nix: use static userborn

as it's upstream now

nixosModules/default.nix

@@ -18,31 +18,6 @@ let
     StandardError = "tty";
   };
   runtimeDir = "/run/vm-user";
-  userbornConfig = {
-    groups = lib.mapAttrsToList (username: opts: {
-      inherit (opts) name gid members;
-    }) config.users.groups;
-    users = lib.mapAttrsToList (username: opts: {
-      inherit (opts)
-        name
-        uid
-        group
-        description
-        home
-        password
-        hashedPassword
-        hashedPasswordFile
-        initialPassword
-        initialHashedPassword
-        ;
-      isNormal = opts.isNormalUser;
-      shell = utils.toShellPath opts.shell;
-    }) (lib.filterAttrs (_: u: u.enable) config.users.users);
-  };
-  userbornConfigJson = pkgs.writeText "userborn.json" (builtins.toJSON userbornConfig);
-  userbornResults =
-    pkgs.runCommand "baked userborn" { }
-      "mkdir -p $out; ${lib.getExe pkgs.userborn} ${userbornConfigJson} $out";
   system = pkgs.stdenv.hostPlatform.system;
 in
 {
@@ -166,23 +141,9 @@ in
     };
 
     # Configure user accounts
-    # The immutable overlay wants userborn or sysusers.. we just want baked-in files w/o running a service.
-    # So we can just run userborn at system closure build time!
     systemd.sysusers.enable = false;
     services.userborn.enable = true;
-    systemd.services.userborn.enable = false;
+    services.userborn.static = true;
-    environment.etc."passwd" = lib.mkForce {
-      source = "${userbornResults}/passwd";
-      mode = "0444";
-    };
-    environment.etc."group" = lib.mkForce {
-      source = "${userbornResults}/group";
-      mode = "0444";
-    };
-    environment.etc."shadow" = lib.mkForce {
-      source = "${userbornResults}/shadow";
-      mode = "0440";
-    };
     users.mutableUsers = false;
     users.users.appvm = {
       uid = 1337;