From 87fb01b37d12324693c764507354d50ccd4b74bb Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Sun, 27 Jul 2025 10:25:24 +0200
Subject: [PATCH] set service groups

add agent groups
---
 machines/dev/fedi203/woodpecker.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index 44eef282..a5f2e951 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -10,6 +10,11 @@
     defaults.email = "something@fediversity.eu";
   };
 
+  users.groups = {
+    woodpecker-agent-exec = { };
+    woodpecker-agent-docker = { };
+  };
+
   age.secrets =
     lib.mapAttrs
       (_: group: {
@@ -218,10 +223,15 @@
           attic-client
         ];
         environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-exec.conf".path ];
+        extraGroups = [ "woodpecker-agent-exec" ];
       };
       docker = {
         enable = true;
         environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ];
+        extraGroups = [
+          "podman"
+          "woodpecker-agent-docker"
+        ];
       };
     };
   };