# MCP (Metacircular Control Plane) agent user and configuration.
#
# Creates a dedicated 'mcp' system user with rootless podman support
# and a systemd service for the agent daemon.
{ pkgs, ... }:

let
  mcpUid = 995;
in
{
  users.users.mcp = {
    isSystemUser = true;
    uid = mcpUid; # Pin UID so systemd Environment references stay stable.
    group = "mcp";
    home = "/srv/mcp";
    shell = pkgs.shadow; # nologin equivalent
    subUidRanges = [{ startUid = 100000; count = 65536; }];
    subGidRanges = [{ startGid = 100000; count = 65536; }];
    linger = true;
  };

  users.groups.mcp = {};

  systemd.services.mcp-agent = {
    description = "MCP Agent";
    after = [ "network-online.target" ];
    wants = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];

    serviceConfig = {
      Type = "simple";
      ExecStart = "/usr/local/bin/mcp-agent server --config /srv/mcp/mcp-agent.toml";
      Restart = "on-failure";
      RestartSec = 5;

      User = "mcp";
      Group = "mcp";
      Environment = [
        "HOME=/srv/mcp"
        "XDG_RUNTIME_DIR=/run/user/${toString mcpUid}"
        "PATH=/run/current-system/sw/bin:/usr/local/bin"
      ];

      NoNewPrivileges = true;
      ProtectSystem = "strict";
      ProtectHome = true;
      PrivateTmp = true;
      PrivateDevices = true;
      ProtectKernelTunables = true;
      ProtectKernelModules = true;
      ProtectControlGroups = true;
      RestrictSUIDSGID = true;
      RestrictNamespaces = true;
      LockPersonality = true;
      MemoryDenyWriteExecute = true;
      RestrictRealtime = true;
      ReadWritePaths = "/srv";
    };
  };
}