From b9b12b2bdc95bee3dc6a9f7bf52beddc22da00c3 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 2 Mar 2026 19:18:17 +0000
Subject: [PATCH] Configure chefrepo user directly using chef resources

---
 cookbooks/chef/recipes/repository.rb | 14 ++++++++++++++
 roles/chef-repository.rb             |  5 +++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/cookbooks/chef/recipes/repository.rb b/cookbooks/chef/recipes/repository.rb
index c65ec7bde..0a947df1b 100644
--- a/cookbooks/chef/recipes/repository.rb
+++ b/cookbooks/chef/recipes/repository.rb
@@ -22,6 +22,20 @@ include_recipe "git"
 
 keys = data_bag_item("chef", "keys")
 
+group "chefrepo" do
+  gid 507
+  append true
+end
+
+user "chefrepo" do
+  uid 507
+  gid 507
+  comment "chef.openstreetmap.org"
+  home "/var/lib/cinc"
+  shell "/usr/sbin/nologin"
+  manage_home false
+end
+
 chef_gem "bundler" do
   version ">= 2.1.4"
 end
diff --git a/roles/chef-repository.rb b/roles/chef-repository.rb
index 550217d42..433c3f7cf 100644
--- a/roles/chef-repository.rb
+++ b/roles/chef-repository.rb
@@ -23,9 +23,10 @@ default_attributes(
       :yellowbkpk => {
         :status => :user,
         :shell => "/usr/bin/git-shell"
-      },
+      }
+    },
+    :groups => {
       :chefrepo => {
-        :status => :role,
         :members => [
           :tomh, :grant, :matt, :jburgess, :lonvia, :yellowbkpk, :bretth, :jochen, :stereo, :pnorman
         ]
-- 
2.39.5