fix: give ownership of headscale oidc secret file to headscale user

2024-01-09 18:14:58 -07:00 · 2024-01-09 18:14:58 -07:00 · fc95fa8caa
parent a7d62018d8
commit fc95fa8caa
2 changed files with 7 additions and 2 deletions
--- a/agenix-config-module.nix
+++ b/agenix-config-module.nix
@ -16,7 +16,7 @@
  };
  age.secrets.OIDC_APP_SECRET_HEADSCALE = {
    file = ./secrets/samsehu_OIDC_APP_SECRET_HEADSCALE.age;
-    owner = "dex";
-    group = "dex";
+    owner = "headscale";
+    group = "headscale";
  };
 }
--- a/configuration.nix
+++ b/configuration.nix
@ -534,6 +534,11 @@
  };

  # Headscale for access to the network while away from home
+  users.users.headscale = {
+    isSystemUser = true;
+    group = "headscale";
+  };
+  users.groups.headscale = {};
  services.headscale = {
    enable = true;
    package = pkgs.juanfont-headscale.headscale;