diff --git a/module.nix b/module.nix
index d5b7896..41b5dc6 100644
--- a/module.nix
+++ b/module.nix
@@ -2,9 +2,8 @@
 let
   cfg = config.services.signal-irc-bridge;
   commonServiceOptions = {
-    DynamicUser = true;
-    User = "signal-irc-client";
-    Group = "nginx";
+    User = "signal-irc";
+    Group = "signal-irc";
     StateDirectory = "signal-cli";
     RuntimeDirectory = "signal-cli";
 
@@ -19,7 +18,7 @@ let
     ProtectProc="invisible";
     PrivateUsers=true;
     ProtectHome=true;
-    UMask="0077";
+    UMask="0027";
     RuntimeDirectoryMode="0750";
     StateDirectoryMode="0750";
   };
@@ -56,7 +55,7 @@ in {
           Restart = "always";
           RestartSec= "5s";
 
-          LoadCredentials = [ "config:${cfg.configFile}" ];
+          LoadCredential = [ "config:${cfg.configFile}" ];
 
           # Change state/runtime dirs because it deletes the socket else
           StateDirectory = "signal-irc";
@@ -74,5 +73,13 @@ in {
     environment.systemPackages = lib.mkIf cfg.enable [
       pkgs.signal-cli
     ];
+
+    users = lib.mkIf cfg.enable {
+      users.signal-irc = {
+        isSystemUser = true;
+        group = "signal-irc";
+      };
+      groups.signal-irc = {};
+    };
   };
 }