diff --git a/systems/palatine-hill/garage.nix b/systems/palatine-hill/garage.nix
index 1a9cf9c..beac54e 100644
--- a/systems/palatine-hill/garage.nix
+++ b/systems/palatine-hill/garage.nix
@@ -50,8 +50,20 @@ in
     ];
     preStart = ''
       mkdir -p ${basePath}/meta ${basePath}/data
+      chown -R garage:garage ${basePath}/meta ${basePath}/data
     '';
-    serviceConfig.PermissionsStartOnly = true;
+    serviceConfig = {
+      PermissionsStartOnly = true;
+      DynamicUser = false;
+      User = "garage";
+      Group = "garage";
+    };
+  };
+
+  users.groups.garage = { };
+  users.users.garage = {
+    isSystemUser = true;
+    group = "garage";
   };
 
   sops.secrets = {