diff --git a/ops/nixos/lib/content.nix b/ops/nixos/lib/content.nix
index 2421c27aad..a6b50c6ffb 100644
--- a/ops/nixos/lib/content.nix
+++ b/ops/nixos/lib/content.nix
@@ -2,32 +2,38 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-{ lib, ... }:
+{ lib, config, ... }:
 {
-  users.users.content = {
-    isSystemUser = true;
-    group = "content";
-  };
-  users.groups.content = {};
+  config = lib.mkMerge [{
+    users.users.content = {
+      isSystemUser = true;
+      group = "content";
+    };
+    users.groups.content = {};
 
-  users.users.lukegb.extraGroups = [ "content" ];
-  users.users.sonarr.extraGroups = [ "content" ];
-  users.users.radarr.extraGroups = [ "content" ];
-  users.users.deluge.extraGroups = [ "content" ];
+    users.users.lukegb.extraGroups = [ "content" ];
+  } (lib.mkIf config.services.nginx.enable {
+    systemd.services.nginx.serviceConfig = {
+      SupplementaryGroups = [ "content" ];
+    };
+  }) (lib.mkIf config.services.sonarr.enable {
+    users.users.sonarr.extraGroups = [ "content" ];
+    systemd.services.sonarr.serviceConfig = {
+      UMask = "0002";
+      Group = lib.mkForce "content";
+    };
+  }) (lib.mkIf config.services.radarr.enable {
+    users.users.radarr.extraGroups = [ "content" ];
+    systemd.services.radarr.serviceConfig = {
+      UMask = "0002";
+      Group = lib.mkForce "content";
+    };
+  }) (lib.mkIf config.services.deluge.enable {
+    users.users.deluge.extraGroups = [ "content" ];
 
-  systemd.services.nginx.serviceConfig = {
-    SupplementaryGroups = [ "content" ];
-  };
-  systemd.services.deluged.serviceConfig = {
-    UMask = "0002";
-    Group = lib.mkForce "content";
-  };
-  systemd.services.sonarr.serviceConfig = {
-    UMask = "0002";
-    Group = lib.mkForce "content";
-  };
-  systemd.services.radarr.serviceConfig = {
-    UMask = "0002";
-    Group = lib.mkForce "content";
-  };
+    systemd.services.deluged.serviceConfig = {
+      UMask = "0002";
+      Group = lib.mkForce "content";
+    };
+  })];
 }