diff --git a/nixos/roles/gitea.nix b/nixos/roles/gitea.nix
index b3b0c6b..f35a87b 100644
--- a/nixos/roles/gitea.nix
+++ b/nixos/roles/gitea.nix
@@ -231,9 +231,9 @@ in
     ];
     text = ''
       mkdir -p /var/lib/gitea-runner/.config/sops/age
-      cp /home/phil/.config/nix/secrets/keys.txt /var/lib/gitea-runner/.config/sops/age/keys.txt
+      chown -R gitea-runner:gitea-runner /var/lib/gitea-runner
+      cp /home/${primaryUser}/.config/nix/secrets/keys.txt /var/lib/gitea-runner/.config/sops/age/keys.txt
       chmod 600 /var/lib/gitea-runner/.config/sops/age/keys.txt
-      chown -R gitea-runner:gitea-runner /var/lib/gitea-runner/.config
     '';
   };
 
@@ -250,6 +250,7 @@ in
         group = "gitea-runner";
         home = "/var/lib/gitea-runner";
         createHome = true;
+        homeMode = "750";
       };
       postgres.extraGroups = [ "gitea" ];
     };