I found a solution to the user-id problem. The key is to import agenix into the container. Here is a explaining example with radicale in a container:
{ agenix, ... }: {
containers."calendar" = {
autoStart = true;
# pass the private key to the container for agenix to decrypt the secret
bindMounts."/etc/ssh/ssh_host_ed25519_key".isReadOnly = true;
config = { config, lib, pkgs, ... }: {
imports = [ agenix.nixosModules.default ]; # import agenix-module into the nixos-container
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # isn't set automatically because we did not setup openssh
# import the secret
age.secrets."calendar-users" = {
file = ../secrets/calendar-users.age;
owner = "radicale";
};
services.radicale = {
enable = true;
settings = {
auth = {
type = "htpasswd";
htpasswd_filename = config.age.secrets."calendar-users".path; # use the secret
htpasswd_encryption = "plain";
};
# ...
};
};
};
};
}