attic watch-store requires running as trusted user? #321
Description
I have nixos machine that's acting as a remote builder. I want all new derivations built on it to be automatically pushed to my cache. The watch-store command is perfect for that. I used https://github.com/nix-community/buildbot-nix/blob/main/examples/attic-watch-store.nix as inspiration how to run that command as a systemd service. However, I noticed it only works when the watch-store command runs as a trusted user. Is that expected? I couldn't find anything in the documentation that mentions that. The example uses systemd DynamicUser option, and copilot is claiming that my code (see below screenshot) is not correct. I can fix my systemd service definition (for example by defining a fixed user and not using DynamicUser), however I first want to have clarity on the requirements of the watch-store command.
