22 lines
641 B
Nix
22 lines
641 B
Nix
# MCP (Metacircular Control Plane) agent user and configuration.
|
|
#
|
|
# Creates a dedicated 'mcp' system user with rootless podman support.
|
|
# The agent runs as this user and manages containers for all platform
|
|
# services via /srv/.
|
|
{ pkgs, ... }:
|
|
|
|
{
|
|
users.users.mcp = {
|
|
isSystemUser = true;
|
|
group = "mcp";
|
|
home = "/srv/mcp";
|
|
shell = pkgs.shadow; # nologin equivalent
|
|
subUidRanges = [{ startUid = 100000; count = 65536; }];
|
|
subGidRanges = [{ startGid = 100000; count = 65536; }];
|
|
# Lingering enables user services (podman) to run without an active login session.
|
|
linger = true;
|
|
};
|
|
|
|
users.groups.mcp = {};
|
|
}
|