use dedicated podman user for rootless containers

Adds a system user 'podman' (uid 900) with subuid/subgid ranges and linger for running OCI containers. Removes podman-specific settings from lew user. DokuWiki switches to sdnotify=healthy since the image has a built-in healthcheck.
2026-04-04 23:53:32 +01:00 · 2026-04-04 23:53:32 +01:00 · 102b195d27
commit 102b195d27
parent 71f32ba49c
4 changed files with 15 additions and 9 deletions
--- a/hosts/lab/foundry.nix
+++ b/hosts/lab/foundry.nix
@ -11,8 +11,7 @@
    image = "node:22.22.2-slim";
    cmd = [ "node" "main.js" "--dataPath=/data" ];
    workdir = "/app";
-    user = "1000:1000";
-    podman.user = "lew";
+    podman.user = "podman";
    volumes = [
      "/srv/foundry/app:/app:ro"
      "/srv/foundry/data:/data"