nixos/buildkite-agent: add "user" option

This allows buildkite-agent to run as another user.

It'll still run builds from /var/lib/buildkite-agent and setup things in
there.

nixos/modules/services/continuous-integration/buildkite-agent.nix

@@ -29,6 +29,8 @@ let
     ${concatStringsSep "\n" (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks))}
   '';
 
+  defaultUser = "buildkite-agent";
+
 in
 
 {
@@ -56,6 +58,15 @@ in
         type = types.listOf types.package;
       };
 
+      user = mkOption {
+        type = types.str;
+        default = defaultUser;
+        description = ''
+          Set this option when you want to run the buildkite agent as something else
+          than the default user "buildkite-agent".
+        '';
+      };
+
       tokenPath = mkOption {
         type = types.path;
         description = ''
@@ -185,8 +196,8 @@ in
   };
 
   config = mkIf config.services.buildkite-agent.enable {
-    users.users.buildkite-agent =
+    users.users.buildkite-agent = mkIf (cfg.user == defaultUser) {
-      { name = "buildkite-agent";
+      name = "buildkite-agent";
       home = cfg.dataDir;
       createHome = true;
       description = "Buildkite agent user";
@@ -230,7 +241,7 @@ in
 
         serviceConfig =
           { ExecStart = "${cfg.package}/bin/buildkite-agent start --config /var/lib/buildkite-agent/buildkite-agent.cfg";
-            User = "buildkite-agent";
+            User = cfg.user;
             RestartSec = 5;
             Restart = "on-failure";
             TimeoutSec = 10;