From fc95fa8caaea5c6c732ea59c269f597ef9509eb9 Mon Sep 17 00:00:00 2001
From: geemili <opensource@geemili.xyz>
Date: Tue, 9 Jan 2024 18:14:58 -0700
Subject: [PATCH] fix: give ownership of headscale oidc secret file to
 headscale user

---
 agenix-config-module.nix | 4 ++--
 configuration.nix        | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/agenix-config-module.nix b/agenix-config-module.nix
index 65160f5..6375348 100644
--- a/agenix-config-module.nix
+++ b/agenix-config-module.nix
@@ -16,7 +16,7 @@
   };
   age.secrets.OIDC_APP_SECRET_HEADSCALE = {
     file = ./secrets/samsehu_OIDC_APP_SECRET_HEADSCALE.age;
-    owner = "dex";
-    group = "dex";
+    owner = "headscale";
+    group = "headscale";
   };
 }
diff --git a/configuration.nix b/configuration.nix
index b8322e5..6053849 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -534,6 +534,11 @@
   };
 
   # Headscale for access to the network while away from home
+  users.users.headscale = {
+    isSystemUser = true;
+    group = "headscale";
+  };
+  users.groups.headscale = {};
   services.headscale = {
     enable = true;
     package = pkgs.juanfont-headscale.headscale;