wip uid/gid mapping

hosts/server/configuration.nix

@@ -5,6 +5,9 @@
   inputs,
   ...
 }:
+let
+  lidarrMbGapId = 968;
+in
 {
   imports = [
     inputs.lidarr-mb-gap.nixosModules.lidarr-mb-gap
@@ -49,13 +52,16 @@
       sopsFile = ../../secrets/env.yaml;
     };
     "private_keys/lidarr-mb-gap" =
-      lib.mkIf (config.my.secureHost && config.services.lidarr-mb-gap.enable)
-        {
-          sopsFile = ../../secrets/keys.yaml;
-          owner = config.users.users.lidarr-mb-gap.name;
-          inherit (config.users.users.lidarr-mb-gap) group;
-          path = "${config.users.users.lidarr-mb-gap.home}/.ssh/ed25519_lidarr-mb-gap";
-        };
+      let
+        cfg = config.services.lidarr-mb-gap;
+        usr = config.users.users.lidarr-mb-gap;
+      in
+      lib.mkIf (config.my.secureHost && cfg.enable) {
+        sopsFile = ../../secrets/keys.yaml;
+        owner = usr.name;
+        inherit (usr) group;
+        path = "${usr.home}/.ssh/ed25519_lidarr-mb-gap";
+      };
   };
   networking = {
     hostName = "server";
@@ -82,6 +88,13 @@
   users.users.jawz.packages = builtins.attrValues {
     inherit (pkgs) podman-compose attic-client;
   };
+  users.groups.lidarr-mb-gap.gid = lidarrMbGapId;
+  users.users.lidarr-mb-gap = {
+    uid = lidarrMbGapId;
+    isSystemUser = true;
+    group = "lidarr-mb-gap";
+    home = "/var/lib/lidarr-mb-gap";
+  };
   services = {
     btrfs.autoScrub = {
       enable = true;