Pin mcp UID, fix XDG_RUNTIME_DIR for podman access

2026-03-26 14:08:57 -07:00
parent 71e6907a3c
commit 57cab0c88a
1 changed files with 5 additions and 2 deletions
--- a/configs/mcp.nix
+++ b/configs/mcp.nix
@@ -4,15 +4,18 @@
 # and a systemd service for the agent daemon.
 { pkgs, ... }:

+let
+  mcpUid = 995;
+in
 {
  users.users.mcp = {
    isSystemUser = true;
+    uid = mcpUid; # Pin UID so systemd Environment references stay stable.
    group = "mcp";
    home = "/srv/mcp";
    shell = pkgs.shadow; # nologin equivalent
    subUidRanges = [{ startUid = 100000; count = 65536; }];
    subGidRanges = [{ startGid = 100000; count = 65536; }];
-    # Lingering enables user services (podman) to run without an active login session.
    linger = true;
  };

@@ -34,7 +37,7 @@
      Group = "mcp";
      Environment = [
        "HOME=/srv/mcp"
-        "XDG_RUNTIME_DIR=/run/user/%U"
+        "XDG_RUNTIME_DIR=/run/user/${toString mcpUid}"
        "PATH=/run/current-system/sw/bin:/usr/local/bin"
      ];