From c6191c8abff1d3eef083619ee34b8bc60cba79ff Mon Sep 17 00:00:00 2001
From: Ben Wolsieffer <benwolsieffer@gmail.com>
Date: Tue, 21 Aug 2018 16:21:11 -0400
Subject: [PATCH] nixos/cfssl: don't create user/group unless service is
 enabled

---
 nixos/modules/services/security/cfssl.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/security/cfssl.nix b/nixos/modules/services/security/cfssl.nix
index 1eb2f65ba602..ee6d5d91fe15 100644
--- a/nixos/modules/services/security/cfssl.nix
+++ b/nixos/modules/services/security/cfssl.nix
@@ -146,7 +146,7 @@ in {
     };
   };
 
-  config = {
+  config = mkIf cfg.enable {
     users.extraGroups.cfssl = {
       gid = config.ids.gids.cfssl;
     };
@@ -159,7 +159,7 @@ in {
       uid = config.ids.uids.cfssl;
     };
 
-    systemd.services.cfssl = mkIf cfg.enable {
+    systemd.services.cfssl = {
       description = "CFSSL CA API server";
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];