diff --git a/machines/fuuko/services/matrix/go-neb.nix b/machines/fuuko/services/matrix/go-neb.nix
index cd06a1d..bf2220d 100644
--- a/machines/fuuko/services/matrix/go-neb.nix
+++ b/machines/fuuko/services/matrix/go-neb.nix
@@ -7,6 +7,12 @@ in
     go-neb-overrides.sopsFile = ../../secrets.yaml;
   };
 
+  users.users.go-neb = {
+    isSystemUser = true;
+    group = "go-neb";
+  };
+  users.groups.go-neb = { };
+
   services.go-neb = rec {
     enable = true;
     bindAddress = "127.0.0.1:8010";
@@ -64,6 +70,7 @@ in
     serviceConfig = {
       RuntimeDirectory = "go-neb";
       RuntimeDirectoryMode = "0750";
+      DynamicUser = lib.mkForce false;
       ExecStartPre =
         let
           baseConfig = pkgs.writeText "config-base.json" (builtins.toJSON config.services.go-neb.config);