switch dufs user to nfs user

shared/modules/services/dufs.nix

@@ -41,13 +41,13 @@ in
     user = lib.mkOption {
       type = lib.types.str;
       default = "dufs";
-      description = "User to run dufs service as";
+      description = "User to run dufs service as (should match NFS share owner)";
     };
 
     group = lib.mkOption {
       type = lib.types.str;
       default = "dufs";
-      description = "Group to run dufs service as";
+      description = "Group to run dufs service as (should match NFS share group)";
     };
 
     publicInstance = {
@@ -166,20 +166,20 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    # Create dufs user and group
+    # Create dufs user and group only if using default user/group
-    users.users.${cfg.user} = {
+    users.users.${cfg.user} = lib.mkIf (cfg.user == "dufs") {
       isSystemUser = true;
       group = cfg.group;
       extraGroups = [ "users" ];  # Add to users group for access to shared files
       description = "dufs file server user";
     };
 
-    users.groups.${cfg.group} = {};
+    users.groups.${cfg.group} = lib.mkIf (cfg.group == "dufs") {};
 
-    # Ensure proper ownership of dufs directories
+    # Ensure directories exist (ownership should be managed by NFS or external system)
     systemd.tmpfiles.rules = [
-      "d ${cfg.servePathPublic} 0755 ${cfg.user} ${cfg.group} -"
+      "d ${cfg.servePathPublic} 0755 - - -"
-      "d ${cfg.servePathPrivate} 0755 ${cfg.user} ${cfg.group} -"
+      "d ${cfg.servePathPrivate} 0755 - - -"
     ];
 
     # Public read-only instance

shared/server-configuration.nix

@@ -179,6 +179,8 @@ in
     services.dufs = {
       enable = true;
       openFirewall = true;
+      user = "kage";
+      group = "users";
 
       # Public read-only instance
       publicInstance = {