I think it is configured in guix-configuration from the guix service type
https://guix.gnu.org/manual/en/html_node/Base-Services.html
there is a tmpdir option there ("A directory path where the guix-daemon will perform builds").
I have not tried this, but something like this on your list of services
(service guix-service-type
(guix-configuration
(tmpdir "/whatever")))
As usual for any big changes it is best to try running the operating system spec in a vm with guix system vm to see if it boots up ok.
Not sure which docs you are looking at, but my preferred description for this part is SMP
The previous message already pointed out the main point - communication happens via queues our clients knows to belong to the destination, and these queues are temporary. This means even if an attacker determines the queue belongs to a specific person it can be changed and even then it does not reveal who is the other contact using the queue.
A few more bits to consider:
So there are IDs but hopefully they are not useful for an attacker.
Now to answer your question. There are IDs but for a message to be delivered to the wrong person the following would need to happen
Caveats - the client app must be well implemented and NEVER reuse keys. Likewise the server must not reuse queue IDs.
I think I got my assumptions right. When in doubt check the 2nd link for a long step by step description of the protocol