From b744fee8805876a96c816aa1ec425160d63c3cab Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tom@codedown.io>
Date: Sun, 25 Sep 2022 05:07:50 -0600
Subject: [PATCH] Re-add `DynamicUser = true` per review discussion

---
 .../continuous-integration/github-runner/service.nix        | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/continuous-integration/github-runner/service.nix b/nixos/modules/services/continuous-integration/github-runner/service.nix
index eb1f9caddae1..208ada4f31a3 100644
--- a/nixos/modules/services/continuous-integration/github-runner/service.nix
+++ b/nixos/modules/services/continuous-integration/github-runner/service.nix
@@ -238,7 +238,11 @@ with lib;
     # You may want to set this to `true` if not using coverage tooling on
     # compiled code
     LockPersonality = false;
+
+    # Note that this has some interactions with the User setting; so you may
+    # want to consult the systemd docs if using both.
+    DynamicUser = true;
   } // (
-    if cfg.user == null then { DynamicUser = true; } else { User = cfg.user; }
+    lib.optionalAttrs (cfg.user != null) { User = cfg.user; }
   ) // cfg.serviceOverrides;
 }