Hi!

I ran into some trouble with the default username of the tandoor-recipes NixOS service (see config option services.tandoor-recipes.user), as it contains an underscore _. I managed to reproduce the error, see below:

Config snippet to create a deployment key accessible to user foo_bar.

  deployment.keys."foo-bar-secret" = {
    keyFile = ./secrets/foo-bar-secret.env;
    destDir = "/secrets";
    user = "foo_bar";
    permissions = "0400";
  };

When I try to build this configuration,

colmena build --on testSystem -v --show-trace

a validation error is raised:

[ERROR] Operation failed with error: Validation error

I did some research and think that the validation is too restrictive.

According to the POSIX standard, a username can consist of these characters:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -

The hyphen-minus character should not be used as the first character of a portable user name.

See https://serverfault.com/a/578264

What do you think about changing the username validation accordingly? Or is there some reason why it is done differently?