; - group = "999"; - userns = "keep-id:uid=999,gid=999"; }; }; }; systemd.user.tmpfiles.rules = [ - "d ${home}/.local/share/authelia/config 0755 ${user} ${user}" - "f ${home}/.local/share/authelia/config/users.yaml 644 ${user} ${user}" - "d ${home}/.local/share/authelia/postgresql 0700 ${user} ${user}" + "d ${home}/.local/share/authelia/config :0755 :${user} :${user}" + "f ${home}/.local/share/authelia/config/users.yaml :0644 :${user} :${user}" + "d ${home}/.local/share/authelia/postgresql :0755 :${user} :${user}" ]; }; }