feat: static UIDs

2026-02-09 04:19:19 -08:00 · 2024-02-09 06:22:32 -08:00 · 2024-02-09 06:22:32 -08:00 · 602eda1012
commit 602eda1012
parent 6671103eba
13 changed files with 102 additions and 34 deletions
--- a/systems/hakurei/lxc.json
+++ b/systems/hakurei/lxc.json
@ -2,6 +2,18 @@
 	"lxc": {
 		"lxc.mount.entry": [
 			"/dev/net/tun dev/net/tun none bind,optional,create=file"
+		],
+		"lxc.idmap": [
+			"u 0 100000 8000",
+			"g 0 100000 8000",
+			"u 8000 8000 128",
+			"g 8000 8000 256",
+			"u 8128 108128 57406",
+			"g 8256 108256 57278",
+			"u 65534 65534 1",
+			"g 65534 65534 1",
+			"u 65535 165535 1",
+			"g 65535 165535 1"
 		]
 	}
 }
--- a/systems/hakurei/reisen-ssh.nix
+++ b/systems/hakurei/reisen-ssh.nix
@ -16,8 +16,14 @@
  '';
 in {
  users.users.${username} = {
+    uid = 4000;
    hashedPasswordFile = config.sops.secrets.tf-proxmox-passwd.path;
    isNormalUser = true;
+    autoSubUidGidRange = false;
+    group = username;
+  };
+  users.groups.${username} = {
+    gid = config.users.users.${username}.uid;
  };

  services.openssh = {
--- a/systems/mediabox/lxc.json
+++ b/systems/mediabox/lxc.json
@ -4,6 +4,18 @@
 			"/mnt/kyuuto-media/library mnt/kyuuto-media/library none bind,optional,create=dir",
 			"/mnt/kyuuto-media/downloads/deluge mnt/kyuuto-media/downloads/deluge none bind,optional,create=dir",
 			"/dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file"
+		],
+		"lxc.idmap": [
+			"u 0 100000 8000",
+			"g 0 100000 8000",
+			"u 8000 8000 128",
+			"g 8000 8000 256",
+			"u 8128 108128 57406",
+			"g 8256 108256 57278",
+			"u 65534 65534 1",
+			"g 65534 65534 1",
+			"u 65535 165535 1",
+			"g 65535 165535 1"
 		]
 	}
 }
--- a/systems/reisen/setup.sh
+++ b/systems/reisen/setup.sh
@ -16,6 +16,13 @@ EOF
 cat $TMP_KEYFILE > /etc/pve/priv/authorized_keys
 rm $TMP_KEYFILE

+base64 -d > /etc/subuid <<EOF
+$INPUT_SUBUID
+EOF
+base64 -d > /etc/subgid <<EOF
+$INPUT_SUBGID
+EOF
+
 if [[ ! -d /home/tf ]]; then
 	echo setting up pve terraform user... >&2
 	groupadd -g 1001 tf
--- a/systems/reisen/subgid
+++ b/systems/reisen/subgid
@ -0,0 +1,3 @@
+root:100000:65536
+root:65534:1
+root:8000:256
--- a/systems/reisen/subuid
+++ b/systems/reisen/subuid
@ -0,0 +1,3 @@
+root:100000:65536
+root:65534:1
+root:8000:128
--- a/systems/tei/lxc.json
+++ b/systems/tei/lxc.json
@ -3,6 +3,18 @@
 		"lxc.mount.entry": [
 			"/dev/ttyZigbee dev/ttyZigbee none bind,optional,create=file",
 			"/dev/net/tun dev/net/tun none bind,optional,create=file"
+		],
+		"lxc.idmap": [
+			"u 0 100000 8000",
+			"g 0 100000 8000",
+			"u 8000 8000 128",
+			"g 8000 8000 256",
+			"u 8128 108128 57406",
+			"g 8256 108256 57278",
+			"u 65534 65534 1",
+			"g 65534 65534 1",
+			"u 65535 165535 1",
+			"g 65535 165535 1"
 		]
 	}
 }