From feed9154c0ccd8b42b46cc7ddcc65e46fb08eed4 Mon Sep 17 00:00:00 2001
From: Peter Hoeg <peter@hoeg.com>
Date: Mon, 23 Oct 2017 16:50:20 +0800
Subject: [PATCH 1/3] kbfs: normal users only

---
 nixos/modules/services/network-filesystems/kbfs.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/network-filesystems/kbfs.nix b/nixos/modules/services/network-filesystems/kbfs.nix
index 7b2eea3b5850..263b70d04a56 100644
--- a/nixos/modules/services/network-filesystems/kbfs.nix
+++ b/nixos/modules/services/network-filesystems/kbfs.nix
@@ -48,6 +48,7 @@ in {
       requires = [ "keybase.service" ];
       after = [ "keybase.service" ];
       path = [ "/run/wrappers" ];
+      unitConfig.ConditionUser = "!@system";
       serviceConfig = {
         ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}";
         ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}";

From 8b846473be221e19275badab3d521692bc5207c3 Mon Sep 17 00:00:00 2001
From: Peter Hoeg <peter@hoeg.com>
Date: Mon, 23 Oct 2017 16:50:29 +0800
Subject: [PATCH 2/3] keybase: normal users only

---
 nixos/modules/services/networking/keybase.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix
index 7c7982ee8eac..e656ce689dee 100644
--- a/nixos/modules/services/networking/keybase.nix
+++ b/nixos/modules/services/networking/keybase.nix
@@ -26,6 +26,7 @@ in {
 
     systemd.user.services.keybase = {
       description = "Keybase service";
+      unitConfig.ConditionUser = "!@system";
       serviceConfig = {
         ExecStart = ''
           ${pkgs.keybase}/bin/keybase -d service --auto-forked

From 0f04bbdc31f75031602d384adedb7292c720e44d Mon Sep 17 00:00:00 2001
From: Peter Hoeg <peter@hoeg.com>
Date: Mon, 23 Oct 2017 16:54:00 +0800
Subject: [PATCH 3/3] ssh-agent: normal users only

---
 nixos/modules/programs/ssh.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index e0fbba897fa4..775bf4276451 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -202,6 +202,7 @@ in
     systemd.user.services.ssh-agent = mkIf cfg.startAgent
       { description = "SSH Agent";
         wantedBy = [ "default.target" ];
+        unitConfig.ConditionUser = "!@system";
         serviceConfig =
           { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
             ExecStart =