diff --git a/agenix-config-module.nix b/agenix-config-module.nix
index 65160f5..6375348 100644
--- a/agenix-config-module.nix
+++ b/agenix-config-module.nix
@@ -16,7 +16,7 @@
   };
   age.secrets.OIDC_APP_SECRET_HEADSCALE = {
     file = ./secrets/samsehu_OIDC_APP_SECRET_HEADSCALE.age;
-    owner = "dex";
-    group = "dex";
+    owner = "headscale";
+    group = "headscale";
   };
 }
diff --git a/configuration.nix b/configuration.nix
index b8322e5..6053849 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -534,6 +534,11 @@
   };
 
   # Headscale for access to the network while away from home
+  users.users.headscale = {
+    isSystemUser = true;
+    group = "headscale";
+  };
+  users.groups.headscale = {};
   services.headscale = {
     enable = true;
     package = pkgs.juanfont-headscale.headscale;