From 2a3cb407b04d322fd72bedc74b2751c40c36b4f1 Mon Sep 17 00:00:00 2001
From: Phillip Cloud <cloud@standard.ai>
Date: Sat, 23 Jan 2021 18:20:17 -0500
Subject: [PATCH] nixos/nomad: only set User if privileges are dropped

---
 nixos/modules/services/networking/nomad.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/nomad.nix b/nixos/modules/services/networking/nomad.nix
index 87b4ff18818..60fefa2a1da 100644
--- a/nixos/modules/services/networking/nomad.nix
+++ b/nixos/modules/services/networking/nomad.nix
@@ -137,7 +137,7 @@ in
           Restart = "on-failure";
           RestartSec = 2;
           TasksMax = "infinity";
-          User = "nomad";
+          User = optionalString cfg.dropPrivileges "nomad";
         }
         (mkIf cfg.enableDocker {
           SupplementaryGroups = "docker"; # space-separated string