Users and groups used within Podman containers are usually assigned UID
and GID 10000. Files for these containers are sometimes served by Nginx,
and may be given permissions that restrict access to those outside the
group, but which are intended to be served nonetheless.
This commit adds the pre-defined `nginx` user to a `nginx-shared` group
with GID 10000, which will then allow access to these files as needed.
This enables the `web_directory` and `web_url` options for Spectrum,
which has media shared by legacy protocol buddies be re-hosted by
Spectrum, and shared by a dedicated volume.
This, in turn, is served by the `nginx-serve-volume@spectrum-media`
service, which is intended to be proxied under the same host used for
Prosody. Documentation for the integration will be added in future
commits.
We no longer copy service directories into `/etc/coreos-home-server` if
these have not had their respective `spec.bu` files included; these
directories are not needed in these cases, and would be erroneously
considered as eligible in subsequent `coreos-home-server-update`
invocations.
This commit contains a fairly large diff for a fairly small change:
moving the `config/common` directory to `host/base` to better reflect
its intended use, and promoting `config/service` to the root directory.
These changes unlock some improvements in `coreos-home-server-update`
processes, which will (assuming `/etc/coreos-home-server/base` exists)
keep host-wide systemd services in sync in addition to service-specific
ones.
Changes have been make to the `Makefile` and a few other places where
`config/common` was referenced, but most of this work is renames that
are not intended to break compatibility with new or running servers.