This was a huge hassle. I really wanted to see it working under a
non-root user since it writes files, but that ended up being impossible
because of several bugs in podman's rootless integration with NixOS.
I've kept pieces of the logic around and commented out in case I can fix
it in the future as it would be more secure.
I also tried to connect to Postgres over the unix domain socket, but the
problem here is that the container is built to run as root and I'd need
to do some elaborate mapping of the root user inside the container, the
non-root user outside the container, and the Postgres auth scheme.
This would be great stuff to sort out, but I'm out of time now to work
on it.
Most things work on this commit, except the integration between
collabora and seafile. I think it might be related to the timezone
change I made and a lack of access_token being passed in the URL.
I'm going to test that with a reboot. But first, checkpoint!
