diff --git a/nixos/modules/appvm.nix b/nixos/modules/appvm.nix
index 977115c..a81b2af 100644
--- a/nixos/modules/appvm.nix
+++ b/nixos/modules/appvm.nix
@@ -55,6 +55,12 @@ in
       ];
     };
 
+    user = mkOption {
+      description = "Limit running this agent only in session of user with this UID.";
+      type = types.int;
+      default = 1000;
+    };
+
     socketProxy = mkOption {
       description = ''
         Optional socket proxy module. If not provided, the module will not use a socket proxy.
@@ -141,6 +147,7 @@ in
       after = [ "sockets.target" ];
       wants = [ "sockets.target" ];
       wantedBy = [ "default.target" ];
+      unitConfig.ConditionUser = "${cfg.user}";
       serviceConfig = {
         Type = "exec";
         ExecStart = "${givc-agent}/bin/givc-agent";