kyle/imladris
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pin mcp UID, fix XDG_RUNTIME_DIR for podman access

Browse Source
This commit is contained in:
Kyle Isom
2026-03-26 14:08:57 -07:00
parent 71e6907a3c
commit 57cab0c88a
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
configs/mcp.nix
View File

@@ -4,15 +4,18 @@
# and a systemd service for the agent daemon. # and a systemd service for the agent daemon.
{ pkgs, ... }: { pkgs, ... }:
let
mcpUid = 995;
in
{ {
users.users.mcp = { users.users.mcp = {
isSystemUser = true; isSystemUser = true;
uid = mcpUid; # Pin UID so systemd Environment references stay stable.
group = "mcp"; group = "mcp";
home = "/srv/mcp"; home = "/srv/mcp";
shell = pkgs.shadow; # nologin equivalent shell = pkgs.shadow; # nologin equivalent
subUidRanges = [{ startUid = 100000; count = 65536; }]; subUidRanges = [{ startUid = 100000; count = 65536; }];
subGidRanges = [{ startGid = 100000; count = 65536; }]; subGidRanges = [{ startGid = 100000; count = 65536; }];
# Lingering enables user services (podman) to run without an active login session.
linger = true; linger = true;
}; };
@@ -34,7 +37,7 @@
Group = "mcp"; Group = "mcp";
Environment = [ Environment = [
"HOME=/srv/mcp" "HOME=/srv/mcp"
"XDG_RUNTIME_DIR=/run/user/%U" "XDG_RUNTIME_DIR=/run/user/${toString mcpUid}"
"PATH=/run/current-system/sw/bin:/usr/local/bin" "PATH=/run/current-system/sw/bin:/usr/local/bin"
]; ];