fix(virtualisation): specify sub{u,g}id ranges for containers instead of root

Privileged podman uses `containers` user for user namespaces.
2023-09-30 02:37:35 +02:00 · 2023-09-30 02:37:35 +02:00 · a19fb94480
commit a19fb94480
parent f1219e1045
1 changed files with 5 additions and 1 deletions
--- a/virtualisation/containers.nix
+++ b/virtualisation/containers.nix
@ -20,7 +20,9 @@ _:
  };

  # Increase sub{u,g}id range
-  users.users."root" = {
+  users.users."containers" = {
+    isSystemUser = true;
+    group = "containers";
    subUidRanges = [{
      startUid = 60100000;
      count = 60000000;
@ -30,4 +32,6 @@ _:
      count = 60000000;
    }];
  };
+
+  users.groups.containers = { };
 }