From 9f9e7c181c4aa3247b8b47febdd7f354ca492a0c Mon Sep 17 00:00:00 2001
From: Aaron Andersen <aaron@fosslib.net>
Date: Tue, 9 Feb 2021 20:48:23 -0500
Subject: [PATCH] nixos/nebula: conditionally provision the nebula user

---
 nixos/modules/services/networking/nebula.nix | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/nixos/modules/services/networking/nebula.nix b/nixos/modules/services/networking/nebula.nix
index 28504cded44c..663accc7464a 100644
--- a/nixos/modules/services/networking/nebula.nix
+++ b/nixos/modules/services/networking/nebula.nix
@@ -192,13 +192,15 @@ in
     networking.firewall.allowedUDPPorts = [ cfg.listen.port ];
 
     # Create the service user and its group.
-    users.users."nebula" = {
-      name = "nebula";
-      group = "nebula";
-      description = "Nebula service user";
-      isSystemUser = true;
-      packages = [ cfg.package ];
+    users = mkIf cfg.tun.disable {
+      users.nebula = {
+        group = "nebula";
+        description = "Nebula service user";
+        isSystemUser = true;
+        packages = [ cfg.package ];
+      };
+
+      groups.nebula = {};
     };
-    users.groups."nebula" = {};
   };
 }