From 8e3c7f0efc494276ad29e561cdef0e78441c56b2 Mon Sep 17 00:00:00 2001
From: Yureka <yuka@yuka.dev>
Date: Mon, 22 Jul 2024 02:23:15 +0200
Subject: [PATCH] fix(module): disable dynamicuser again

---
 modules/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/default.nix b/modules/default.nix
index b316c70..cd44080 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -127,6 +127,7 @@ in
   config = lib.mkIf cfg.enable {
 
     environment.systemPackages = [ pkgs.tvix ];
+    users.users.tvix-castore = { };
     users.groups.tvix-castore = { };
 
     systemd.tmpfiles.rules = [ "d ${cfg.castoreDir} 770 root tvix-castore -" ];
@@ -143,7 +144,7 @@ in
             ExecStart = "${pkgs.tvix}/bin/tvix-store --otlp=false daemon --listen-address=\"${cache.grpcListenAddress}\"";
             StateDirectory = "tvix-daemon-${cache.name}";
             RuntimeDirectory = "tvix-daemon-${cache.name}";
-            DynamicUser = true;
+            User = "tvix-castore";
             Group = "tvix-castore";
             ReadWritePaths = cfg.castoreDir;
           } // systemdHardening;
@@ -158,7 +159,7 @@ in
           serviceConfig = {
             UMask = "007";
             ExecStart = "${pkgs.tvix}/bin/nar-bridge --otlp=false --listen-address=\"${cache.narBridgeListenAddress}\"";
-            DynamicUser = true;
+            User = "tvix-castore";
             Group = "tvix-castore";
             RuntimeDirectory = "narbridge-${cache.name}";
             ReadWritePaths = cfg.castoreDir;