fix: got permissions "working" for teh password reset, not ideal though

applications/ldap.nix

@@ -54,7 +54,11 @@ Gonna use a priper nixos module for this
     };
 
     # openldap
-    age.secrets.ldap_self_service.file = ../secrets/ldap/self_service.age;
+    age.secrets.ldap_self_service = {
+      file = ../secrets/ldap/self_service.age;
+      # not ideal but non admins should never be on this system
+      mode = "444";
+    };
 
     skynet_dns.records.cname = [
       "${cfg.subdomain}  CNAME   ${cfg.host.name}"
@@ -156,13 +160,10 @@ Gonna use a priper nixos module for this
       backend = "docker";
       projects = {
         ldap_reset.settings.services.ldap_reset.service = {
+          user = "root";
           image = "docker.io/ltbproject/self-service-password:1.5.3";
             # setting these here as they arent special
-            environment = {
-              # this is what it last ran on
-              SPIGOT_VER="1.18.2";
-              EULA="true";
-            };
+
 
             # where the config files are stored
             volumes = [