diff --git a/services/mail-server.nix b/services/mail-server.nix
index 86615ea..9b61126 100644
--- a/services/mail-server.nix
+++ b/services/mail-server.nix
@@ -52,6 +52,15 @@ in
       enableManageSieve = true;
     };
 
+    services.postfix = {
+      relayHost = "mailvps.nyanlout.re";
+      relayPort = 587;
+      config = {
+        smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
+        smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
+      };
+    };
+
     security.acme.certs = {
       "${cfg.domaine}" = {
         extraDomains = {
diff --git a/services/python-ci.nix b/services/python-ci.nix
index 2523d8f..5a6a4c4 100644
--- a/services/python-ci.nix
+++ b/services/python-ci.nix
@@ -12,6 +12,14 @@ in
 
   config = mkIf cfg.enable {
 
+    users.users = {
+      python-ci = {
+        isSystemUser = true;
+        group = "nogroup";
+        description = "Python CI user";
+      };
+    };
+
     systemd.services.python-ci = {
       description = "CI Nix en Python";
       requires = ["network-online.target"];
@@ -19,7 +27,7 @@ in
       environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";};
       path = with pkgs;[ nix gnutar gzip ];
       serviceConfig = {
-        DynamicUser = true;
+        User = "python-ci";
         StateDirectory = "python-ci";
         RuntimeDirectory = "python-ci";
         RuntimeDirectoryPreserve = "yes";