Creating users/service accounts that can interact with DBus and systemd

I am using NixOS to define a server that runs numerous services through systemd. One such service is a job queue, which should be itself able to start jobs as new transient units through systemd. I am using systemd’s DBus API to do this.

The job queue service runs under a user called job-queue, defined approximately as follows.

users.users.job-queue = {
      isNormalUser = true;
      group = "job-queue";
      home = "/var/lib/job-queue";
users.groups.job-queue = {};
systemd.tmpfiles.rules = [ "f /var/lib/systemd/linger/job-queue" ];

So far I have not been able to get this to work as hoped. It seems that to communicate with anything (including systemd) over DBus, you must first have an XDG_RUNTIME_DIR (e.g. /run/user/1001) containing a DBus socket and other resources. However, this is only created when you manually log into the user for the first time.

With the linger configuration above, I can at least get this folder to hang around after closing the login session. But I’d really like everything to work on first deployment without any manual intervention. Ideally maybe I could even set isSystemUser = true on the job-queue user?

It feels like there must be a better way to approach this. Any pointers are appreciated. Happy to clarify anything that’s unclear here.