diff --git a/aspects/hosts/_trantor/pocket-id.nix b/aspects/hosts/_trantor/pocket-id.nix
index 297424f..78f2d75 100644
--- a/aspects/hosts/_trantor/pocket-id.nix
+++ b/aspects/hosts/_trantor/pocket-id.nix
@@ -27,4 +27,17 @@ in
   age.secrets.pocket-id-key = {
     file = "${inputs.self}/secrets/pocket-id.key.age";
   };
+
+  environment.persistence.main.directories = [
+    {
+      directory = config.services.pocket-id.dataDir;
+      inherit (config.services.pocket-id) user group;
+      mode = "0700";
+    }
+  ];
+
+  systemd.services.pocket-id.serviceConfig = {
+    PrivateMounts = lib.mkForce false;
+    ProtectSystem = lib.mkForce false;
+  };
 }
diff --git a/secrets/pocket-id.key.age b/secrets/pocket-id.key.age
index 5d7fabe..5e17454 100644
Binary files a/secrets/pocket-id.key.age and b/secrets/pocket-id.key.age differ