diff --git a/nixosConfigurations/services/benefice.nix b/nixosConfigurations/services/benefice.nix
index 8a90bc7..75e5b31 100644
--- a/nixosConfigurations/services/benefice.nix
+++ b/nixosConfigurations/services/benefice.nix
@@ -32,6 +32,13 @@ with flake-utils.lib.system; let
       sops.secrets.oidc-secret.sopsFile = "${self}/hosts/${config.networking.fqdn}/oidc-secret";
 
       systemd.services.benefice = self.lib.systemd.withSecret config pkgs "benefice" "oidc-secret";
+
+      # Workaround for https://github.com/profianinc/infrastructure/issues/109
+
+      users.groups.benefice = {};
+
+      users.users.benefice.isSystemUser = true;
+      users.users.benefice.group = config.users.groups.benefice.name;
     })
   ];
 
diff --git a/nixosConfigurations/services/steward.nix b/nixosConfigurations/services/steward.nix
index 7262a33..c9eb5df 100644
--- a/nixosConfigurations/services/steward.nix
+++ b/nixosConfigurations/services/steward.nix
@@ -23,6 +23,13 @@ with flake-utils.lib.system; let
       sops.secrets.key.sopsFile = "${self}/hosts/${config.networking.fqdn}/steward.key";
 
       systemd.services.steward = self.lib.systemd.withSecret config pkgs "steward" "key";
+
+      # Workaround for https://github.com/profianinc/infrastructure/issues/109
+
+      users.groups.steward = {};
+
+      users.users.steward.isSystemUser = true;
+      users.users.steward.group = config.users.groups.steward.name;
     })
   ];