From 5a381d314ed62fcef9a4b4abb65485043c0fcc4b Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Fri, 3 Apr 2026 01:38:45 -0700
Subject: [PATCH] Pin mcp user UID/GID to 850

UID 995 conflicted with sshd on orion. Pin to 850 (the 800-899 range
is unused on all nodes and well below NixOS auto-assign range).
Pin GID to 850 as well for consistency.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 configs/mcp.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/configs/mcp.nix b/configs/mcp.nix
index 8353b08..1c21061 100644
--- a/configs/mcp.nix
+++ b/configs/mcp.nix
@@ -7,6 +7,7 @@
 {
   users.users.mcp = {
     isSystemUser = true;
+    uid = 850; # Pinned to avoid auto-assign conflicts (800-899 range is unused on all nodes).
     group = "mcp";
     home = "/srv/mcp";
     shell = pkgs.shadow; # nologin equivalent
@@ -16,7 +17,7 @@
     linger = true;
   };
 
-  users.groups.mcp = {};
+  users.groups.mcp = { gid = 850; };
 
   # MCP Master runs as an MCP-managed container (not a systemd service).
   # Deployed via: mcp deploy mcp-master --direct
@@ -38,7 +39,7 @@
       Group = "mcp";
       Environment = [
         "HOME=/srv/mcp"
-        "XDG_RUNTIME_DIR=/run/user/%U"
+        "XDG_RUNTIME_DIR=/run/user/850"
         "PATH=/run/current-system/sw/bin:/usr/local/bin"
       ];