try

2023-12-05 12:27:09 +01:00 · 2023-12-05 12:27:09 +01:00 · 9e0624eaf1
commit 9e0624eaf1
parent 85cdde777b
2 changed files with 31 additions and 9 deletions
--- a/hosts/fw.cloonar.com/modules/staticids.nix
+++ b/hosts/fw.cloonar.com/modules/staticids.nix
@ -1,8 +1,31 @@
+{ lib, ... }:
 {
-  uids = {
-    unbound = 10001;
+  
+  options.cids = {
+    uids = lib.mkOption {
+      readOnly = true;
+      description = lib.mdDoc ''
+        The user IDs used for containers.
+      '';
+      type = lib.types.attrsOf types.int;
+    };
+
+    gids = lib.mkOption {
+      readOnly = true;
+      description = lib.mdDoc ''
+        The group IDs used for containers.
+      '';
+      type = lib.types.attrsOf types.int;
+    };
  };
-  gids = {
-    unbound = 10001;
+  config = {
+    cids = {
+      uids = {
+        unbound = 10001;
+      };
+      gids = {
+        unbound = 10001;
+      };
+    };
  };
 }
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@ -1,6 +1,5 @@
 { config, ... }:
 let
-  cids = import [../modules/staticids.nix];
  domain = "ns.cloonar.com";
  cfg = {
    server = {
@ -134,10 +133,10 @@ in {
  users.users.unbound = {
    group = "unbound";
    isSystemUser = true;
-    uid = cids.uids.unbound;
+    uid = config.cids.uids.unbound;
  };
  users.groups.unbound = {
-    gid = cids.gids.unbound;
+    gid = config.cids.gids.unbound;
  };

  security.acme.certs."${domain}" = {
@ -176,10 +175,10 @@ in {
      users.users.unbound = {
        group = "unbound";
        isSystemUser = true;
-        uid = cids.uids.unbound;
+        uid = config.cids.uids.unbound;
      };
      users.groups.unbound = {
-        gid = cids.gids.unbound;
+        gid = config.cids.gids.unbound;
      };
      services.unbound = {
        enable = true;