From 2ef804fa1051268d25f3a26cdaa39cee73b9a259 Mon Sep 17 00:00:00 2001
From: Conrad Kramer <conrad@conradkramer.com>
Date: Sun, 19 Apr 2026 01:20:55 -0700
Subject: [PATCH] Use runuser for Zulip Postgres bootstrap

---
 nixos/modules/burrow-zulip.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/burrow-zulip.nix b/nixos/modules/burrow-zulip.nix
index 3417925..23ce77b 100644
--- a/nixos/modules/burrow-zulip.nix
+++ b/nixos/modules/burrow-zulip.nix
@@ -179,7 +179,7 @@ in
         pkgs.bash
         pkgs.coreutils
         pkgs.python3
-        pkgs.shadow
+        pkgs.util-linux
       ];
       serviceConfig = {
         Type = "oneshot";
@@ -205,7 +205,7 @@ END
 ALTER ROLE zulip WITH LOGIN PASSWORD '$db_password_sql';
 SQL
 
-        ${pkgs.shadow}/bin/su postgres -s ${pkgs.bash}/bin/bash -c "psql -v ON_ERROR_STOP=1 -f '$setup_sql'"
+        ${pkgs.util-linux}/bin/runuser -u postgres -- psql -v ON_ERROR_STOP=1 -f "$setup_sql"
       '';
     };