From a19fb94480412649553815ad6c5d3b5eebf2bf0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sat, 30 Sep 2023 02:37:35 +0200
Subject: [PATCH] fix(virtualisation): specify sub{u,g}id ranges for containers
 instead of root

Privileged podman uses `containers` user for user namespaces.
---
 virtualisation/containers.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/virtualisation/containers.nix b/virtualisation/containers.nix
index 5c236ca..b22e3ec 100644
--- a/virtualisation/containers.nix
+++ b/virtualisation/containers.nix
@@ -20,7 +20,9 @@ _:
   };
 
   # Increase sub{u,g}id range
-  users.users."root" = {
+  users.users."containers" = {
+    isSystemUser = true;
+    group = "containers";
     subUidRanges = [{
       startUid = 60100000;
       count = 60000000;
@@ -30,4 +32,6 @@ _:
       count = 60000000;
     }];
   };
+
+  users.groups.containers = { };
 }