diff --git a/nixos/server/package-configs/mollysocket/default.nix b/nixos/server/package-configs/mollysocket/default.nix
index 3baf77d..2a1bb35 100644
--- a/nixos/server/package-configs/mollysocket/default.nix
+++ b/nixos/server/package-configs/mollysocket/default.nix
@@ -1,6 +1,11 @@
-{config, ...}: {
+{config, ...}: let
+  mollySocketUser = "mollysocket";
+in {
   sops.secrets."mollysocket-vapid-key".mode = "0440";
-  sops.secrets."mollysocket-vapid-key".owner = config.users.users.root.name;
+  sops.secrets."mollysocket-vapid-key" = {
+    owner = mollySocketUser;
+    group = mollySocketUser;
+  };
 
   services.mollysocket = {
     enable = true;
@@ -12,6 +17,10 @@
       webserver = true;
     };
   };
+  systemd.services.mollysocket.serviceConfig = {
+    User = mollySocketUser;
+    Group = mollySocketUser;
+  };
   services.nginx = {
     virtualHosts = {
       "molly.gladtherescake.eu" = {