diff --git a/nix/checks/flake-module.nix b/nix/checks/flake-module.nix
index 5a569d1..d5663aa 100644
--- a/nix/checks/flake-module.nix
+++ b/nix/checks/flake-module.nix
@@ -10,6 +10,7 @@
         in
         {
           master = import ./master.nix checkArgs;
+          worker = import ./worker.nix checkArgs;
         };
     };
 }
diff --git a/nix/checks/worker.nix b/nix/checks/worker.nix
new file mode 100644
index 0000000..39fb20f
--- /dev/null
+++ b/nix/checks/worker.nix
@@ -0,0 +1,21 @@
+(import ./lib.nix) {
+  name = "from-nixos";
+  nodes = {
+    # `self` here is set by using specialArgs in `lib.nix`
+    node1 = { self, config, pkgs, ... }: {
+      imports = [
+        self.nixosModules.buildbot-worker
+      ];
+      services.buildbot-nix.worker = {
+        enable = true;
+        workerPasswordFile = pkgs.writeText "password" "password";
+      };
+    };
+  };
+  # This is the test code that will check if our service is running correctly:
+  testScript = ''
+    start_all()
+    # wait for our service to start
+    node1.wait_for_unit("buildbot-worker")
+  '';
+}
diff --git a/nix/worker.nix b/nix/worker.nix
index a087edf..2fdf3eb 100644
--- a/nix/worker.nix
+++ b/nix/worker.nix
@@ -32,6 +32,12 @@ in
   };
   config = lib.mkIf cfg.enable {
     nix.settings.extra-allowed-users = [ "buildbot-worker" ];
+
+    # Allow buildbot-worker to create gcroots
+    systemd.tmpfiles.rules = [
+      "d /nix/var/nix/gcroots/per-user/${config.users.users.buildbot-worker.name} 0755 ${config.users.users.buildbot-worker.name} root - -"
+    ];
+
     users.users.buildbot-worker = {
       description = "Buildbot Worker User.";
       isSystemUser = true;