From 31df762b385effb65a214d805158e2b183facae3 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 1 Mar 2026 21:49:41 +0000
Subject: [PATCH] Configure oxidised user directly using chef resources

---
 cookbooks/oxidized/attributes/default.rb |  1 -
 cookbooks/oxidized/recipes/default.rb    | 13 +++++++++++++
 roles/oxidized.rb                        | 11 -----------
 3 files changed, 13 insertions(+), 12 deletions(-)
 delete mode 100644 cookbooks/oxidized/attributes/default.rb

diff --git a/cookbooks/oxidized/attributes/default.rb b/cookbooks/oxidized/attributes/default.rb
deleted file mode 100644
index cd69a5de7..000000000
--- a/cookbooks/oxidized/attributes/default.rb
+++ /dev/null
@@ -1 +0,0 @@
-default[:accounts][:users][:oxidized][:status] = :role
diff --git a/cookbooks/oxidized/recipes/default.rb b/cookbooks/oxidized/recipes/default.rb
index 1840c2af3..efbbc89d2 100644
--- a/cookbooks/oxidized/recipes/default.rb
+++ b/cookbooks/oxidized/recipes/default.rb
@@ -36,6 +36,19 @@ package %w[
 keys = data_bag_item("oxidized", "keys")
 devices = data_bag_item("oxidized", "devices")
 
+group "oxidized" do
+  gid 529
+end
+
+user "oxidized" do
+  uid 529
+  gid 529
+  comment "oxidised network backup tool"
+  home "/opt/oxidised"
+  shell "/usr/sbin/nologin"
+  manage_home false
+end
+
 directory "/etc/oxidized" do
   owner "root"
   group "root"
diff --git a/roles/oxidized.rb b/roles/oxidized.rb
index 7835c2ec4..ada4752f8 100644
--- a/roles/oxidized.rb
+++ b/roles/oxidized.rb
@@ -1,17 +1,6 @@
 name "oxidized"
 description "Role applied to all oxidized servers"
 
-default_attributes(
-  :accounts => {
-    :users => {
-      :oxidized => {
-        :status => :role,
-        :members => [:grant, :tomh]
-      }
-    }
-  }
-)
-
 run_list(
   "recipe[oxidized]"
 )
-- 
2.39.5