diff --git a/.gitea/workflows/kubeadm-bootstrap.yml b/.gitea/workflows/kubeadm-bootstrap.yml
index fe9f126..febe98c 100644
--- a/.gitea/workflows/kubeadm-bootstrap.yml
+++ b/.gitea/workflows/kubeadm-bootstrap.yml
@@ -103,6 +103,16 @@ jobs:
             mkdir -p /nix
             chown root:root /nix
             chmod 0755 /nix
+
+            if ! getent group nixbld >/dev/null 2>&1; then
+              groupadd --system nixbld
+            fi
+
+            for i in $(seq 1 10); do
+              if ! id "nixbld$i" >/dev/null 2>&1; then
+                useradd --system --gid nixbld --no-create-home --home-dir /var/empty --shell /usr/sbin/nologin "nixbld$i"
+              fi
+            done
           fi
           sh <(curl -L https://nixos.org/nix/install) --no-daemon
 
diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index f6b98b1..04eaa6c 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -104,6 +104,16 @@ jobs:
               mkdir -p /nix
               chown root:root /nix
               chmod 0755 /nix
+
+              if ! getent group nixbld >/dev/null 2>&1; then
+                groupadd --system nixbld
+              fi
+
+              for i in $(seq 1 10); do
+                if ! id "nixbld$i" >/dev/null 2>&1; then
+                  useradd --system --gid nixbld --no-create-home --home-dir /var/empty --shell /usr/sbin/nologin "nixbld$i"
+                fi
+              done
             fi
             sh <(curl -L https://nixos.org/nix/install) --no-daemon
           fi