Fix rootless podman permissions

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-03-08 11:59:01 +00:00
parent ad46eb6546
commit bdaac67bf2
5 changed files with 9 additions and 11 deletions
--- a/hosts/eirene/format.nix
+++ b/hosts/eirene/format.nix
@@ -48,6 +48,7 @@
                    mountOptions = [
                      "compress=zstd:1"
                      "noatime"
                      "user_subvol_rm_allowed"
                    ];
                  in
                  {
--- a/hosts/elara/format.nix
+++ b/hosts/elara/format.nix
@@ -48,6 +48,7 @@
                    mountOptions = [
                      "compress=zstd:3"
                      "noatime"
                      "user_subvol_rm_allowed"
                    ];
                  in
                  {
--- a/hosts/installer/format.nix
+++ b/hosts/installer/format.nix
@@ -40,6 +40,7 @@
                    mountOptions = [
                      "compress=zstd:5"
                      "noatime"
                      "user_subvol_rm_allowed"
                    ];
                  in
                  {
--- a/hosts/jupiter/format.nix
+++ b/hosts/jupiter/format.nix
@@ -51,6 +51,7 @@
                      mountOptions = [
                        "compress=zstd:1"
                        "noatime"
                        "user_subvol_rm_allowed"
                      ];
                    in
                    {
--- a/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
@@ -69,7 +69,8 @@ in
              "/workdir/users.yaml"
              "-i"
            ];
-            userns = "keep-id:uid=1000,gid=1000";
+            user = "0";
            group = "0";
          };
          serviceConfig = {
@@ -123,7 +124,6 @@ in
                  username = "jupiter@karaolidis.com";
                  sender = "jupiter@karaolidis.com";
                };
              };
            in
            {
@@ -185,9 +185,6 @@ in
            environmentFiles = [ hmConfig.sops.templates."authelia-postgresql.env".path ];
            entrypoint = "/entrypoint.sh";
            exec = [ "postgres" ];
            user = "999";
            group = "999";
            userns = "keep-id:uid=999,gid=999";
          };
          unitConfig.After = [ "sops-nix.service" ];
@@ -199,17 +196,14 @@ in
          networks = [ networks.authelia.ref ];
          volumes = [ "${volumes."authelia-redis".ref}:/data" ];
          exec = [ "--save 60 1" ];
          user = "999";
          group = "999";
          userns = "keep-id:uid=999,gid=999";
        };
      };
    };
    systemd.user.tmpfiles.rules = [
-      "d ${home}/.local/share/authelia/config 0755 ${user} ${user}"
+      "d ${home}/.local/share/authelia/config :0755 :${user} :${user}"
-      "f ${home}/.local/share/authelia/config/users.yaml 644 ${user} ${user}"
+      "f ${home}/.local/share/authelia/config/users.yaml :0644 :${user} :${user}"
-      "d ${home}/.local/share/authelia/postgresql 0700 ${user} ${user}"
+      "d ${home}/.local/share/authelia/postgresql :0755 :${user} :${user}"
    ];
  };
 }